Hi John,
If you don’t want user certificates then using Basic with username/password authentication is the way to go. The only requirement is adding the ca.crt file from the OpenVPN server.
Once you are able to connect you will have a VPN tunnel between your client and the server but that’s it. If you want the VPN to access other networks then first we need to tell the server that it should forward IP traffic:
<strong>cat /proc/sys/net/ipv4/ip_forward</strong>
0
The “0” means no forwarding so let’s change it:
<strong>sudo sysctl -w net/ipv4/ip_forward=1</strong>
This tells Ubuntu to forward IP traffic, let’s verify it:
<strong>cat /proc/sys/net/ipv4/ip_forward</strong>
1
Now it says “1” so it will forward IP traffic. We also have to tell our clients what networks are behind the VPN server. To do this you have to add some lines in your server.conf file:
# Push Route to Clients.
push "route 192.168.50.0 255.255.255.0"
This tells the client that network 192.158.50.0 /24 is reachable through the VPN. If you want to use the VPN for banking then you can add the IP addresses or subnets of your bank here. If you just want to send ALL traffic through the VPN then you can use this entry:
push "redirect-gateway def1"
Since you are sending traffic from your client through the VPN to the server and then onto the Internet, you also have to enable NAT on your OpenVPN server. You can do this with IPtables:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
That should be it. If you do this all traffic headed towards network 192.168.50.0/24 will go through your VPN.
Rene