This config will only create a single point-to-point connection. No subnet routing, just 2 IPs: Server + Client.
The assumed scenario here is Ubuntu/Debian based and was tested with Xubuntu 16.04.6 (Xenial) as client and Debian 9 (Stretch) as server
1) Install OpenVPN packages on both: client and server:
Code: Select all
$ apt install openvpn
2) Create server config:
On the server: Store the following as "/etc/openvpn/server/main.conf"
Code: Select all
port 1194
proto tcp-server
cipher none
dev tun1
ifconfig 10.9.8.1 10.9.8.2
keepalive 10 120
verb 3
3) Start OpenVPN server:
Code: Select all
$ openvpn --config /etc/openvpn/server/server.conf
On the client: Store the following as "/etc/openvpn/client/main.conf"
Code: Select all
remote localhost 1194
proto tcp-client
port 1194
dev tun1
ifconfig 10.9.8.2 10.9.8.1
socks-proxy-retry
socks-proxy 127.0.0.1 8080
See the 2 SOCKS proxy lines at the bottom of the client config?
Dynamic port forwarding of SSH will serve as SOCKS proxy
I like to use "~/.ssh/config" for this.
Create a config block pointing to your SSH entrypoint that will allow you to access the OpenVPN server.
Might look something like this:
Code: Select all
Host entrypoint
Hostname <HOSTNAME>
Port <SSHPORT>
# SOCKS:
DynamicForward 8080
Code: Select all
$ ssh entrypoint
So let's put the puzzle together:
6) Connect the OpenVPN client
Code: Select all
$ openvpn --config /etc/openvpn/client/main.conf
While the tunnel is open, you will have a "tun1" network interface, and a corresponding route entry.Mon Mar 4 16:52:39 2019 Connection reset, restarting [0]
Mon Mar 4 16:52:39 2019 /sbin/ip addr del dev tun1 local 10.9.8.2 peer 10.9.8.1
Mon Mar 4 16:52:39 2019 SIGUSR1[soft,connection-reset] received, process restarting
Mon Mar 4 16:52:44 2019 ******* WARNING *******: all encryption and authentication features disabled -- all data will be tunnelled as cleartext
Mon Mar 4 16:52:44 2019 TUN/TAP device tun1 opened
Mon Mar 4 16:52:44 2019 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Mar 4 16:52:44 2019 /sbin/ip link set dev tun1 up mtu 1500
Mon Mar 4 16:52:44 2019 /sbin/ip addr add dev tun1 local 10.9.8.2 peer 10.9.8.1
Mon Mar 4 16:52:44 2019 Attempting to establish TCP connection with [AF_INET]127.0.0.1:10022 [nonblock]
Mon Mar 4 16:52:44 2019 TCP connection established with [AF_INET]127.0.0.1:10022
Mon Mar 4 16:52:44 2019 TCPv4_CLIENT link local: [undef]
Mon Mar 4 16:52:44 2019 TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:10022
Mon Mar 4 16:52:45 2019 Peer Connection Initiated with [AF_INET]127.0.0.1:10022
Mon Mar 4 16:52:46 2019 Initialization Sequence Completed
For example, this is "route -n" on the client:
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.9.8.1 0.0.0.0 255.255.255.255 UH 0 0 0 tun1
Enjoy!