| ... | ... | @@ -28,20 +28,20 @@ By default OpenVPN uses port 1194 (UDP), however this is customizable. |
|
|
|
* Subnet network: x.x.x.0/24;
|
|
|
|
* Hubservices: no;
|
|
|
|
* Enable notifications: yes;
|
|
|
|
* Now the tun adapter needs to be added to the container therefore, shutdown the container and edit the [`/etc/pve/lxc/<container id>.conf`]() file in Proxmox:
|
|
|
|
* Now the tun adapter needs to be added to the container therefore, shutdown the container and edit the `/etc/pve/lxc/<container id>.conf` file in Proxmox:
|
|
|
|
```bash
|
|
|
|
# Add tun adapter
|
|
|
|
lxc.hook.autodev: sh -c "modeprobe tun; cd ${LXC_ROOTFS_MOUNT}/dev; mkdir net; mknod net/tun c 10 200; chmod 0666 net/tun"
|
|
|
|
```
|
|
|
|
* Now the iptables need to be configured in the container as follows:
|
|
|
|
* Add the following to the eth0 adapter in [`/etc/network/interfaces`]() (Do not forget to remove the top lines):
|
|
|
|
* Add the following to the eth0 adapter in `/etc/network/interfaces` (Do not forget to remove the top lines):
|
|
|
|
```bash
|
|
|
|
auto eth0
|
|
|
|
iface eth0 inet dhcp
|
|
|
|
post-up iptables-restore < /etc/iptables.up.rules
|
|
|
|
```
|
|
|
|
* Backup this file so the rc.local can use this during startup (this is necessary because this is a bug in the container). To backup the file use `cp /etc/network/interfaces /etc/network/interfaces.bak`;
|
|
|
|
* No add the following code to [`/etc/rc.local`]():
|
|
|
|
* No add the following code to `/etc/rc.local`:
|
|
|
|
```bash
|
|
|
|
# Configure iptables
|
|
|
|
cp /etc/network/interfaces.bak /etc/network/interfaces
|
| ... | ... | @@ -49,7 +49,7 @@ cp /etc/network/interfaces.bak /etc/network/interfaces |
|
|
|
|
|
|
|
exit 0
|
|
|
|
```
|
|
|
|
* Now the [DNS](https://openvpn.net/index.php/open-source/documentation/howto.html#dhcp) needs to be configured in [`/etc/openvpn/server.conf`]() because otherwise the user cannot use the websites on the internal network. Therefore add the following code:
|
|
|
|
* Now the [DNS](https://openvpn.net/index.php/open-source/documentation/howto.html#dhcp) needs to be configured in `/etc/openvpn/server.conf` because otherwise the user cannot use the websites on the internal network. Therefore append the following line:
|
|
|
|
```bash
|
|
|
|
# push DNS to clients
|
|
|
|
push "dhcp-option DNS 10.10.10.4"
|
| ... | ... | @@ -70,7 +70,7 @@ down /etc/openvpn/update-resolv-conf |
|
|
|
If a user is deprecated, use the following code to remove the user: `openvpn/easy-rsa && source ./vars && ./revoke-full <name>`. To completly remove the user, remove the files by using `rm -r /etc/openvpn/easy-rsa/keys/<name>*`.
|
|
|
|
|
|
|
|
## Install OpenVPN using PiVPN
|
|
|
|
* The tun adapter needs to be added to the container because the container does not have rights to add adapters to the kernel, therefore shutdown the container and edit the [`/etc/pve/lxc/<container id>.conf`]() file in Proxmox:
|
|
|
|
* The tun adapter needs to be added to the container because the container does not have rights to add adapters to the kernel, therefore shutdown the container and edit the `/etc/pve/lxc/<container id>.conf` file in Proxmox:
|
|
|
|
```bash
|
|
|
|
# Add tun adapter
|
|
|
|
lxc.hook.autodev: sh -c "modeprobe tun; cd ${LXC_ROOTFS_MOUNT}/dev; mkdir net; mknod net/tun c 10 200; chmod 0666 net/tun"
|
| ... | ... | |
