Hi, I don’t have time to do a real tutorial but here are some tips 
-
Uninstall OpenVPN and remove any subdomain certificate if any.
You have to start from scratch ! -
Create a subdomain on your registar : e.g.
vpn.domain.tld with CNAME redirection to Yunohost -
Create this domain on the admin interface of your Yunohost instance
DO NOT INSTALL Let’s Encrypt certificate yet -
Copy all files in /etc/yunohost/certs/vpn.domain.tld to a new folder, e.g.
/etc/yunohost/certs/vpn.domain.tld.Autosign -
Install Let’s Encrypt certificate on your vpn.domain.tld via Yunohost admin interface
-
Install OpenVPN package via Yunohost admin interface
-
Check if “tun” mode works
lsmod | grep tun -
If not, you can execute this line then reboot
modprobe tun -
Find the name of your interface with this command (it can be something like eth0 or vnet0)
ifconfig -
Execute this command (with respect with your interface name)
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE -
Find your dh.pem from /etc/yunohost/certs/vpn.domain.tld and copy it to /etc/yunohost/certs/vpn.domain.tld.Autosign
-
Modify the configuration file
sudo nano /etc/openvpn/yunohost.conf -
Change the folder indicated on those lines :
ca /etc/yunohost/certs/vpn.domain.tld.Autosign/ca.pem
cert /etc/yunohost/certs/vpn.domain.tld.Autosign/crt.pem
key /etc/yunohost/certs/vpn.domain.tld.Autosign/key.pem
dh /etc/yunohost/certs/vpn.domain.tld.Autosign/dh.pem
-
Stop OpenVPN service
yunohost service stop openvpn -
Now your VPN should normally work !
But we need first to test it -
Start manually the server. It should say something like initialization sequence complete
sudo openvpn --config /etc/openvpn/yunohost.conf -
Open another terminal window and try to launch a client. Normally it will ask you for your Yunohost credentials, and if you return to your first terminal window, you should see a lot of lines basically saying that there is a kind of connexion between both
sudo openvpn /var/www/openvpn/vpn.domain.tld.ovpn -
If everything looks good, you can stop both commands with ^c
-
Then start OpenVPN service
yunohost service start openvpn -
You can now go to vpn.domain.tld then download the .ovpn and launch it from a normal client (on your Windows, Mac, iPhone, Androïd…). It should connect !
-
Bonus 1 : if you are in China like me and udp protocol is blocked on port 1194, no problem, you just need to update accordingly both files (I’m using port 8080 with udp protocol, works fantastic)
/etc/openvpn/yunohost.conf
/var/www/openvpn/vpn.domain.tld.ovpn
- Bonus 2 : if you are in China like me and the main benefit from your VPN is to use the internet access of your remote server or VPS, here is the trick. You just need to add on your /etc/openvpn/yunhost.conf file thos lines :
push “redirect-gateway def1 bypass-dhcp”
push “dhcp-option DNS 10.8.0.1”
push “dhcp-option DNS 8.8.4.4”
push “dhcp-option DNS 8.8.8.8”
- Bonus 3 : if you are using an iPhone like me, i’ve found that you may need to remove the two dashes “–” before “auth-user-pass” in the .ovpn file. This line seem to be not consistent with the tunnelblick client for Mac, for example. This is why I use two different .ovpn files, depending on the client. One with and another without the dashes.
Hope it helps, I’ve spent so many hours to get mine working…
(To get a bit more challenge, of course China is blocking nearly all openvpn forums and discussions on the net…)