Skip to content

Scripts and instrructions for setting up a simple roadwarrior VPN with OpenVPN

License

Notifications You must be signed in to change notification settings

cfra/roadwarrior-vpn

Repository files navigation

Setting up a Roadwarrior OpenVPN

Setting up a roadwarrior VPN with OpenVPN was a bit tricky for me. Therefore, I have put together some scripts which should make a sensible setup easier.

Feel free to let me know if you encouter any issues with this.

The configs generated by these scripts require OpenVPN version >=2.4.

PKI

On some machine which you trust with the PKI:

  1. Clone this git:
    git clone https://github.com/cfra/roadwarrior-vpn.git
  2. Create a SETTINGS file from SETTINGS.example.
  3. Initialize the CA:
    ./init_ca.sh
  4. Create Server Config:
    ./new_endpoint.sh server <server-common-name>
  5. Create Client Config:
    ./new_endpoint.sh client <client-common-name>

Server

  1. Install OpenVPN on the server:
    apt install openvpn
  2. Edit the VPN config
  3. Put the generated config from the PKI system to the machine which should be the VPN server:
    scp servers/vpn.example.com.ovpn vpn.example.com:/etc/openvpn/roadwarrior.conf
  4. On the server, enable and start the VPN service:
    systemctl enable openvpn@roadwarrior.service
    systemctl start openvpn@roadwarrior.service
  5. Verify its status:
    systemctl status openvpn@roadwarrior.service 

Client

  1. The generated config should just be usable as is

Revocation

  1. Call the revocation script:
    ./revoke_endpoint.sh client <client-common-name>
  2. Copy the generated CRL from pki/ca/crl/current.pem to a place where OpenVPN can read it and reference it like this, updating the path accordingly:
    crl-verify crl/current.pem
    

About

Scripts and instrructions for setting up a simple roadwarrior VPN with OpenVPN

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages