update vpn server entry with new title

author: David Luevano Alvarado <david@luevano.xyz> 2023-06-13 03:54:21 -0600
committer: David Luevano Alvarado <david@luevano.xyz> 2023-06-13 03:54:21 -0600
commit: 9090784e2f1bcd817ff1ebcc43bc56e16bfb4080 (patch)
tree: 5d42bddeb16c8c994ca625fa62f30cfb373ec2aa
parent: 0ed2a2071fe5b7610d4e4122096129857359b651 (diff)
11 files changed, 45 insertions, 49 deletions
diff --git a/db/db_blog.psv b/db/db_blog.psv
index 97dfc07..d28c257 100644
--- a/db/db_blog.psv
+++ b/db/db_blog.psv
@@ -9,7 +9,7 @@ a/acomodada_la_pagina_de_arte.md|1623006369.6071973|1683224355.424242|e1aceca92d
 a/xmpp_server_with_prosody.md|1623216270.0372887|1685764494.9077075|fe15449fc7093efd2157f88b78d4f1b4|code,english,server,tools,tutorial
 a/tenia_esto_descuidado.md|1626594710.918819|1683224450.4442203|801d9caadef53ea30c82c2e8ca5692e6|short,spanish,update
 a/hoy_toco_desarrollo_personaje.md|1627452655.5560262|1683377790.7414637|d1520b814b83470e61ec930f7aaaf0b2|rant,spanish,update
-a/vpn_server_with_openvpn.md|1627810022.100739|1683275819.5970778|e9dfb0d4649057a300a88cdfb2ea3f88|code,english,server,tools,tutorial
+a/vpn_server_with_openvpn.md|1627810022.100739|1686649823.035183|e7e394ccc9ea42af4581dcdd4050a1a4|code,english,server,tools,tutorial
 a/volviendo_a_usar_la_pagina.md|1651116062.9191298|1683224582.1841908|0ff1dcfe9edd9ed8f764d3fde061cf35|short,spanish,update
 a/devs_android_me_trozaron.md|1652608264.4901433|1652609027.0201497|41c897ac0c6e0bd66f67ddc8286f4413|rant,spanish,update
 a/password_manager_authenticator_setup.md|1652654434.4686146|1683172189.1237748|ee21642502116ac50d2ef437e69b306c|english,short,tools
diff --git a/live/blog/a/vpn_server_with_openvpn.html b/live/blog/a/vpn_server_with_openvpn.html
index 5d16d7d..8456352 100644
--- a/live/blog/a/vpn_server_with_openvpn.html
+++ b/live/blog/a/vpn_server_with_openvpn.html
@@ -6,8 +6,8 @@
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <link rel="icon" href="https://static.luevano.xyz/images/icons/favicon.ico">
-<title>Create a VPN server with OpenVPN (IPv4) -- Luévano's Blog</title>
-  <meta name="description" content="How to create a VPN server using OpenVPN on a server running Nginx. Only for IPv4."/>
+<title>Set up a VPN server with OpenVPN -- Luévano's Blog</title>
+  <meta name="description" content="How to set up a VPN server using OpenVPN on a server running Nginx, on Arch. Only for IPv4."/>
 <link rel="alternate" type="application/rss+xml" href="https://blog.luevano.xyz/rss.xml" title="Luévano's Blog RSS">
     <!-- general style -->
     <link rel="stylesheet" type="text/css" href="https://static.luevano.xyz/css/style.css">
@@ -32,11 +32,11 @@
 
 
     <!-- og meta -->
-  <meta property="og:title" content="Create a VPN server with OpenVPN (IPv4) -- Luévano's Blog"/>
+  <meta property="og:title" content="Set up a VPN server with OpenVPN -- Luévano's Blog"/>
   <meta property="og:type" content="article"/>
   <meta property="og:url" content="https://blog.luevano.xyz/a/vpn_server_with_openvpn.md"/>
   <meta property="og:image" content="https://static.luevano.xyz/images/b/default.png"/>
-  <meta property="og:description" content="How to create a VPN server using OpenVPN on a server running Nginx. Only for IPv4."/>
+  <meta property="og:description" content="How to set up a VPN server using OpenVPN on a server running Nginx, on Arch. Only for IPv4."/>
   <meta property="og:locale" content="en"/>
   <meta property="og:site_name" content="Luévano's Blog"/>
   </head>
@@ -85,7 +85,7 @@
         <i class="fas fa-arrow-up" alt="Return to top"></i>
         </button>
       </div>
-  <h1>Create a VPN server with OpenVPN (IPv4)</h1>
+  <h1>Set up a VPN server with OpenVPN</h1>
 
   <p>I&rsquo;ve been wanting to do this entry, but had no time to do it since I also have to set up the VPN service as well to make sure what I&rsquo;m writing makes sense, today is the day.</p>
 <p>Like with any other of my entries I based my setup on the <a href="https://wiki.archlinux.org/title/OpenVPN">Arch Wiki</a>, <a href="https://github.com/Nyr/openvpn-install">this install script</a> and <a href="https://github.com/graysky2/ovpngen">this profile generator script</a>.</p>
@@ -107,12 +107,12 @@
 <p>Pretty simple:</p>
 <ul>
 <li>Working server with root access, and with <code>ufw</code> as the firewall.</li>
-<li>Depending on what port you want to run the VPN on, the default <code>1194</code>, or as a fallback on <code>443</code> (click <a href="https://openvpn.net/vpn-server-resources/advanced-option-settings-on-the-command-line/">here</a> for more). I will do mine on port <code>1194</code> but it&rsquo;s just a matter of changing 2 lines of configuration and one <code>ufw</code> rule.</li>
+<li>Open port <code>1194</code> (default), or as a fallback on <code>443</code> (click <a href="https://openvpn.net/vpn-server-resources/advanced-option-settings-on-the-command-line/">here</a> for more). I will do mine on port <code>1194</code> but it&rsquo;s just a matter of changing 2 lines of configuration and one <code>ufw</code> rule.</li>
 </ul>
 <h2 id="create-pki-from-scratch">Create PKI from scratch<a class="headerlink" href="#create-pki-from-scratch" title="Permanent link">&para;</a></h2>
 <p>PKI stands for <em>Public Key Infrastructure</em> and basically it&rsquo;s required for certificates, private keys and more. This is supposed to work between two servers and one client: a server in charge of creating, signing and verifying the certificates, a server with the OpenVPN service running and the client making the request.</p>
