Dynamic DNS and Openvpn server

print

Dynamic DNS and Openvpn server

 

################################################
#### Dynamic DNS from website http://www.no-ip.com/
################################################

# First, create an account over at http://www.no-ip.com/ then goto
# https://www.no-ip.com/members/dns/ and click “add a host”.
# Then use this lazy command list for pi.

sudo bash
cd /usr/local/src/
wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
tar xf noip-duc-linux.tar.gz
cd noip-2.1.9-1/
make install

# Add a new text line /usr/local/bin/noip2 into file /etc/rc.local
# just before its last line “exit 0″ so no-ip starts automatically after reboot
nano /etc/rc.local

/usr/local/bin/noip2

#CTRL+o ENTER # write output, save in other words
#CTRL+x # exit nano editor

# start it with
sudo /usr/local/bin/noip2

# check status with
sudo /usr/local/bin/noip2 -S

# kill it
sudo /usr/local/bin/noip2 -K ‘pid’ (get pid from -S)

# If you need to recreate the default config file
sudo /usr/local/bin/noip2 -C

################################################
#### Openvpn server and client from website http://openvpn.net
################################################

# Openvpn Based upon these blogs
http://wingloon.com/2012/05/25/how-to-i … ntication/

http://www.serverubuntu.it/openvpn-bridge-configuration

# Using SD card with “2012-08-08-wheezy-armel”
# Remember you gotta do port forwarding, not covered in this post
# Lets get started, start with an updated installation
sudo apt-get update

# Now install openvpn
sudo apt-get install openvpn -y
sudo mkdir /etc/openvpn/easy-rsa/
sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
sudo chown -R $USER /etc/openvpn/easy-rsa/

# You can put whatever you like in the vars file, just don’t leave these data fields blank
# I left everything as it was default, even “changeme” data
nano /etc/openvpn/easy-rsa/vars

# Now build certs and keys for server and client
# TIP: answer yes to sign and commit, leave everything else default
cd /etc/openvpn/easy-rsa/
source vars
./clean-all
./build-ca
./build-key-server server
./build-dh
./build-key clientpi

cd /etc/openvpn/easy-rsa/keys
sudo cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn
sudo mkdir $HOME/openvpn-client-files
sudo cp ca.crt clientpi.crt clientpi.key $HOME/openvpn-client-files
sudo mv $HOME/openvpn-client-files/ca.crt $HOME/openvpn-client-files/capi.crt
sudo chmod +r $HOME/openvpn-client-files/clientpi.key

# Now, copy the $HOME/openvpn-client-files directory using WinSCP to client Windows system:
# tip, I had to copy directory to C:\
# then directory contents clientpi.key, capi.crt clientpi.crt to
# C:\Program Files (x86)\OpenVPN\config
# windows 32bit will have a different OpenVPN directory
# C:\Program Files\OpenVPN\config

# in Windows, create a new text file called
# C:\Program Files (x86)\OpenVPN\config\raspberry.ovpn
# this is the OpenVPN client configuration

CODE: SELECT ALL
    client
dev tun
proto tcp
remote change_this_to_your_to_own_address_from_no-ip.com 34567
resolv-retry infinite
nobind
persist-key
persist-tun
ca capi.crt
cert clientpi.crt
key clientpi.key
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 3

# Back to the Raspberry Pi, create new file for server config
# Below is my OpenVPN server configuration saved as /etc/openvpn/server.conf
sudo nano /etc/openvpn/server.conf

CODE: SELECT ALL
    port 34567
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 5 30

# Nano editor TIP: CTRL+o writeout, in other words save the file
# CTRL+x exit

# uncomment to allow data redirect
sudo nano /etc/sysctl.conf

net.ipv4.ip_forward=1

# Make file for firewall setting
sudo nano /usr/local/bin/firewall.sh

CODE: SELECT ALL
    #!/bin/bash
iptables -t filter -F
iptables -t nat -F
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s "10.8.0.0/24" -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s "10.8.0.0/24" -j MASQUERADE

sudo chmod +x /usr/local/bin/firewall.sh

# run firewall
sudo /usr/local/bin/firewall.sh
# TIP: I got an error here
# /bin/bash^M: bad interpreter: No such file or directory
# seems to copy from wordpress adds hidden DOS CTRL characters
# I had to do
sudo apt-get install dos2unix
# then
sudo dos2unix /usr/local/bin/firewall.sh
sudo /usr/local/bin/firewall.sh
# check firewall

CODE: SELECT ALL
sudo iptables --list

# put a line /usr/local/bin/firewall.sh into /etc/rc.local
# before ‘exit 0′ to ensure the iptables rules is created every reboot or power up.
sudo nano /etc/rc.local

/usr/local/bin/firewall.sh

# reboot the pi
sudo reboot

# connect VPN client from remote location
# did not work for me when client and server where connected
# to same router
# check VPN is working by checking your IP address
# changes after you connect http://ipchicken.com/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.