CONFIGURE YOUR SERVER
1. DEFINE SERVER KEYS
Open the configuration file you’ve just created using sudo nano /
etc/openvpn/server.conf at the Terminal. We’re going to focus on the bare minimum settings required to get your server up and running. Start by scrolling down to the “# SSL/ TLS root certificate…” section, and changing the “cert server.crt” and “key server.key” lines to point to the files you created in step four of the previous walkthrough.
2. IMPLEMENT EXTRA ENCRYPTION
Now press Ctrl-W, and type “tls-auth”—you’re taken to a line marked “;tls-auth ta.key 0.” Remove the semi- colon from the beginning of this line (a process known as uncommenting) to enable it. Now add the following line underneath it, as shown in the screenshot above: “key- direction 0”—this ensures that the extra TLS authentication that you set up earlier is enabled for OpenVPN.
3. CONFIGURE WEB DIRECTION
These next tweaks instruct all connected clients to route their web traffic through the VPN. Press Ctrl-W to locate “redirectgateway,” and uncomment the line it’s on: “push….” Uncomment the next two instances of “push” referring to DNS servers, as shown above. Finally, search for “nobody,” and uncomment the “user nobody” and “group nogroup” lines. Save and exit.
4. ENABLE IP FORWARDING
Type sudo nano /etc/sysctl.conf and uncomment out the following line by removing the preceding # symbol from it: “#net.ipv4.ip_ forward=1.” Save and exit, then type the following command to reload sysctl: sudo sysctl -p . You should see “net.ipv4 ip_ forward =1” appear, indicating the setting has been correctly applied. That’s it!