-<p>This is supposed to work something like: 1) a client wants to use the VPN service, so it creates a requests and sends it to the signing server, 2) this server checks the requests and signs the request, returning the certificates to both the VPN service and the client and 3) the client can now connect to the VPN service using the signed certificate which the OpenVPN server knows about. In a nutshell, I&rsquo;m no expert.</p>
-<p>&hellip; but, to be honest, all of this is a hassle and (in my case) I want something simple to use and manage. So I&rsquo;m gonna do all on one server and then just give away the configuration file for the clients, effectively generating files that anyone can run and will work, meaning that you need to be careful who you give this files (it also comes with a revoking mechanism, so no worries).</p>
+<p>In a nutshel, this is supposed to work something like: 1) a client wants to use the VPN service, so it creates a requests and sends it to the signing server, 2) this server checks the requests and signs the request, returning the certificates to both the VPN service and the client and 3) the client can now connect to the VPN service using the signed certificate which the OpenVPN server knows about.</p>
+<p>That&rsquo;s how the it should be st up&hellip; but, to be honest, all of this is a hassle and (in my case) I want something simple to use and manage. So I&rsquo;m gonna do all on one server and then just give away the configuration file for the clients, effectively generating files that anyone can run and will work, meaning that you need to be careful who you give this files (it also comes with a revoking mechanism, so no worries).</p>
 <p>This is done with <a href="https://wiki.archlinux.org/title/Easy-RSA">Easy-RSA</a>.</p>
 <p>Install the <code>easy-rsa</code> package:</p>
 <pre><code class="language-sh">pacman -S easy-rsa
@@ -147,12 +147,11 @@ chmod o+rx pki/private/server.key
 chown nobody:nobody pki/crl.pem
 chmod o+r pki/crl.pem
 </code></pre>
-<p>Now, go to the <code>openvpn</code> directory and create the required files there:</p>
+<p>Finally, go to the <code>openvpn</code> directory and create the required files there:</p>
 <pre><code class="language-sh">cd /etc/openvpn/server
 openssl dhparam -out dh.pem 2048
 openvpn --genkey secret ta.key
 </code></pre>
-<p>That&rsquo;s it for the PKI stuff and general certificate configuration.</p>
 <h2 id="openvpn">OpenVPN<a class="headerlink" href="#openvpn" title="Permanent link">&para;</a></h2>
 <p><a href="https://wiki.archlinux.org/title/OpenVPN">OpenVPN</a> is a robust and highly flexible VPN daemon, that&rsquo;s pretty complete feature-wise.</p>
 <p>Install the <code>openvpn</code> package:</p>
@@ -303,8 +302,8 @@ systemctl enable openvpn-server@server.service
 </code></pre>
 <p>Where the <code>server</code> after <code>@</code> is the name of your configuration, <code>server.conf</code> without the <code>.conf</code> in my case.</p>
 <h3 id="create-client-configurations">Create client configurations<a class="headerlink" href="#create-client-configurations" title="Permanent link">&para;</a></h3>
-<p>You might notice that I didn&rsquo;t specify how to actually connect to our server. For that we need to do a few more steps. We actually need a configuration file similar to the <code>server.conf</code> file that we created.</p>
-<p>The real way of doing this would be to run similar steps as the ones with <code>easy-rsa</code> locally, send them to the server, sign them, and retrieve them. Nah, we&rsquo;ll just create all configuration files on the server as I was mentioning earlier.</p>
+<p>You might notice that I didn&rsquo;t specify how to actually connect the VPN. For that we need a configuration file similar to the <code>server.conf</code> file that we created.</p>
+<p>The real way of doing this would be to run similar steps as the ones with <code>easy-rsa</code> locally, send them to the server, sign them, and retrieve them. Fuck all that, we&rsquo;ll just create all configuration files on the server as I was mentioning earlier.</p>
 <p>Also, the client configuration file has to match the server one (to some degree), to make this easier you can create a <code>client-common</code> file in <code>/etc/openvpn/server</code> with the following content:</p>
 <pre><code>client
 dev tun
@@ -318,10 +317,10 @@ auth SHA512
 verb 3
 </code></pre>
 <p>Where you should make any changes necessary, depending on your configuration.</p>
-<p>Now, we need a way to create and revoke new configuration files. For this I created a script, heavily based on one of the links I mentioned at the beginning, by the way. You can place these scripts anywhere you like, and you should take a look before running them because you&rsquo;ll be running them as root.</p>
+<p>Now, we need a way to create and revoke new configuration files. For this I created a script, heavily based on one of the links I mentioned at the beginning. You can place these scripts anywhere you like, and you should take a look before running them because you&rsquo;ll be running them with elevated privileges (sudo).</p>
 <p>In a nutshell, what it does is: generate a new client certificate keypair, update the CRL and create a new <code>.ovpn</code> configuration file that consists on the <code>client-common</code> data and all of the required certificates; or, revoke an existing client and refresh the CRL. The file is placed under <code>~/ovpn</code>.</p>
 <p>Create a new file with the following content (name it whatever you like) and don&rsquo;t forget to make it executable (<code>chmod +x vpn_script</code>):</p>
