mirror of
https://github.com/pi-hole/pi-hole.git
synced 2025-02-28 13:58:28 +00:00
Destroyed OpenVPN server: Setup OpenVPN server (markdown)
DL6ER
parent
10bced3d22
commit
216e6713fa
1 changed files with 0 additions and 72 deletions
|
|
@ -1,72 +0,0 @@
|
||||||
### Change OpenVPN's resolvers
|
|
||||||
|
|
||||||
First, find the IP of your `tun0` interface:
|
|
||||||
|
|
||||||
On jessie
|
|
||||||
```
|
|
||||||
ifconfig tun0 | grep 'inet addr'
|
|
||||||
```
|
|
||||||
On Stretch
|
|
||||||
```
|
|
||||||
ip a
|
|
||||||
```
|
|
||||||
|
|
||||||
Edit the OpenVPN config file:
|
|
||||||
|
|
||||||
```
|
|
||||||
vim /etc/openvpn/server.conf
|
|
||||||
```
|
|
||||||
|
|
||||||
Set this line to use your Pi-hole's IP address, which you determined from the `ifconfig` command and comment out or remove the other line (if it exists):
|
|
||||||
|
|
||||||
```
|
|
||||||
push "dhcp-option DNS 10.8.0.1"
|
|
||||||
#push "dhcp-option DNS 8.8.8.8"
|
|
||||||
```
|
|
||||||
|
|
||||||
This `push` directive is setting a [DHCP option](https://www.incognito.com/tips-and-tutorials/dhcp-options-in-plain-english/), which tells client's connecting to the VPN that they should use Pi-hole as their primary DNS server.
|
|
||||||
|
|
||||||
It's [suggested to have Pi-hole be the only resolver](https://discourse.pi-hole.net/t/why-should-pi-hole-be-my-only-dns-server/3376) as it defines the upstream servers. Setting a non-Pi-hole resolver here [may have adverse effects on ad blocking](https://discourse.pi-hole.net/t/why-should-pi-hole-be-my-only-dns-server/3376) but it _can_ provide failover connectivity in the case of Pi-hole not working if that is something you are concerned about.
|
|
||||||
|
|
||||||
### Restart OpenVPN to apply the changes
|
|
||||||
|
|
||||||
Depending on your operating system, one of these commands should work to restart the service.
|
|
||||||
```
|
|
||||||
systemctl restart openvpn
|
|
||||||
service openvpn restart
|
|
||||||
```
|
|
||||||
|
|
||||||
## Create a client config file (`.ovpn`)
|
|
||||||
|
|
||||||
Now that the server is configured, you'll want to connect some clients so you can make use of your Pi-hole wherever you are. Doing so requires the use of a certificate. You generate these and the resulting `.ovpn` file by running the installer and choosing `1) Add a new user` for each client that will connect to the VPN.
|
|
||||||
|
|
||||||
You can repeat this process for as many clients as you need. In this example, we'll "Add a new user" by naming the `.ovpn` file the same as the client's hostname but you may want to adopt your own naming strategy.
|
|
||||||
|
|
||||||
Run the OpenVPN installer again
|
|
||||||
|
|
||||||
```
|
|
||||||
./openvpn-install.sh
|
|
||||||
```
|
|
||||||
|
|
||||||
Choose `1) Add a new user` and enter a client name
|
|
||||||
```
|
|
||||||
Looks like OpenVPN is already installed
|
|
||||||
|
|
||||||
What do you want to do?
|
|
||||||
1) Add a new user
|
|
||||||
2) Revoke an existing user
|
|
||||||
3) Remove OpenVPN
|
|
||||||
4) Exit
|
|
||||||
Select an option [1-4]: 1
|
|
||||||
|
|
||||||
Tell me a name for the client certificate
|
|
||||||
Please, use one word only, no special characters
|
|
||||||
Client name: iphone7
|
|
||||||
```
|
|
||||||
|
|
||||||
This will generate a `.ovpn` file, which needs to be copied to your client machine (often times using the OpenVPN app). This process also generates a few other files found in `/etc/openvpn/easy-rsa/pki/`, which make public key authentication possible; you only need to worry about the `.ovpn` file, though.
|
|
||||||
|
|
||||||
***
|
|
||||||
### Next Steps
|
|
||||||
|
|
||||||
Next, [configure your client devices](https://github.com/pi-hole/pi-hole/wiki/OpenVPN-server:-Connect-from-a-client) to use the VPN.
|
|
||||||
Loading…
Add table
Reference in a new issue