Configure your server
1 DEFINE SERVER KEYS
Open the configuration file you’ve just created using sudo nano / etc/openvpn/server.conf at the Terminal. We’re going to focus on the bare minimum settings required to get your server up and running. Start by scrolling down to the ‘# SSL/ TLS root certificate…’ section, and changing the ‘cert server.crt’ and ‘key server.key’ lines to point to the files you created in step four of the previous walkthrough.
3 CONFIGURE WEB DIRECTION
These next tweaks instruct all connected clients to route their web traffic through the VPN. Press ‘Ctrl-W’ to locate ‘redirectgateway’ and uncomment the line it’s on: ‘push…’ Uncomment the next two instances of ‘push’ referring to DNS servers, as shown above. Finally, search for ‘nobody’ and uncomment the ‘user nobody’ and ‘group nogroup’ lines. Save and exit.
2 IMPLEMENT EXTRA ENCRYPTION
Now press ‘Ctrl-W’ and type “tls-auth” — you’re taken to a line marked ‘;tls-auth ta.key 0’. Remove the semi-colon from the beginning of this line (a process known as uncommenting) to enable it. Now add the following line underneath it, as shown in the screenshot above: “key-direction 0” — this ensures that the extra TLS authentication that you set up earlier is enabled for OpenVPN.
4 ENABLE IP FORWARDING
Type “sudo nano /etc/sysctl.conf” and uncomment out the following line by removing the preceding ‘#’ symbol from it:
#net.ipv4.ip_forward=1 . Save and exit, then type the following command to reload sysctl: sudo sysctl -p . You should see ‘net.ipv4 ip_forward =1n appear, indicating the setting has been correctly applied. That’s it!