-<pre><code>#!/bin/sh
+<pre><code class="language-sh">#!/bin/sh
 # Client ovpn configuration creation and revoking.
 MODE=$1
 if [ ! &quot;$MODE&quot; = &quot;new&quot; -a ! &quot;$MODE&quot; = &quot;rev&quot; ]; then
@@ -375,7 +374,7 @@ chown nobody:nobody pki/crl.pem
 chmod o+r pki/crl.pem
 cd $CPWD
 </code></pre>
-<p>And the way to use is to run <code>vpn_script new/rev client_name</code> as sudo (when revoking, it doesn&rsquo;t actually delete the <code>.ovpn</code> file in <code>~/ovpn</code>). Again, this is a little script that I put together, so you should check it out, it may need tweaks (depending on your directory structure for <code>easy-rsa</code>).</p>
+<p>And the way to use is to run <code>bash vpn_script &lt;mode&gt; &lt;client_name&gt;</code> where <code>mode</code> is <code>new</code> or <code>rev</code> (revoke) as sudo (when revoking, it doesn&rsquo;t actually delete the <code>.ovpn</code> file in <code>~/ovpn</code>). Again, this is a little script that I put together, so you should check it out, it may need tweaks (specially depending on your directory structure for <code>easy-rsa</code>).</p>
 <p>Now, just get the <code>.ovpn</code> file generated, import it to OpenVPN in your client of preference and you should have a working VPN service.</p>
 
   <div class="page-nav">
@@ -406,7 +405,7 @@ cd $CPWD
   <div class="article-info">
     <p>By David Luévano</p>
     <p>Created: Sun, Aug 01, 2021 @ 09:27 UTC</p>
-      <p>Modified: Fri, May 05, 2023 @ 08:36 UTC</p>
+      <p>Modified: Tue, Jun 13, 2023 @ 09:50 UTC</p>
     <div class="article-tags">
   <p>Tags:
 <a href="https://blog.luevano.xyz/tag/@code.html">code</a>, <a href="https://blog.luevano.xyz/tag/@english.html">english</a>, <a href="https://blog.luevano.xyz/tag/@server.html">server</a>, <a href="https://blog.luevano.xyz/tag/@tools.html">tools</a>, <a href="https://blog.luevano.xyz/tag/@tutorial.html">tutorial</a>  </p>
diff --git a/live/blog/index.html b/live/blog/index.html
index 0a768a2..efd84fe 100644
--- a/live/blog/index.html
+++ b/live/blog/index.html
@@ -103,7 +103,7 @@
       <li><span class="page-list-item">May 15</span> - <a href="https://blog.luevano.xyz/a/devs_android_me_trozaron.html">Los devs de Android/MIUI me trozaron</a></li>
       <li><span class="page-list-item">Apr 28</span> - <a href="https://blog.luevano.xyz/a/volviendo_a_usar_la_pagina.html">Volviendo a usar la página</a></li>
           <h3>2021</h3>
-      <li><span class="page-list-item">Aug 01</span> - <a href="https://blog.luevano.xyz/a/vpn_server_with_openvpn.html">Create a VPN server with OpenVPN (IPv4)</a></li>
+      <li><span class="page-list-item">Aug 01</span> - <a href="https://blog.luevano.xyz/a/vpn_server_with_openvpn.html">Set up a VPN server with OpenVPN</a></li>
       <li><span class="page-list-item">Jul 28</span> - <a href="https://blog.luevano.xyz/a/hoy_toco_desarrollo_personaje.html">Hoy me tocó desarrollo de personaje</a></li>
       <li><span class="page-list-item">Jul 18</span> - <a href="https://blog.luevano.xyz/a/tenia_esto_descuidado.html">Tenía este pex algo descuidado</a></li>
       <li><span class="page-list-item">Jun 09</span> - <a href="https://blog.luevano.xyz/a/xmpp_server_with_prosody.html">Set up an XMPP server with Prosody compatible with Conversations and Movim</a></li>
diff --git a/live/blog/rss.xml b/live/blog/rss.xml
index 303b255..7d86f9c 100644
--- a/live/blog/rss.xml
+++ b/live/blog/rss.xml
@@ -1981,7 +1981,7 @@ func _ready() -&gt; void:
 <p>En otras noticias, estoy muy agusto en el jale que tengo actualmente aunque lleve alrededor de 3 semanas de un infierno en el jale. Debo pensar en si debo omitir cosas personales o del trabajo aquí, ya que quién sabe quién se pueda llegar a topar con esto <em>*thinking emoji*</em>.</p>]]></content:encoded>
     </item>
     <item>
-      <title>Create a VPN server with OpenVPN (IPv4)</title>
+      <title>Set up a VPN server with OpenVPN</title>
       <link>https://blog.luevano.xyz/a/vpn_server_with_openvpn.html</link>
       <guid isPermaLink="true">https://blog.luevano.xyz/a/vpn_server_with_openvpn.html</guid>
       <pubDate>Sun, 01 Aug 2021 09:27:02 GMT</pubDate>
