OpenVPN installation quick tutorial

Just a quick introduction for OpenVPN installation since there is a good work from https://github.com/Nyr/openvpn-install that helps install in 1-click. I just add some extra notes when installing as well as connecting for future references.

  1. First, run the one-step installation command:
    wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
  2. When installing, just remember to choose “1) Current system resolvers” for the question “What DNS do you want to use with the VPN?” so that we will not need to deal with third-party DNS resolvers. I was stuck at resolving domain name when browsing internet in the very first connections using Google DNS resolver.
    1. One thing to note on this is that: if you still face problem of resolving web after VPN connection. You can try removing openVPN server first, then reinstall it. Not sure if it fixes, but in the second installing time, it seems that the process of “Generating DH parameters, 2048 bit long safe prime, generator 2
      This is going to take a long time” takes looooooooonger time and then it can be connected after that 🙂
  3. If you are using csf firewall, remember to add the port to accepted UDP port, and also put the following rules into /etc/csf/csfpre.sh file: For OpenVZ:
    iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A FORWARD -s 192.168.1.0/29 -j ACCEPT
    iptables -A FORWARD -j REJECT
    iptables -t nat -A POSTROUTING -s 192.168.1.0/29 -j SNAT --to YOUR_IP_ADDRESS

    For KVM/Xen:

    iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A FORWARD -s 192.168.1.0/29 -j ACCEPT
    iptables -A FORWARD -j REJECT
    iptables -t nat -A POSTROUTING -s 192.168.1.0/29 -o eth0 -j MASQUERADE

    Just a small difference in the last line, and then restart csf:

    csf -r
  4. Enjoy. Download the profile to your client machine and you can connect to remote VPN server using Tunnelblick at https://tunnelblick.net/downloads.html

Leave a Reply