From 63842070cc15b7ba86f11a7bcc691ef27fe2131d Mon Sep 17 00:00:00 2001 From: Tanner Collin Date: Tue, 27 Apr 2021 01:13:18 +0000 Subject: [PATCH] Edit Bypassing Ports --- content/bypassing-ports.md | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/content/bypassing-ports.md b/content/bypassing-ports.md index 8034908..f85ee28 100644 --- a/content/bypassing-ports.md +++ b/content/bypassing-ports.md @@ -94,11 +94,13 @@ laptop, phone, etc. to protect you from public WiFi, create only a single extra $ ./easyrsa build-client-full client nopass # optional ``` -Leave off `nopass` if you want to password protect the config file when you set -up a new client. +Leave off `nopass` if you want to password protect the config file keys when you +set up a new client. Create the server config file `/etc/openvpn/server.conf`: +Can't use port 443 here since it'll be forwarded + ``` port 1194 proto udp @@ -144,7 +146,7 @@ ifconfig-push 10.8.0.100 255.255.255.0 Test your config by running: ``` -sudo openvpn --config /etc/openvpn/server.conf +$ sudo openvpn --config /etc/openvpn/server.conf ``` If you run `ip addr` in another terminal, you should see an entry like this: @@ -236,7 +238,7 @@ $ sudo ufw disable && sudo ufw enable Switch to your home server or client machine. -Install openvpn: +Install OpenVPN: ``` $ sudo apt update @@ -275,8 +277,8 @@ key-direction 1 ``` -Replace the `[server ...]` lines with the contents of that file on the VPN -server, for example: +Replace the `[server ...]` lines with the contents of that file on the __VPN +server__, for example: ``` $ sudo cat /etc/openvpn/easy-rsa/pki/ca.crt @@ -294,6 +296,7 @@ client dev tun proto udp remote vpn.example.com 1194 +redirect-gateway def1 resolv-retry infinite nobind persist-key @@ -303,7 +306,6 @@ cipher AES-256-GCM auth SHA256 comp-lzo key-direction 1 -redirect-gateway def1 [server /etc/openvpn/easy-rsa/pki/ca.crt] @@ -323,7 +325,7 @@ The `client.ovpn` file is ready to be imported into your VPN clients. Test your config by running: ``` -sudo openvpn --config /etc/openvpn/client.conf +$ sudo openvpn --config /etc/openvpn/client.conf ``` If you run `ip addr` in another terminal, you should see an entry like this: @@ -376,5 +378,15 @@ You should now be fine to access your home server from over the internet. To forward additional ports, just edit the `/etc/ufw/before.rules` file like above. +You can now point a domain to your virtual server's IP and use that to connect +to your home server. Use a CNAME to make it easy to change later: + +``` +NAME TYPE VALUE +-------------------------------------------------- +vpn.example.com. A 123.123.123.123 +myserver.example.com. CNAME vpn.example.com. +``` + Finally, make sure any server programs are listening / bound to `10.8.0.100` or `0.0.0.0` so that they can get traffic from that interface.