Remote VPN connection to office LAB

How connect to office separated lab network and register SIP-phones from remote location using OpenVPN.

Create keys:

# OpenVPN / Easy-RSA 3.0

mkdir easy-rsa

cp /usr/share/easy-rsa/* ~/easy-rsa/

cd /etc/openvpn/easy-rsa/

./easyrsa init-pki

# CA key

./easyrsa build-ca

# Server keys

./easyrsa build-server-full Demo

./easyrsa gen-dh

openvpn --genkey --secret ta.key

# Client key
./easyrsa build-client-full student1 nopass

Server config:

persist-key
persist-tun
ca /etc/openvpn/ssl/ca.crt
cert /etc/openvpn/ssl/Demo.crt
;comp-lzo adaptive
dev tun
dh /etc/openvpn/ssl/dh.pem
ifconfig-pool-persist server-ipp.txt 0
keepalive 10 120
key /etc/openvpn/ssl/Demo.key
tls-auth /etc/openvpn/ssl/ta.key 0
cipher AES-256-CBC
auth SHA512
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
log /var/log/openvpn/server.log
port 1194
proto tcp
server 10.7.0.0 255.255.255.0
verb 3
crl-verify /etc/openvpn/ssl/crl.pem
push "route 10.130.0.0 255.255.255.0"
client-config-dir ccd
route 192.168.1.16 255.255.255.248
user nobody
group nogroup

Client config:

client
dev tun
remote <remote LAB public ip>
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert student1.crt
key student1.key
tls-auth ta.key 1
verb 1
keepalive 10 120
port <remote LAB port>
proto tcp
cipher AES-256-CBC
auth SHA512
;comp-lzo
remote-cert-tls server

Please download slides -> pdf

Thank you.

OpenVPN -> download site