Configure OpenVPN Server
Okay, I am just going to lay out a few things here on the front end.
There are two “modes” the OpenVPN server can run int. TAP and TUN – if you want to research the differences you can (they are significant if you have a particular need of one or the other) but as stated at the beginning of this guide, my goal is to get you the most simplistic configuration possible –WITH– active directory authentication. To that end, we are going to be using “TUN” mode as it is, imho, a less involved setup and the overall end-performance should be slightly better.
On my box I opted to use UDP however I am reconsidering switching to TCP. For this tutorial we will stick to UDP though. If you decide to switch to TCP later on, remember you need to, in most cases, add explicit separate firewall rules to allow TCP traffic (if you only opened up UDP ports earlier).
Now… the general method on most tutorials is to have you copy the template server.conf file and edit it. However for simplicity sake I am going to have you go about it a different way.
If you ever need to access the example server.conf it can be found here: usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz (for some reason they compress it, you can uncompress with “gzip -d”)
In one stroke we can create an empty file and start editing it. To do so, use the following:
VIM should now be open inside of a blank document. Put yourself insert mode in the text editor and copy and paste the following, verbatim, into your document.
local 192.168.20.15 #EDIT THIS LINE - ENTER THE IP OF YOUR SERVERS LOCAL INTERFACE THAT WILL SERVE OPENVPN
port 1240 #EDIT THIS LINE - ENTER THE PORT NUMBER YOU ARE GOING TO SERVE OPENVPN ON
#CERTS AND TUNNEL SECURITY
tls-auth ta.key 0
#OPENVPN DAEMON SECURITY
#CONNECTED CLIENT/IP/TRAFFIC CONFIG
server 10.8.0.0 255.255.255.0
keepalive 10 120
verb 4 #4 is considered standard for this setting, 6 is a bit verbose, 9 is max.
#ROUTE ALL TRAFFIC THROUGH TUNNEL
#push "redirect-gateway def1 bypass-dhcp"
#push "dhcp-option DNS 192.168.20.1"
#DISABLE CERT AUTHENTICATION
#LDAP (Active Directory Authentication) PLUGIN
#plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth/auth-ldap.conf
As you can probably see from the above, currently you only need to edit the top TWO lines with your server’s IP and Port for openvpn. This configuration is KNOWN GOOD and will work with the client config I am going to provide on the next page. Go ahead and edit the IP and port numbers and then save and close the file. Then:
service openvpn restart