From 216e6713fa6d60eb9358c989d062c262ef40985d Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 13 May 2018 14:25:26 +0200 Subject: [PATCH] Destroyed OpenVPN server: Setup OpenVPN server (markdown) --- OpenVPN-server:-Setup-OpenVPN-server.md | 72 ------------------------- 1 file changed, 72 deletions(-) delete mode 100644 OpenVPN-server:-Setup-OpenVPN-server.md diff --git a/OpenVPN-server:-Setup-OpenVPN-server.md b/OpenVPN-server:-Setup-OpenVPN-server.md deleted file mode 100644 index 3d54804..0000000 --- a/OpenVPN-server:-Setup-OpenVPN-server.md +++ /dev/null @@ -1,72 +0,0 @@ -### Change OpenVPN's resolvers - -First, find the IP of your `tun0` interface: - -On jessie -``` -ifconfig tun0 | grep 'inet addr' -``` -On Stretch -``` -ip a -``` - -Edit the OpenVPN config file: - -``` -vim /etc/openvpn/server.conf -``` - -Set this line to use your Pi-hole's IP address, which you determined from the `ifconfig` command and comment out or remove the other line (if it exists): - -``` -push "dhcp-option DNS 10.8.0.1" -#push "dhcp-option DNS 8.8.8.8" -``` - -This `push` directive is setting a [DHCP option](https://www.incognito.com/tips-and-tutorials/dhcp-options-in-plain-english/), which tells client's connecting to the VPN that they should use Pi-hole as their primary DNS server. - -It's [suggested to have Pi-hole be the only resolver](https://discourse.pi-hole.net/t/why-should-pi-hole-be-my-only-dns-server/3376) as it defines the upstream servers. Setting a non-Pi-hole resolver here [may have adverse effects on ad blocking](https://discourse.pi-hole.net/t/why-should-pi-hole-be-my-only-dns-server/3376) but it _can_ provide failover connectivity in the case of Pi-hole not working if that is something you are concerned about. - -### Restart OpenVPN to apply the changes - -Depending on your operating system, one of these commands should work to restart the service. -``` -systemctl restart openvpn -service openvpn restart -``` - -## Create a client config file (`.ovpn`) - -Now that the server is configured, you'll want to connect some clients so you can make use of your Pi-hole wherever you are. Doing so requires the use of a certificate. You generate these and the resulting `.ovpn` file by running the installer and choosing `1) Add a new user` for each client that will connect to the VPN. - -You can repeat this process for as many clients as you need. In this example, we'll "Add a new user" by naming the `.ovpn` file the same as the client's hostname but you may want to adopt your own naming strategy. - -Run the OpenVPN installer again - -``` -./openvpn-install.sh -``` - -Choose `1) Add a new user` and enter a client name -``` -Looks like OpenVPN is already installed - -What do you want to do? - 1) Add a new user - 2) Revoke an existing user - 3) Remove OpenVPN - 4) Exit -Select an option [1-4]: 1 - -Tell me a name for the client certificate -Please, use one word only, no special characters -Client name: iphone7 -``` - -This will generate a `.ovpn` file, which needs to be copied to your client machine (often times using the OpenVPN app). This process also generates a few other files found in `/etc/openvpn/easy-rsa/pki/`, which make public key authentication possible; you only need to worry about the `.ovpn` file, though. - -*** -### Next Steps - -Next, [configure your client devices](https://github.com/pi-hole/pi-hole/wiki/OpenVPN-server:-Connect-from-a-client) to use the VPN. \ No newline at end of file