Complete OpenVPN How-To here:
Click here for a very nice tutorial about OpenVPN on Debian
UFW open ports
Get running applications with their used ports
UFW command to open ports
ufw allow 22/tcp
!!! SSH port HAS TO be opened befor you activate UFW, in other case you will block yourself from the server !!!
Dovecot Mail Server
# Managesieve mailfilter (process name: dovecot) 4190/tcp # POP3 (process name: dovecot) 110/tcp 995/tcp #secure # IMAP (process name: init) 143/tcp 993/tcp #secure # SMTP (process name: master) Postfix 25/tcp 587/tcp #secure 465/tcp #secure
TeamSpeak 3 Server
10011/tcp 30033/tcp 9987/udp
Create new VPN client certificate
First you have to prepare the server, if not already done (see also https://wiki.ubuntuusers.de/OpenVPN/).
Edit the vars and create <ca>, <dh> and <server key>:
source ./vars ./build-dh ./build-ca ./build-key-server server service openvpn restart
In terminal go to /etc/openvpn/easy-rsa and run following command where client1 is the name of the new client.
./build-key client1 # certificate without password # OR ./build-key-pass client1 # certificate secured with password (PEM)
Accept the sign certificate and commit questions:
Sign the certificate? [y/n] 1 out of 1 certificate requests certified, commit? [y/n]
The new client certificates are now generated and can be copied to the client device.
You can find them in /etc/openvpn/easy-rsa/keys and you need the following files:
ca.crt # client independent client1.crt # client certificate client1.key # client key client.ovpn # configuration file template
You can generate a unified ovpn configuration file that contains the CA, CRT and KEY data. For that take the ovpn file and replace the following lines with the content of the CA, CRT and KEY files:
# comment out using ; following lines ;ca ca.crt ;cert client.crt ;key client.key # add the replacement <ca> # paste the content of the ca.crt file here </ca> <cert> # paste the content of the client1.crt file here </cert> <key> # paste the content of the client1.key file here </key>