44 lines
1.7 KiB
Markdown
44 lines
1.7 KiB
Markdown
# OpenVPN via Cloudflare Tunnel (`vpn.bhatfamily.in`)
|
|
|
|
This repository documents the VPN setup hosted on this machine.
|
|
|
|
## What this provides
|
|
- OpenVPN server on this host
|
|
- Cloudflare Tunnel exposure via `vpn.bhatfamily.in`
|
|
- Client access using `cloudflared access tcp` + OpenVPN
|
|
|
|
## Quick client connect
|
|
0. Ensure `vpn.bhatfamily.in` is routed to this tunnel:
|
|
```bash
|
|
cloudflared tunnel route dns --overwrite-dns 6a2e99c2-ce2c-49a9-a3f2-8bf1ad3073b0 vpn.bhatfamily.in
|
|
dig +short vpn.bhatfamily.in CNAME
|
|
```
|
|
Expected CNAME target:
|
|
- `6a2e99c2-ce2c-49a9-a3f2-8bf1ad3073b0.cfargotunnel.com.`
|
|
1. Ensure `cloudflared` and `openvpn` are installed on the client machine.
|
|
2. Use the provided client profile (`rbhat-client-cloudflared.ovpn`).
|
|
3. Update the profile remote to local forwarder:
|
|
- `remote 127.0.0.1 21194`
|
|
4. Start local forwarder:
|
|
```bash
|
|
cloudflared access tcp --hostname vpn.bhatfamily.in --url localhost:21194
|
|
```
|
|
5. In another terminal, start OpenVPN:
|
|
```bash
|
|
sudo openvpn --config rbhat-client-cloudflared.ovpn
|
|
```
|
|
6. Confirm success via:
|
|
- `Initialization Sequence Completed`
|
|
|
|
## Important
|
|
- `21194` is a **local client-side** port, not a public internet port on `vpn.bhatfamily.in`.
|
|
- If `cloudflared access tcp` fails with `address already in use`, choose another free local port and match it in the `.ovpn` `remote` line.
|
|
- If `dig +short vpn.bhatfamily.in CNAME` does not return `6a2e99c2-ce2c-49a9-a3f2-8bf1ad3073b0.cfargotunnel.com.`, rerun the DNS route command above.
|
|
|
|
## Full operational runbook
|
|
See `docs/operations.md` for:
|
|
- Service configuration details
|
|
- Firewall/NAT settings
|
|
- File paths and artifacts
|
|
- Verification and troubleshooting commands
|