Layout

-192.168.33.1/24 -|garlic|-10.82.1.211---------------------10.82.1.195-|hubsi|-192.168.55.1/24

Interfaces

garlic

auto ens18
iface ens18 inet static
 address 10.82.1.211
 netmask 255.255.0.0
 gateway 10.82.0.1

auto dummy0
iface dummy0 inet static
 address 192.168.33.1
 netmask 255.255.255.0
 pre-up ip link add dummy0 type dummy

hubsi

auto ens18
iface ens18 inet static
 address 10.82.1.195
 netmask 255.255.0.0
 gateway 10.82.0.1

auto dummy0
iface dummy0 inet static
 address 192.168.55.1
 netmask 255.255.255.0
 pre-up ip link add dummy0 type dummy

Ipfordward on

• cat /etc/sysctl.conf

net.ipv4.ip_forward=1

• sysctl -p

Openvpn

Install

• sudo apt-get install openvpn

Generate Diffie-Hellman and place cert-stuff on garlic

• cd /etc/openvpn/
• mkdir ssl
• cd ssl
• openssl dhparam -out dh2048.pem 2048

Place also garlic.xinux.org.crt garlic.xinux.org.key xin-ca.crt in this directory

Openvpn Config on garlic

• vi /etc/openvpn/server.conf

remote 10.82.1.195
dev tun
tls-server
ifconfig 172.30.30.1 172.30.30.2
route 192.168.55.0 255.255.255.0
keepalive 10 120
dh /etc/openvpn/ssl/dh2048.pem
ca /etc/openvpn/ssl/xin-ca.crt
cert /etc/openvpn/ssl/garlic.xinux.org.crt
key /etc/openvpn/ssl/garlic.xinux.org.key

Place cert-stuff on hubsi

• cd /etc/openvpn/
• mkdir ssl

Place also hubsi.xinux.org.crt hubsi.xinux.org.key xin-ca.crt in this directory

Openvpn Config on hubsi

• vi /etc/openvpn/server.conf

remote 10.82.1.211
dev tun
tls-client
ifconfig 172.30.30.2 172.30.30.1
route 192.168.33.0 255.255.255.0
keepalive 10 120
ca /etc/openvpn/ssl/xin-ca.crt
cert /etc/openvpn/ssl/hubsi.xinux.org.crt
key /etc/openvpn/ssl/hubsi.xinux.org.key

Start and Autostart on all sites

• echo 'AUTOSTART="all"' >> /etc/default/openvpn
• systemctl daemon-reload
• systemctl start openvpn
• systemctl enable openvpn