How to install OpenVPN Static Key in Ubuntu 14

1. What is the OpenVPN Static Key?

According to the official documentation, the Static Key method is a Point-to-Point VPN.

II. Advantages of OpenVPN Static Key

1. Easy installation
2. Easy to use. Official clients can be used for Windows, OS X, and Linux.
3. Use UDP to make connections more stable

III. Disadvantages of OpenVPN Static Key

At present, there are several shortcomings. If your local environment needs to be used, ignore this article.

1. Currently, iOS does not support
2. A connection requires a static key, that is, the same static key cannot be used on multiple terminals at the same time. If multiple terminals are used, multiple staic keys must be generated.
3. Disconnect the network and connect to OpenVPN again.

IV. Install OpenVPN Static on the Ubuntu 14.04 server

Assume that your server IP address is 192.0.2.2.

First, update your system.

Sudo apt-get update & apt-get upgrade

Then install OpenVPN directly.

Sudo apt-get install openvpn

Enter/etc/openvpn to generate a Static Key

Sudo openvpn -- genkey -- secret example. key

Run the sudo cat example. key command to view the following text:

#
#2048-bit OpenVPN static key
#
----- BEGIN OpenVPN Static key V1 -----
65359c61d9804ff5c39dc0b72cfd8c2e
5920957ab521_efac12e6ca4af4cc
D996fcc5edd03c59068c45d51664625a
1f9cfddf38c0c21c6c7f00e42fd5ed70
3c965efd4e503053537bd6a0a8158d9f
Aa8c8cb2bd55501c6b8186e1009ef4f2
6ee24f3bcb67fcf9ed2a9867de72be31
8fa1157dc9e46e26213621f672049e6f
Ab45e00b4f8a5996bc1_ea4fa434ff7
88bdabc87e1a97b593330ef152793985
Ecdc531aea8eb94c3bdc73a9ba836c9d
5bc26aac733c079e50d49599894ec3b5
Ec197cfe53e43211a68e9f3479aa7d99
9ac2c15af043b3137c0ac169ccdb0364
B9a81e0337c3c26062c05bae0b12845c
55acab2cb0086aee470516114199b0eb
----- END OpenVPN Static key V1 -----

Create a new. conf file, such as sudo vi example. conf.

Port 1194
Dev tun
Ifconfig 10.233.0.1 10.233.0.2
<Secret>
----- BEGIN OpenVPN Static key V1 -----
65359c61d9804ff5c39dc0b72cfd8c2e
5920957ab521_efac12e6ca4af4cc
D996fcc5edd03c59068c45d51664625a
1f9cfddf38c0c21c6c7f00e42fd5ed70
3c965efd4e503053537bd6a0a8158d9f
Aa8c8cb2bd55501c6b8186e1009ef4f2
6ee24f3bcb67fcf9ed2a9867de72be31
8fa1157dc9e46e26213621f672049e6f
Ab45e00b4f8a5996bc1_ea4fa434ff7
88bdabc87e1a97b593330ef152793985
Ecdc531aea8eb94c3bdc73a9ba836c9d
5bc26aac733c079e50d49599894ec3b5
Ec197cfe53e43211a68e9f3479aa7d99
9ac2c15af043b3137c0ac169ccdb0364
B9a81e0337c3c26062c05bae0b12845c
55acab2cb0086aee470516114199b0eb
----- END OpenVPN Static key V1 -----
</Secret>
Comp-lzo
Keepalive 10 60
Ping-timer-rem
Persist-tun
Persist-key

Here, we use the default port 1194. Of course, you can change it by yourself. ifconfig 10.233.0.1 10.233.0.2 is the intranet address you need to use this configuration file. If you need to add a new configuration file, so you have to change it. Here I use the 10.233.0.0/24 segment. You can also change an intranet address that does not conflict with the intranet address assigned to you by the service provider.

The black and long section in the middle starts from ----- BEGIN OpenVPN Static key V1 ----- and ends with ----- END OpenVPN Static key V1 -----, which is the Static Key just generated, if you need to add a new configuration file, you must generate it again.

Then, use iptables to allow the egress network, where 192.0.2.2 is the egress IP address of your server or VPS, and eth0 is the default Nic name. You can use the ifconfig command to view

Sudo iptables-t nat-a postrouting-j SNAT -- to-source 192.0.2.2-o eth0

Restart the OpenVPN service.

Sudo service openvpn restart

5. Local client configuration file

Create a new example. ovpn in the local computer to open and edit and save

Remote 192.0.2.2
Port 1194
Proto udp
Dev tun
Ifconfig 10.233.0.2 10.233.0.1
Redirect-gateway def1
<Secret>
----- BEGIN OpenVPN Static key V1 -----
65359c61d9804ff5c39dc0b72cfd8c2e
5920957ab521_efac12e6ca4af4cc
D996fcc5edd03c59068c45d51664625a
1f9cfddf38c0c21c6c7f00e42fd5ed70
3c965efd4e503053537bd6a0a8158d9f
Aa8c8cb2bd55501c6b8186e1009ef4f2
6ee24f3bcb67fcf9ed2a9867de72be31
8fa1157dc9e46e26213621f672049e6f
Ab45e00b4f8a5996bc1_ea4fa434ff7
88bdabc87e1a97b593330ef152793985
Ecdc531aea8eb94c3bdc73a9ba836c9d
5bc26aac733c079e50d49599894ec3b5
Ec197cfe53e43211a68e9f3479aa7d99
9ac2c15af043b3137c0ac169ccdb0364
B9a81e0337c3c26062c05bae0b12845c
55acab2cb0086aee470516114199b0eb
----- END OpenVPN Static key V1 -----
</Secret>
Comp-lzo
Keepalive 10 60
Ping-timer-rem
Persist-tun
Persist-key
Script-security 2
The first line is remote 192.0.2.2, which is the IP address of your server or VPS. port 1194 is the port just set. ifconfig 10.233.0.2 10.233.0.1 is the intranet IP address, which needs to be written to the server.

Okay, no problem. Run it on a local client and then go to the Internet cafe!

6. Download the local client

You need to prepare a ladder to climb the wall based on your local system.

Use the official client in Windows and Linux:

Https://openvpn.net/index.php/open-source/downloads.html

Use TunnelBlick in OS X:

Https://code.google.com/p/tunnelblick/wiki/DownloadsEntry? Tm = 2

VII. Instructions

1. My configuration file does not load the server-side DNS. You need to modify the DNS on your own. We recommend using Dnsmasq + DNSCrypt. For more information, see me.
2. Remember that a configuration file can only be used on one terminal at the same time. If the second configuration file is used together, the first configuration file will be disconnected, and the second configuration file will be reconnected, endless loop... Therefore, be sure to save your configuration file. In addition, the port and intranet IP address corresponding to different configuration files must be changed.
3. This configuration has been tested in Xen, KVM, and OpenVZ environments. OpenVZ needs to contact the service provider to open TUN/TAP