@@ -1990,7 +1990,7 @@ func _ready() -&gt; void:
       <category>Server</category>
       <category>Tools</category>
       <category>Tutorial</category>
-      <description>How to create a VPN server using OpenVPN on a server running Nginx. Only for IPv4.</description>
+      <description>How to set up a VPN server using OpenVPN on a server running Nginx, on Arch. Only for IPv4.</description>
       <content:encoded><![CDATA[<p>I&rsquo;ve been wanting to do this entry, but had no time to do it since I also have to set up the VPN service as well to make sure what I&rsquo;m writing makes sense, today is the day.</p>
 <p>Like with any other of my entries I based my setup on the <a href="https://wiki.archlinux.org/title/OpenVPN">Arch Wiki</a>, <a href="https://github.com/Nyr/openvpn-install">this install script</a> and <a href="https://github.com/graysky2/ovpngen">this profile generator script</a>.</p>
 <p>This will be installed and working alongside the other stuff I&rsquo;ve wrote about on other posts (see the <a href="https://blog.luevano.xyz/tag/@server.html">server</a> tag). All commands here are executes as root unless specified otherwise. Also, this is intended only for IPv4 (it&rsquo;s not that hard to include IPv6, but meh). As always, all commands are executed as root unless stated otherwise.</p>
@@ -2011,12 +2011,12 @@ func _ready() -&gt; void:
 <p>Pretty simple:</p>
 <ul>
 <li>Working server with root access, and with <code>ufw</code> as the firewall.</li>
-<li>Depending on what port you want to run the VPN on, the default <code>1194</code>, or as a fallback on <code>443</code> (click <a href="https://openvpn.net/vpn-server-resources/advanced-option-settings-on-the-command-line/">here</a> for more). I will do mine on port <code>1194</code> but it&rsquo;s just a matter of changing 2 lines of configuration and one <code>ufw</code> rule.</li>
+<li>Open port <code>1194</code> (default), or as a fallback on <code>443</code> (click <a href="https://openvpn.net/vpn-server-resources/advanced-option-settings-on-the-command-line/">here</a> for more). I will do mine on port <code>1194</code> but it&rsquo;s just a matter of changing 2 lines of configuration and one <code>ufw</code> rule.</li>
 </ul>
 <h2 id="create-pki-from-scratch">Create PKI from scratch<a class="headerlink" href="#create-pki-from-scratch" title="Permanent link">&para;</a></h2>
 <p>PKI stands for <em>Public Key Infrastructure</em> and basically it&rsquo;s required for certificates, private keys and more. This is supposed to work between two servers and one client: a server in charge of creating, signing and verifying the certificates, a server with the OpenVPN service running and the client making the request.</p>
-<p>This is supposed to work something like: 1) a client wants to use the VPN service, so it creates a requests and sends it to the signing server, 2) this server checks the requests and signs the request, returning the certificates to both the VPN service and the client and 3) the client can now connect to the VPN service using the signed certificate which the OpenVPN server knows about. In a nutshell, I&rsquo;m no expert.</p>
-<p>&hellip; but, to be honest, all of this is a hassle and (in my case) I want something simple to use and manage. So I&rsquo;m gonna do all on one server and then just give away the configuration file for the clients, effectively generating files that anyone can run and will work, meaning that you need to be careful who you give this files (it also comes with a revoking mechanism, so no worries).</p>
+<p>In a nutshel, this is supposed to work something like: 1) a client wants to use the VPN service, so it creates a requests and sends it to the signing server, 2) this server checks the requests and signs the request, returning the certificates to both the VPN service and the client and 3) the client can now connect to the VPN service using the signed certificate which the OpenVPN server knows about.</p>
