sudo apt update && sudo apt upgrade
cat >> /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
EOF
apt install -y openvpn
wget https://git.io/vpn -O openvpn-install.sh
chmod +x openvpn-install.sh
sudo ./openvpn-install.sh
cd /etc/openvpn/server/
cp /root/client.ovpn /etc/openvpn/server/
Now Edit the server config file
vi /etc/openvpn/server/server.conf
find / -iname server.conf
You can adjust and change some of the default changes, otherwise your VPN clients will have the OpenVPN as their Default Gateway
To Disable Default Route, you need add hash (#) infront of below line push.... and other settings e.g. duplicate-cn is for clients to use single config file., and plugin auth-pam iso for users authentication against Ubuntu local users database
#push "redirect-gateway def1 bypass-dhcp" <br>
##Add below static route <br>
push "route 10.10.50.0 255.255.255.0"
#Add below new paramters as well
verb 7
duplicate-cn
##To find the path inside the server use this command dpkg -L openvpn | grep pam
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so login
push "dhcp-option DNS 1.1.1.1"
&
push "block-outside-dns"
route 10.6.0.0 255.255.255.0 route-nopull
auth-user-pass
#ignore-unknown-option block-outside-dns
block-outside-dns
systemctl enable openvpn-server@server.service
systemctl status openvpn-server@server.service
service openvpn@server restart
#systemctl start openvpn-server@server.service
#systemctl restart openvpn-server@server.service
sudo systemctl stop openvpn@server
sudo systemctl start openvpn@server
sudo systemctl restart openvpn@server
sudo systemctl status openvpn@server
netstat -paunt | grep openvpn
ps ffaux | grep openvpn
or search by the process Id
ps -aux | grep 1148
You will find the daemon "--daemon" then look for " --cd" to see where is the path"
You can still use find
find / -iname server.conf
or via the process id explaind above
Default is /etc/openvpn/server/server.conf
Unless mentioned in the ps id "cd" path section
netstat -tupln
In case you have other networks and vms/servers that behind/not directly connected to OpenVPN as default GW, you would need to choose one of the below options to make the VPN clients reach to them and vice versa:
This will require you to ceate NAT Rules on OpenVPN VPN to change VPN Clients source IPs to your local other networks which are behind the OpenVPN VM.
iptables -t nat -A POSTROUTING -d 10.10.50.0/24 -s 10.8.0.0/24 -j SNAT --to 10.10.50.200
iptables -t nat -A POSTROUTING -d 10.10.100.0/24 -s 10.8.0.0/24 -j SNAT --to 10.10.100.200
sudo apt install -y iptables-persistent netfilter-persistent
sudo iptables-save
iptables-save > /etc/iptables/rules.v4