I have problems when I’ve try to change the default port, so I leave it 1194 and I just forward external port to my Pi’s interna 1194 port
[quote=“Markino, post:20, topic:9165”]
Last question: what exacltly means that I have to create new certificate for every user? Have I to create a certificate and the ovpn file both for John and David and then they will be able to connect to my vpn from all their devices with the same file…[/quote]
Yes! You can create certificate for John and this certificate can be used on many devices - just make sure that you allow that on VPN server configuration. In the same manner you can create only one certificate and use it on as many devices as you want - but as I say you must allow multiple simultaneous connections that are using the same certificate
Well, understood that certificate concept too… when I give to John and David the certificate and the ovpn file to connect to my vpn, how they will logged in? Suppose I create both the user on my Raspy… they will be asked for a login when launch the ovpn file?
I’m thinking to create a certificate for the osmc user, put it on a pendrive and bring it to my office so that I’ll be able to connect on my vpn as osmc user but if I’ll need to connect to my Raspy as Marco?
Sorry, maybe it’s a stupid question but I’d like to understand the way to tipically use and distribute vpn certificates and files.
No, main idea here is that the certificate and the ovpn file are totally enough to connect to the server you don’t need new users You will need new users only if you want to give to John and David console access to your Pi which is not so good idea IMHO. Best way scenario is to preserve the console access only to you. Imagine the entire process like that:
John and David are in your house and they connect their devices to your WiFi network
they will have internet access and they will be able to use your services (torrent client web UI, NAS, etc.) only if they have the different username:passwords for these services.
I hope that this info will clear the idea in your imagination
Really thanks for your help!
I think I’ll never give to other the access to my LAN/VPN… when friends come in my house I’ve configured a separate isolated guest WiFi network just to have internet acces.
I’m configuring the vpn just for myself so that I can enter into my lan while in office from my PC and on “the streets” from my mobile. If I understood well entering to my vpn will be just like connect my PC or mobile directly to my LAN… then I can jump to my server via ssh and with my credential just like from my home pcs, correct?
I configured all on server side and I made two ovpn files: office.ovpn and mobile.ovpn.
When at home I just have to open the vpn port and give it a try from my mobile… I’ll let you know man!
Have I to enable in same way the office and mbile clients or following the guide it’s just fine?
PS: what about the iptables roules and its persistancy? If my Raspy reboot I’ll loose all the roules at the moment…
@Markino can you give me more information about your 2 files that you mentioned? You create 2 totally different configurations or you just make 2 copies of your original file and just change the filenames?
P.S. Did you follow the instructions that I give you as link before few posts?
I’ve created 2 different configurations following the guide and it seems to works!
I’ve also reeboot the raspy and with no changes to iptables still works!
Well… I’m in the moment where everithing seems to works fine, thanks again for your help!
The only think pending is how to persist the iptables roules?
I’ve seen that rebooting the Raspy the iptables roules are lost but I can connect to the vpn… while on the vpn I can access my server but I can’t navigate to the internet from the device on wich I connect to the vpn.
Applying the iptables roules on the server, the internet connection on client works again!
I think the roules is needed for a fully work configuration so I’d liekto understand how to persist them.
@Markino it was pleasure for me to share my knowledge and help someone to improve his system I alredy give you a link to article where is described how to preserve your iptables after reboot but maybe you miss it so I will post it again https://www.debian-administration.org/article/445/Getting_IPTables_to_survive_a_reboot
Please try this solution and report back if the problem still exist.
If you have more questions feel free to ask and I will answer them as soon as possible.
Here I’m again…
I’m very happy on the point I’m today with my configuration: I can access my Raspy via ssh using my pubblic ip and I can also acess my LAN using the VPN.
In my router I’ve just opened/forwarded a port for the ssh connection, a port for the VPN and the ports needed by aMuled and Transmission… no I’d like to install and confiugre Fail2ban. Can you please help me understand how to do it and how to configure it in the best way for my configuration?
You will need new users only if you want to give to John and David console access to your Pi which is not so good idea IMHO. Best way scenario is to preserve the console access only to you. Imagine the entire process like that:
I alredy give you a link to article where is described how to preserve your iptables after reboot but maybe you miss it so I will post it again