+<p>That&rsquo;s how the it should be st up&hellip; but, to be honest, all of this is a hassle and (in my case) I want something simple to use and manage. So I&rsquo;m gonna do all on one server and then just give away the configuration file for the clients, effectively generating files that anyone can run and will work, meaning that you need to be careful who you give this files (it also comes with a revoking mechanism, so no worries).</p>
 <p>This is done with <a href="https://wiki.archlinux.org/title/Easy-RSA">Easy-RSA</a>.</p>
 <p>Install the <code>easy-rsa</code> package:</p>
 <pre><code class="language-sh">pacman -S easy-rsa
@@ -2051,12 +2051,11 @@ chmod o+rx pki/private/server.key
 chown nobody:nobody pki/crl.pem
 chmod o+r pki/crl.pem
 </code></pre>
-<p>Now, go to the <code>openvpn</code> directory and create the required files there:</p>
+<p>Finally, go to the <code>openvpn</code> directory and create the required files there:</p>
 <pre><code class="language-sh">cd /etc/openvpn/server
 openssl dhparam -out dh.pem 2048
 openvpn --genkey secret ta.key
 </code></pre>
-<p>That&rsquo;s it for the PKI stuff and general certificate configuration.</p>
 <h2 id="openvpn">OpenVPN<a class="headerlink" href="#openvpn" title="Permanent link">&para;</a></h2>
 <p><a href="https://wiki.archlinux.org/title/OpenVPN">OpenVPN</a> is a robust and highly flexible VPN daemon, that&rsquo;s pretty complete feature-wise.</p>
 <p>Install the <code>openvpn</code> package:</p>
@@ -2207,8 +2206,8 @@ systemctl enable openvpn-server@server.service
 </code></pre>
 <p>Where the <code>server</code> after <code>@</code> is the name of your configuration, <code>server.conf</code> without the <code>.conf</code> in my case.</p>
 <h3 id="create-client-configurations">Create client configurations<a class="headerlink" href="#create-client-configurations" title="Permanent link">&para;</a></h3>
-<p>You might notice that I didn&rsquo;t specify how to actually connect to our server. For that we need to do a few more steps. We actually need a configuration file similar to the <code>server.conf</code> file that we created.</p>
-<p>The real way of doing this would be to run similar steps as the ones with <code>easy-rsa</code> locally, send them to the server, sign them, and retrieve them. Nah, we&rsquo;ll just create all configuration files on the server as I was mentioning earlier.</p>
+<p>You might notice that I didn&rsquo;t specify how to actually connect the VPN. For that we need a configuration file similar to the <code>server.conf</code> file that we created.</p>
+<p>The real way of doing this would be to run similar steps as the ones with <code>easy-rsa</code> locally, send them to the server, sign them, and retrieve them. Fuck all that, we&rsquo;ll just create all configuration files on the server as I was mentioning earlier.</p>
 <p>Also, the client configuration file has to match the server one (to some degree), to make this easier you can create a <code>client-common</code> file in <code>/etc/openvpn/server</code> with the following content:</p>
 <pre><code>client
 dev tun
@@ -2222,10 +2221,10 @@ auth SHA512
 verb 3
 </code></pre>
 <p>Where you should make any changes necessary, depending on your configuration.</p>
-<p>Now, we need a way to create and revoke new configuration files. For this I created a script, heavily based on one of the links I mentioned at the beginning, by the way. You can place these scripts anywhere you like, and you should take a look before running them because you&rsquo;ll be running them as root.</p>
+<p>Now, we need a way to create and revoke new configuration files. For this I created a script, heavily based on one of the links I mentioned at the beginning. You can place these scripts anywhere you like, and you should take a look before running them because you&rsquo;ll be running them with elevated privileges (sudo).</p>
 <p>In a nutshell, what it does is: generate a new client certificate keypair, update the CRL and create a new <code>.ovpn</code> configuration file that consists on the <code>client-common</code> data and all of the required certificates; or, revoke an existing client and refresh the CRL. The file is placed under <code>~/ovpn</code>.</p>
 <p>Create a new file with the following content (name it whatever you like) and don&rsquo;t forget to make it executable (<code>chmod +x vpn_script</code>):</p>
