All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Implementing openvpn client on your IoS/Android
Hi All,
I would like to share my experiment about how to build the openvpn server and openvpn client on IoS and Android.
Assuming the openvpn already installed and tun/tap enabled on your vps.
1. COPYING THE EASY RSA INTO /etc/openvpn
root@vpsny:/etc/openvpn# cp -r /usr/share/doc/openvpn/examples/easy-rsa .
root@vpsny:/etc/openvpn# cd easy-rsa/2.0/
root@vpsny:/etc/openvpn/easy-rsa/2.0# . ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys
root@vpsny:/etc/openvpn/easy-rsa/2.0# ./clean-all
2. BUILDING THE CERTIFICATE
root@vpsny:/etc/openvpn/easy-rsa/2.0# ./build-ca
root@vpsny:/etc/openvpn/easy-rsa/2.0# ./build-key-server SERVER
root@vpsny:/etc/openvpn/easy-rsa/2.0# ./build-key CLIENT
root@vpsny:/etc/openvpn/easy-rsa/2.0# ./build-dh
3. COPYING THE CERTIFICATE TO /etc/openvpn
root@vpsny:/etc/openvpn/easy-rsa/2.0# cp -r keys /etc/openvpn/
4. MAKING THE CONF for port 9500 udp (the port number is your choice)
root@vpsny:/etc/openvpn# cat 9500-udp.conf
port 9500
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/SERVER.crt
key /etc/openvpn/keys/SERVER.key
dh /etc/openvpn/keys/dh1024.pem
client-cert-not-required
username-as-common-name
server 10.10.10.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
ifconfig-pool-persist ipp.txt
keepalive 3 10
comp-lzo adaptive
user nobody
group users
persist-key
persist-tun
plugin /usr/lib/openvpn/openvpn-auth-pam.so /etc/pam.d/login
status openvpn-status1.log
log /var/log/openvpn1.log
log-append /var/log/openvpn1.log
script-security 3
cipher AES-256-CBC
duplicate-cn
verb 3
The server 10.10.10.0, it will be giving to client as their ip address
push redirect-gateway is your server will be acting as internet gateway of your client
5. MAKING the configuration for client, named as OVN-NY-LET.conf (as example) set as UDP and port number 9500 (as we setup)
tls-client
dev tun0
remote ###your-vps-server-address### 9500
resolv-retry infinite
nobind
persist-key
persist-tun
keepalive 3 10
<ca>
-----BEGIN CERTIFICATE-----
-- copy and paste your ca certificate to here
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-- copy and paste your client certificate to here
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
-- copy and paste your client key to here
-----END RSA PRIVATE KEY-----
</key>
comp-lzo yes
verb 3
auth-user-pass
cipher AES-256-CBC
The CERT was gotten from CLIENT.crt and The KEY was gotten from CLIENT.key (on your VPS /etc/openvpn/key/)
6. Copying your OVN-NY-LET.conf to IoS or Android.
7. Create user on your vps for the openvpn connection
8. echo 1 > /proc/sys/net/ipv4/ip_forward
9. enable the masquerade for client -> iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -j MASQUERADE
Please give me some corrections if there are some mistakes on this guidance.
Comments
I always used this script: http://www.putdispenserhere.com/openvpn-debianubuntu-setup-script-for-openvz/
making easier , I will try it then.