ROUTER="192.168.1.1"
IP="192.168.1.143"

sudo apt-get install openvpn -y  
cd /etc/openvpn
git clone https://github.com/OpenVPN/easy-rsa.git
cd easy-rsa  
git checkout 2.2.2
sed -i 's|`pwd`|/etc/openvpn/easy-rsa|g' /etc/openvpn/easy-rsa/vars
source ./vars
./clean-all
./build-ca
./build-key-server Pi
./build-key-pass User1 
cd keys  
openssl rsa -in User1.key -des3 -out User1.3des.key 
cd ..  
./build-dh
openvpn --genkey --secret keys/ta.key 

cat <<-CONF > "nano /etc/openvpn/server.conf"
local $IP # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
dev tun 
proto udp #Some people prefer to use tcp. Don't change it if you don't know.
port 1194 
ca /etc/openvpn/easy-rsa/keys/ca.crt 
cert /etc/openvpn/easy-rsa/keys/Pi.crt # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/keys/Pi.key # SWAP WITH YOUR KEY NAME
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0 
# server and remote endpoints 
ifconfig 10.8.0.1 10.8.0.2 
# Add route to Client routing table for the OpenVPN Server 
push "route 10.8.0.1 255.255.255.255" 
# Add route to Client routing table for the OpenVPN Subnet 
push "route 10.8.0.0 255.255.255.0" 
# your local subnet 
push "route $IP 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
# Set primary domain name server address to the SOHO Router 
# If your router does not do DNS, you can use Google DNS 8.8.8.8 
push "dhcp-option DNS $ROUTER" # This should match your router's IP address.
# Override the Client default gateway by using 0.0.0.0/1 and 
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of 
# overriding but not wiping out the original default gateway. 
push "redirect-gateway def1" 
client-to-client 
duplicate-cn 
keepalive 10 120 
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0 
cipher AES-128-CBC 
comp-lzo 
user nobody 
group nogroup 
persist-key 
persist-tun 
status /var/log/openvpn-status.log 20 
log /var/log/openvpn.log 
verb 1
CONF