-<pre><code>#!/bin/sh
+<pre><code class="language-sh">#!/bin/sh
 # Client ovpn configuration creation and revoking.
 MODE=$1
 if [ ! &quot;$MODE&quot; = &quot;new&quot; -a ! &quot;$MODE&quot; = &quot;rev&quot; ]; then
@@ -2279,7 +2278,7 @@ chown nobody:nobody pki/crl.pem
 chmod o+r pki/crl.pem
 cd $CPWD
 </code></pre>
-<p>And the way to use is to run <code>vpn_script new/rev client_name</code> as sudo (when revoking, it doesn&rsquo;t actually delete the <code>.ovpn</code> file in <code>~/ovpn</code>). Again, this is a little script that I put together, so you should check it out, it may need tweaks (depending on your directory structure for <code>easy-rsa</code>).</p>
+<p>And the way to use is to run <code>bash vpn_script &lt;mode&gt; &lt;client_name&gt;</code> where <code>mode</code> is <code>new</code> or <code>rev</code> (revoke) as sudo (when revoking, it doesn&rsquo;t actually delete the <code>.ovpn</code> file in <code>~/ovpn</code>). Again, this is a little script that I put together, so you should check it out, it may need tweaks (specially depending on your directory structure for <code>easy-rsa</code>).</p>
 <p>Now, just get the <code>.ovpn</code> file generated, import it to OpenVPN in your client of preference and you should have a working VPN service.</p>]]></content:encoded>
     </item>
     <item>
diff --git a/live/blog/sitemap.xml b/live/blog/sitemap.xml
index a30b52f..8e67dc2 100644
--- a/live/blog/sitemap.xml
+++ b/live/blog/sitemap.xml
@@ -125,7 +125,7 @@
     </url>
     <url>
       <loc>https://blog.luevano.xyz/a/vpn_server_with_openvpn.html</loc>
-      <lastmod>2023-05-05</lastmod>
+      <lastmod>2023-06-13</lastmod>
       <changefreq>weekly</changefreq>
       <priority>1.0</priority>
     </url>
diff --git a/live/blog/tag/@code.html b/live/blog/tag/@code.html
index 23080fa..56f95fd 100644
--- a/live/blog/tag/@code.html
+++ b/live/blog/tag/@code.html
@@ -80,7 +80,7 @@
         <h3>2023</h3>
       <li><span class="page-list-item">Jun 10</span> - <a href="https://blog.luevano.xyz/a/manga_server_with_komga.html">Set up a manga server with Komga and mangal</a></li>
           <h3>2021</h3>
-      <li><span class="page-list-item">Aug 01</span> - <a href="https://blog.luevano.xyz/a/vpn_server_with_openvpn.html">Create a VPN server with OpenVPN (IPv4)</a></li>
+      <li><span class="page-list-item">Aug 01</span> - <a href="https://blog.luevano.xyz/a/vpn_server_with_openvpn.html">Set up a VPN server with OpenVPN</a></li>
       <li><span class="page-list-item">Jun 09</span> - <a href="https://blog.luevano.xyz/a/xmpp_server_with_prosody.html">Set up an XMPP server with Prosody compatible with Conversations and Movim</a></li>
       <li><span class="page-list-item">Mar 21</span> - <a href="https://blog.luevano.xyz/a/git_server_with_cgit.html">Set up a Git server and cgit front-end</a></li>
       <li><span class="page-list-item">Mar 21</span> - <a href="https://blog.luevano.xyz/a/mail_server_with_postfix.html">Set up a Mail server with Postfix, Dovecot, SpamAssassin and OpenDKIM</a></li>
diff --git a/live/blog/tag/@english.html b/live/blog/tag/@english.html
index 85df0b5..3b7f7c4 100644
--- a/live/blog/tag/@english.html
+++ b/live/blog/tag/@english.html
@@ -90,7 +90,7 @@
       <li><span class="page-list-item">May 17</span> - <a href="https://blog.luevano.xyz/g/starting_gamedev_blogging.html">Will start blogging about gamedev</a></li>
       <li><span class="page-list-item">May 15</span> - <a href="https://blog.luevano.xyz/a/password_manager_authenticator_setup.html">My setup for a password manager and MFA authenticator</a></li>
           <h3>2021</h3>
-      <li><span class="page-list-item">Aug 01</span> - <a href="https://blog.luevano.xyz/a/vpn_server_with_openvpn.html">Create a VPN server with OpenVPN (IPv4)</a></li>
+      <li><span class="page-list-item">Aug 01</span> - <a href="https://blog.luevano.xyz/a/vpn_server_with_openvpn.html">Set up a VPN server with OpenVPN</a></li>
       <li><span class="page-list-item">Jun 09</span> - <a href="https://blog.luevano.xyz/a/xmpp_server_with_prosody.html">Set up an XMPP server with Prosody compatible with Conversations and Movim</a></li>
       <li><span class="page-list-item">May 28</span> - <a href="https://blog.luevano.xyz/a/new_blogging_system.html">I'm using a new blogging system</a></li>
       <li><span class="page-list-item">Mar 21</span> - <a href="https://blog.luevano.xyz/a/git_server_with_cgit.html">Set up a Git server and cgit front-end</a></li>
diff --git a/live/blog/tag/@server.html b/live/blog/tag/@server.html
index 1408e4b..c5f41c4 100644
--- a/live/blog/tag/@server.html
+++ b/live/blog/tag/@server.html
@@ -80,7 +80,7 @@
         <h3>2023</h3>
       <li><span class="page-list-item">Jun 10</span> - <a href="https://blog.luevano.xyz/a/manga_server_with_komga.html">Set up a manga server with Komga and mangal</a></li>
           <h3>2021</h3>
-      <li><span class="page-list-item">Aug 01</span> - <a href="https://blog.luevano.xyz/a/vpn_server_with_openvpn.html">Create a VPN server with OpenVPN (IPv4)</a></li>
