This guide will show you how to install a OpenVPN server with port forwarding aka open ports.
This is great for Perfect Dark, Retroshare, or Torrent uploading where having an open port is required.
Requirements:
- Linux Server or VPS with Centos, Ubuntu, Debian. If you need a VPS for VPN please see our plans here.
- Public Static IPv4
- Time
First install your desired OS (Centos, Ubuntu, Debian)
Once installed you will want to ensure the server is updated fully. If not doing this as root please add sudo to all commands.
For Centos
yum update -y
For Ubuntu/Debian
apt-get update && apt-get upgrade
Once that is done you will want to install a few required packages if there not currently installed.
For Centos
yum install nano wget curl htop -y
For Ubuntu/Debian
apt-get install htop nano wget curl -y
check for IPv4 forwarding enabled
can check for this by using the below command and looking for “net.ipv4.ip_forward = 0” and change to “net.ipv4.ip_forward = 1”
nano /etc/sysctl.conf
Or alternatively use the below command to add it to end of file if not enabled/commented out.
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
Then use this command to make it active.
sysctl -p
Install Openvpn and make script executable
wget https://raw.githubusercontent.com/Angristan/OpenVPN-install/master/openvpn-install.sh
chmod +x openvpn-install.sh
Start Openvpn installer and create users
See the source guide for details and explanation of options > https://github.com/Angristan/OpenVPN-install
./openvpn-install.sh
Create Openvpn ccd folder for storing user profiles
mkdir /etc/openvpn/ccd
Ceate the IP Pool persistent text
nano /etc/openvpn/ipp.txt
The OpenVPN Server Configuration should look like the below. Note the “verb 0” for 0 logging and the “push “dhcp-option DNS 176.103.130.130″” which can be your desired DNS servers pushed to clients to prevent leaks. In this case were using Adguard DNS to block ads at the DNS level to speed up connections.
port 443
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt 0
push "dhcp-option DNS 176.103.130.130"
push "dhcp-option DNS 176.103.130.131"
push "redirect-gateway def1 bypass-dhcp"
crl-verify crl.pem
ca ca.crt
cert server_LZAWi5RVmWxVAdJa.crt
key server_LZAWi5RVmWxVAdJa.key
tls-auth tls-auth.key 0
dh dh.pem
auth SHA256
cipher AES-256-CBC
tls-server
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
status openvpn.log
verb 0
client-config-dir /etc/openvpn/ccd
To modify these values to your liking or to match the above.
nano /etc/openvpn/server.conf
To created your first client configuration. Replace user1 with the exact username from the user created via the script earlier.
nano /etc/openvpn/ccd/user1
Add the below for the first user1
ifconfig-push 10.8.0.2 255.255.255.0
CCD example content for additional users
ifconfig-push 10.8.0.2 255.255.255.0 > used for user1
ifconfig-push 10.8.0.3 255.255.255.0
ifconfig-push 10.8.0.4 255.255.255.0
ifconfig-push 10.8.0.5 255.255.255.0
ifconfig-push 10.8.0.6 255.255.255.0
ifconfig-push 10.8.0.7 255.255.255.0
Setup the Persistent IP Pool file. This ensures clients have static internal IP addresses for when we setup port forwards for clients it sticks to their static internal IP.
nano /etc/openvpn/ipp.txt
Set the below values with the matching usernames from the CCD file and script generated usernames.
user1,10.8.0.2
user2,10.8.0.3
user3,10.8.0.4
user4,10.8.0.5
user5,10.8.0.6
user6,10.8.0.7
Setup Port Forwarding for user1 find/replace YourVPSIPHere with your server/VPS IP. This will open port 32400 to the user1 internal vpn IP
iptables -t nat -A PREROUTING -d YourVPSIPHere -p tcp --dport 32400 -j DNAT --to-dest 10.8.0.2:32400
iptables -t filter -A INPUT -p tcp -d 10.8.0.2 --dport 32400 -j ACCEPT
Setup Port Forwarding for user2
iptables -t nat -A PREROUTING -d YourVPSIPHere -p tcp --dport 2634 -j DNAT --to-dest 10.8.0.3:2634
iptables -t filter -A INPUT -p tcp -d 10.8.0.3 --dport 2634 -j ACCEPT
Setup Port Forwarding for user3
iptables -t nat -A PREROUTING -d YourVPSIPHere -p tcp --dport 4634 -j DNAT --to-dest 10.8.0.4:4634
iptables -t filter -A INPUT -p tcp -d 10.8.0.4 --dport 4634 -j ACCEPT
Setup Port Forwarding for user4
iptables -t nat -A PREROUTING -d YourVPSIPHere -p tcp --dport 4634 -j DNAT --to-dest 10.8.0.5:4834
iptables -t filter -A INPUT -p tcp -d 10.8.0.5 --dport 4834 -j ACCEPT
Setup Port Forwarding for user5
iptables -t nat -A PREROUTING -d YourVPSIPHere -p tcp --dport 4934 -j DNAT --to-dest 10.8.0.6:4934
iptables -t filter -A INPUT -p tcp -d 10.8.0.6 --dport 4934 -j ACCEPT
Setup Port Forwarding for user6
iptables -t nat -A PREROUTING -d YourVPSIPHere -p tcp --dport 5034 -j DNAT --to-dest 10.8.0.7:5034
iptables -t filter -A INPUT -p tcp -d 10.8.0.7 --dport 5034 -j ACCEPT
Now this is important to save the iptables there is a package that needs installed so they persist on reboot. Source
apt-get install iptables-persistent
If adding additional rules later on and need to save manually
iptables-save
To start/stop/restart openvpn
service openvpn start
service openvpn stop
service openvpn restart
We hope you enjoyed the guide and find it useful.
Category:Proxy
