Edit Bypassing Ports

2021-04-27 01:13:18 +00:00 · 2021-04-27 01:13:18 +00:00 · 63842070cc
commit 63842070cc
parent 1a98f7a163
1 changed files with 20 additions and 8 deletions
--- a/content/bypassing-ports.md
+++ b/content/bypassing-ports.md
@ -94,11 +94,13 @@ laptop, phone, etc. to protect you from public WiFi, create only a single extra
 $ ./easyrsa build-client-full client nopass  # optional
 ```

-Leave off `nopass` if you want to password protect the config file when you set
-up a new client.
+Leave off `nopass` if you want to password protect the config file keys when you
+set up a new client.

 Create the server config file `/etc/openvpn/server.conf`:

+<span class="aside">Can't use port 443 here since it'll be forwarded</span>
+
 ```
 port 1194
 proto udp
@ -144,7 +146,7 @@ ifconfig-push 10.8.0.100 255.255.255.0
 Test your config by running:

 ```
-sudo openvpn --config /etc/openvpn/server.conf
+$ sudo openvpn --config /etc/openvpn/server.conf
 ```

 If you run `ip addr` in another terminal, you should see an entry like this:
@ -236,7 +238,7 @@ $ sudo ufw disable && sudo ufw enable

 Switch to your home server or client machine.

-Install openvpn:
+Install OpenVPN:

 ```
 $ sudo apt update
@ -275,8 +277,8 @@ key-direction 1
 </tls-auth>
 ```

-Replace the `[server ...]` lines with the contents of that file on the VPN
-server, for example:
+Replace the `[server ...]` lines with the contents of that file on the __VPN
+server__, for example:

 ```
 $ sudo cat /etc/openvpn/easy-rsa/pki/ca.crt
@ -294,6 +296,7 @@ client
 dev tun
 proto udp
 remote vpn.example.com 1194
+redirect-gateway def1
 resolv-retry infinite
 nobind
 persist-key
@ -303,7 +306,6 @@ cipher AES-256-GCM
 auth SHA256
 comp-lzo
 key-direction 1
-redirect-gateway def1
 <ca>
 [server /etc/openvpn/easy-rsa/pki/ca.crt]
 </ca>
@ -323,7 +325,7 @@ The `client.ovpn` file is ready to be imported into your VPN clients.
 Test your config by running:

 ```
-sudo openvpn --config /etc/openvpn/client.conf
+$ sudo openvpn --config /etc/openvpn/client.conf
 ```

 If you run `ip addr` in another terminal, you should see an entry like this:
@ -376,5 +378,15 @@ You should now be fine to access your home server from over the internet.
 To forward additional ports, just edit the `/etc/ufw/before.rules` file like
 above.

+You can now point a domain to your virtual server's IP and use that to connect
+to your home server. Use a CNAME to make it easy to change later:
+
+```
+NAME                    TYPE   VALUE
+--------------------------------------------------
+vpn.example.com.        A      123.123.123.123
+myserver.example.com.   CNAME  vpn.example.com.
+```
+
 Finally, make sure any server programs are listening / bound to `10.8.0.100` or
 `0.0.0.0` so that they can get traffic from that interface.