+      <li><span class="page-list-item">Aug 01</span> - <a href="https://blog.luevano.xyz/a/vpn_server_with_openvpn.html">Set up a VPN server with OpenVPN</a></li>
       <li><span class="page-list-item">Jun 09</span> - <a href="https://blog.luevano.xyz/a/xmpp_server_with_prosody.html">Set up an XMPP server with Prosody compatible with Conversations and Movim</a></li>
       <li><span class="page-list-item">Mar 21</span> - <a href="https://blog.luevano.xyz/a/git_server_with_cgit.html">Set up a Git server and cgit front-end</a></li>
       <li><span class="page-list-item">Mar 21</span> - <a href="https://blog.luevano.xyz/a/mail_server_with_postfix.html">Set up a Mail server with Postfix, Dovecot, SpamAssassin and OpenDKIM</a></li>
diff --git a/live/blog/tag/@tools.html b/live/blog/tag/@tools.html
index b7900ae..26e5b05 100644
--- a/live/blog/tag/@tools.html
+++ b/live/blog/tag/@tools.html
@@ -85,7 +85,7 @@
       <li><span class="page-list-item">Dec 20</span> - <a href="https://blog.luevano.xyz/a/rewrote_pyssg_again.html">Rewrote pyssg again</a></li>
       <li><span class="page-list-item">May 15</span> - <a href="https://blog.luevano.xyz/a/password_manager_authenticator_setup.html">My setup for a password manager and MFA authenticator</a></li>
           <h3>2021</h3>
-      <li><span class="page-list-item">Aug 01</span> - <a href="https://blog.luevano.xyz/a/vpn_server_with_openvpn.html">Create a VPN server with OpenVPN (IPv4)</a></li>
+      <li><span class="page-list-item">Aug 01</span> - <a href="https://blog.luevano.xyz/a/vpn_server_with_openvpn.html">Set up a VPN server with OpenVPN</a></li>
       <li><span class="page-list-item">Jun 09</span> - <a href="https://blog.luevano.xyz/a/xmpp_server_with_prosody.html">Set up an XMPP server with Prosody compatible with Conversations and Movim</a></li>
       <li><span class="page-list-item">May 28</span> - <a href="https://blog.luevano.xyz/a/new_blogging_system.html">I'm using a new blogging system</a></li>
       <li><span class="page-list-item">Mar 21</span> - <a href="https://blog.luevano.xyz/a/git_server_with_cgit.html">Set up a Git server and cgit front-end</a></li>
diff --git a/live/blog/tag/@tutorial.html b/live/blog/tag/@tutorial.html
index b7a65d1..7d8d4c7 100644
--- a/live/blog/tag/@tutorial.html
+++ b/live/blog/tag/@tutorial.html
@@ -80,7 +80,7 @@
         <h3>2023</h3>
       <li><span class="page-list-item">Jun 10</span> - <a href="https://blog.luevano.xyz/a/manga_server_with_komga.html">Set up a manga server with Komga and mangal</a></li>
           <h3>2021</h3>
-      <li><span class="page-list-item">Aug 01</span> - <a href="https://blog.luevano.xyz/a/vpn_server_with_openvpn.html">Create a VPN server with OpenVPN (IPv4)</a></li>
+      <li><span class="page-list-item">Aug 01</span> - <a href="https://blog.luevano.xyz/a/vpn_server_with_openvpn.html">Set up a VPN server with OpenVPN</a></li>
       <li><span class="page-list-item">Jun 09</span> - <a href="https://blog.luevano.xyz/a/xmpp_server_with_prosody.html">Set up an XMPP server with Prosody compatible with Conversations and Movim</a></li>
       <li><span class="page-list-item">Mar 21</span> - <a href="https://blog.luevano.xyz/a/git_server_with_cgit.html">Set up a Git server and cgit front-end</a></li>
       <li><span class="page-list-item">Mar 21</span> - <a href="https://blog.luevano.xyz/a/mail_server_with_postfix.html">Set up a Mail server with Postfix, Dovecot, SpamAssassin and OpenDKIM</a></li>
diff --git a/src/blog/a/vpn_server_with_openvpn.md b/src/blog/a/vpn_server_with_openvpn.md
index f36d845..ca2bcd0 100644
--- a/src/blog/a/vpn_server_with_openvpn.md
+++ b/src/blog/a/vpn_server_with_openvpn.md
@@ -1,7 +1,7 @@
-title: Create a VPN server with OpenVPN (IPv4)
+title: Set up a VPN server with OpenVPN
 author: David Luévano
 lang: en
-summary: How to create a VPN server using OpenVPN on a server running Nginx. Only for IPv4.
+summary: How to set up a VPN server using OpenVPN on a server running Nginx, on Arch. Only for IPv4.
 tags: server
 	tools
     code
@@ -23,15 +23,15 @@ This will be installed and working alongside the other stuff I've wrote about on
 Pretty simple:
 
 - Working server with root access, and with `ufw` as the firewall.
-- Depending on what port you want to run the VPN on, the default `1194`, or as a fallback on `443` (click [here](https://openvpn.net/vpn-server-resources/advanced-option-settings-on-the-command-line/) for more). I will do mine on port `1194` but it's just a matter of changing 2 lines of configuration and one `ufw` rule.
+- Open port `1194` (default), or as a fallback on `443` (click [here](https://openvpn.net/vpn-server-resources/advanced-option-settings-on-the-command-line/) for more). I will do mine on port `1194` but it's just a matter of changing 2 lines of configuration and one `ufw` rule.
 
 # Create PKI from scratch
 
 PKI stands for *Public Key Infrastructure* and basically it's required for certificates, private keys and more. This is supposed to work between two servers and one client: a server in charge of creating, signing and verifying the certificates, a server with the OpenVPN service running and the client making the request.
