So, I decided it was time to prevent some firewalls from blocking my connection to openvpn.
\nHere’s what I did to share port 443 ( which I already had an apache listening on ) with openvpn !<\/p>\n
\r\n# Make apache Listen on port 4545 and replace all VirtualHost directives to use that.\r\nemerge net-misc\/openvpn app-crypt\/easy-rsa sys-auth\/pam_mysql\r\ncp -prv \/usr\/share\/easy-rsa ~\r\ncd ~\/easy-rsa\r\ncp vars{,.orig}\r\ncat >> vars << _EOF_\r\nexport EASY_RSA=\"`pwd`\"\r\nexport KEY_DIR=\"$EASY_RSA\/keys\"\r\nexport OPENSSL=\"openssl\"\r\nexport PKCS11TOOL=\"pkcs11-tool\"\r\nexport GREP=\"grep\"\r\nexport KEY_CONFIG=`$EASY_RSA\/whichopensslcnf $EASY_RSA`\r\nexport KEY_SIZE=4096\r\nexport CA_EXPIRE=3650\r\nexport KEY_EXPIRE=3650\r\nexport KEY_COUNTRY=\"US\"\r\nexport KEY_PROVINCE=\"FL\"\r\nexport KEY_CITY=\"Miami\"\r\nexport KEY_ORG=\"Fort-Funston\"\r\nexport KEY_EMAIL=\"master@myhost.domain\"\r\nexport KEY_CN=changeme # Common Name (eg, your name or your server's hostname) \r\nexport KEY_NAME=changeme # Name\r\nexport KEY_OU=changeme # Organizational Unit Name (eg, section)\r\n_EOF_\r\nsource .\/vars\r\n.\/clean_all\r\n.\/build-ca\r\n.\/build-key-server server\r\n.\/build-dh\r\nopenvpn --genkey --secret \/root\/easy-rsa\/keys\/ta.key\r\nmkdir -p \/etc\/openvpn\/certs\r\ncp -pv ~\/easy-rsa\/keys\/{ca.crt,ca.key,server.crt,server.key,ta.key,dh4096.pem} \/etc\/openvpn\/certs\/\r\n\r\ncat >> \/etc\/openvpn\/openvpn.conf << _EOF_\r\ndev tun\r\n# use udp .. it performs alot better, this tutorial just uses tcp because it is sharing the port with apache !\r\nproto tcp\r\nlocal 203.0.113.10 # replace with the ip you want it listening instead of 0.0.0.0\r\nport 443\r\nport-share 127.0.0.1 4545\r\nkeepalive 10 120\r\ncomp-lzo\r\nuser nobody\r\ngroup nobody\r\nserver 192.168.7.0 255.255.255.0\r\nca \/etc\/openvpn\/certs\/ca.crt\r\ncert \/etc\/openvpn\/certs\/server.crt\r\nkey \/etc\/openvpn\/certs\/server.key\r\ndh \/etc\/openvpn\/certs\/dh2048.pem\r\ntls-auth \/etc\/openvpn\/certs\/ta.key\r\n#tls-cipher DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA # bettercrypto.org\r\ntls-version-min 1.2 # you can try use tls-cipher see if everything is ok for you, if not, try this.\r\ncipher AES-256-CBC\r\nauth SHA384\r\nverb 5\r\n_EOF_\r\n\r\nsed -i 's\/net.ipv4.ip_forward = 0\/net.ipv4.ip_forward = 1\/' \/etc\/sysctl.conf\r\nsysctl -p\r\nrc-update add openvpn default\r\n\/etc\/init.d\/apache2 restart\r\n\/etc\/init.d\/openvpn restart\r\n\r\n# now for the client part, give him this one file\r\n.\/build-key-pass client\r\ncat >> ~\/client.ovpn << _EOF_\r\nclient\r\nremote 203.0.113.10\r\ndev tun\r\n# set udp here too if you decided to use that!\r\nproto tcp\r\nport 443\r\ncipher AES-256-CBC\r\ncomp-lzo yes\r\nnobind\r\nauth-nocache\r\nscript-security 2\r\npersist-key\r\npersist-tun\r\nauth sha384\r\n\r\n<ca>\r\n$(cat ~\/easy-rsa\/keys\/ca.crt)\r\n<\/ca>\r\n\r\n<cert>\r\n$(cat ~\/easy-rsa\/keys\/client.crt)\r\n<\/cert>\r\n\r\n<key>\r\n$(cat ~\/easy-rsa\/keys\/client.key)\r\n<\/key>\r\n\r\n<tls-auth>\r\n$(cat ~\/easy-rsa\/keys\/ta.key)\r\n<\/tls-auth>\r\n_EOF_\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"So, I decided it was time to prevent some firewalls from blocking my connection to openvpn. Here’s what I did to share port 443 ( which I already had an apache listening on ) with openvpn ! # Make apache Listen on port 4545 and replace all VirtualHost directives to use that. emerge net-misc\/openvpn app-crypt\/easy-rsa … Continue reading OpenVPN setup with mysql auth and ssl port sharing<\/span>