 
-This is supposed to work something like: 1) a client wants to use the VPN service, so it creates a requests and sends it to the signing server, 2) this server checks the requests and signs the request, returning the certificates to both the VPN service and the client and 3) the client can now connect to the VPN service using the signed certificate which the OpenVPN server knows about. In a nutshell, I'm no expert.
+In a nutshel, this is supposed to work something like: 1) a client wants to use the VPN service, so it creates a requests and sends it to the signing server, 2) this server checks the requests and signs the request, returning the certificates to both the VPN service and the client and 3) the client can now connect to the VPN service using the signed certificate which the OpenVPN server knows about.
 
-... but, to be honest, all of this is a hassle and (in my case) I want something simple to use and manage. So I'm gonna do all on one server and then just give away the configuration file for the clients, effectively generating files that anyone can run and will work, meaning that you need to be careful who you give this files (it also comes with a revoking mechanism, so no worries).
+That's how the it should be st up... but, to be honest, all of this is a hassle and (in my case) I want something simple to use and manage. So I'm gonna do all on one server and then just give away the configuration file for the clients, effectively generating files that anyone can run and will work, meaning that you need to be careful who you give this files (it also comes with a revoking mechanism, so no worries).
 
 This is done with [Easy-RSA](https://wiki.archlinux.org/title/Easy-RSA).
 
@@ -87,7 +87,7 @@ chown nobody:nobody pki/crl.pem
 chmod o+r pki/crl.pem
 ```
 
-Now, go to the `openvpn` directory and create the required files there:
+Finally, go to the `openvpn` directory and create the required files there:
 
 ```sh
 cd /etc/openvpn/server
@@ -95,8 +95,6 @@ openssl dhparam -out dh.pem 2048
 openvpn --genkey secret ta.key
 ```
 
-That's it for the PKI stuff and general certificate configuration.
-
 # OpenVPN
 
 [OpenVPN](https://wiki.archlinux.org/title/OpenVPN) is a robust and highly flexible VPN daemon, that's pretty complete feature-wise.
@@ -281,9 +279,9 @@ Where the `server` after `@` is the name of your configuration, `server.conf` wi
 
 ## Create client configurations
 
-You might notice that I didn't specify how to actually connect to our server. For that we need to do a few more steps. We actually need a configuration file similar to the `server.conf` file that we created.
+You might notice that I didn't specify how to actually connect the VPN. For that we need a configuration file similar to the `server.conf` file that we created.
 
-The real way of doing this would be to run similar steps as the ones with `easy-rsa` locally, send them to the server, sign them, and retrieve them. Nah, we'll just create all configuration files on the server as I was mentioning earlier.
+The real way of doing this would be to run similar steps as the ones with `easy-rsa` locally, send them to the server, sign them, and retrieve them. Fuck all that, we'll just create all configuration files on the server as I was mentioning earlier.
 
 Also, the client configuration file has to match the server one (to some degree), to make this easier you can create a `client-common` file in `/etc/openvpn/server` with the following content:
 
@@ -302,13 +300,13 @@ verb 3
 
 Where you should make any changes necessary, depending on your configuration.
 
-Now, we need a way to create and revoke new configuration files. For this I created a script, heavily based on one of the links I mentioned at the beginning, by the way. You can place these scripts anywhere you like, and you should take a look before running them because you'll be running them as root.
+Now, we need a way to create and revoke new configuration files. For this I created a script, heavily based on one of the links I mentioned at the beginning. You can place these scripts anywhere you like, and you should take a look before running them because you'll be running them with elevated privileges (sudo).
 
 In a nutshell, what it does is: generate a new client certificate keypair, update the CRL and create a new `.ovpn` configuration file that consists on the `client-common` data and all of the required certificates; or, revoke an existing client and refresh the CRL. The file is placed under `~/ovpn`.
 
 Create a new file with the following content (name it whatever you like) and don't forget to make it executable (`chmod +x vpn_script`):
 
-```
+```sh
 #!/bin/sh
 # Client ovpn configuration creation and revoking.
 MODE=$1
@@ -364,6 +362,6 @@ chmod o+r pki/crl.pem
 cd $CPWD
 ```
 
-And the way to use is to run `vpn_script new/rev client_name` as sudo (when revoking, it doesn't actually delete the `.ovpn` file in `~/ovpn`). Again, this is a little script that I put together, so you should check it out, it may need tweaks (depending on your directory structure for `easy-rsa`).
+And the way to use is to run `bash vpn_script <mode> <client_name>` where `mode` is `new` or `rev` (revoke) as sudo (when revoking, it doesn't actually delete the `.ovpn` file in `~/ovpn`). Again, this is a little script that I put together, so you should check it out, it may need tweaks (specially depending on your directory structure for `easy-rsa`).
 
 Now, just get the `.ovpn` file generated, import it to OpenVPN in your client of preference and you should have a working VPN service.
author	David Luevano Alvarado <david@luevano.xyz>	2023-06-13 03:54:21 -0600
committer	David Luevano Alvarado <david@luevano.xyz>	2023-06-13 03:54:21 -0600
commit	9090784e2f1bcd817ff1ebcc43bc56e16bfb4080 (patch)
tree	5d42bddeb16c8c994ca625fa62f30cfb373ec2aa
parent	0ed2a2071fe5b7610d4e4122096129857359b651 (diff)