Difference between revisions of "Vpn client"
| (3 intermediate revisions by one other user not shown) | |||
| Line 21: | Line 21: | ||
==Setting up the Service== | ==Setting up the Service== | ||
| − | We are using a routed vpn, which requires use to use the TUN kernel device, which | + | We are using a routed vpn, which requires use to use the TUN kernel device, which simulates a network layer device. |
| − | + | most distributions that ship a packaged kernel come with this support. To make sure that it is enabled either built-in or as a module. | |
A command that you could check this with is: | A command that you could check this with is: | ||
| Line 29: | Line 29: | ||
please take the to add kernel support for this by re[[compiling your kernel]], or installing it otherwise. | please take the to add kernel support for this by re[[compiling your kernel]], or installing it otherwise. | ||
| + | |||
| + | |||
| + | Once you have tun support, it becomes a process of contacting a local ass, to build and give you your certificates. The file that you will need are (foo is actually the special identifier that tells us this is your key/crt): | ||
| + | |||
| + | ta.key | ||
| + | foo.crt | ||
| + | ca.crt | ||
| + | foo.key | ||
| + | |||
| + | please put these in a secure directory. I suggest the following. | ||
| + | |||
| + | mkdir ~/.vpn && chmod 700 ~/.vpn | ||
| + | |||
| + | You can use the following configuration file, but you will have to change a few things ... | ||
| + | |||
| + | client | ||
| + | dev tun | ||
| + | proto udp | ||
| + | remote 192.168.240.1 1194 | ||
| + | resolv-retry infinite | ||
| + | nobind | ||
| + | user nobody | ||
| + | group nobody | ||
| + | persist-key | ||
| + | persist-tun | ||
| + | ca /home/foo/.vpn/ca.crt | ||
| + | cert /home/foo/.vpn/foo.crt | ||
| + | key /home/foo/.vpn/foo.key | ||
| + | tls-auth /home/foo/.vpn/ta.key 1 | ||
| + | cipher BF-CBC | ||
| + | comp-lzo | ||
| + | verb 3 | ||
| + | |||
| + | *REMEMBER TO CHANGE FOO TO WHAT IS APPROPRIATE | ||
| + | |||
| + | save this file to /etc/openvpn/client.conf | ||
| + | |||
| + | ==Running OpenVpn== | ||
| + | |||
| + | To start up a client, make sure you are connected to the wireless network, and then run | ||
| + | |||
| + | openvpn /etc/openvpn/client.conf | ||
| + | |||
| + | to test try pinging [[Free Geek's internal application server]] | ||
| + | |||
| + | or if martin hasn't fixed the dns issues | ||
| + | |||
| + | ping 192.168.3.22 | ||
| + | |||
| + | and you are done! | ||
Latest revision as of 11:50, 25 September 2010
OPENVPN CLIENT HOWTO
Our vpn is accessible from the wireless DMZ. Which means in order to connect you have to be logged in to our local wireless network.
In this HOWTO I will cover what you will need to get connected to our vpn, which is simpler then one would think!
Installing the proper software
on a debian system this is as easy as install openvpn, and it's dependencies. We will also intall openssl, something apt doesn't install when installing openvpn. So on a debian based system type:
apt-get install openvpn openssl
and it's done.
on gentoo:
echo "net-misc/openvpn ssl examples" >> /etc/portage/package.keywords/common
then install with:
emerge openvpn
Setting up the Service
We are using a routed vpn, which requires use to use the TUN kernel device, which simulates a network layer device. most distributions that ship a packaged kernel come with this support. To make sure that it is enabled either built-in or as a module.
A command that you could check this with is:
grep CONFIG_TUN /usr/src/linux/.config
please take the to add kernel support for this by recompiling your kernel, or installing it otherwise.
Once you have tun support, it becomes a process of contacting a local ass, to build and give you your certificates. The file that you will need are (foo is actually the special identifier that tells us this is your key/crt):
ta.key foo.crt ca.crt foo.key
please put these in a secure directory. I suggest the following.
mkdir ~/.vpn && chmod 700 ~/.vpn
You can use the following configuration file, but you will have to change a few things ...
client dev tun proto udp remote 192.168.240.1 1194 resolv-retry infinite nobind user nobody group nobody persist-key persist-tun ca /home/foo/.vpn/ca.crt cert /home/foo/.vpn/foo.crt key /home/foo/.vpn/foo.key tls-auth /home/foo/.vpn/ta.key 1 cipher BF-CBC comp-lzo verb 3
- REMEMBER TO CHANGE FOO TO WHAT IS APPROPRIATE
save this file to /etc/openvpn/client.conf
Running OpenVpn
To start up a client, make sure you are connected to the wireless network, and then run
openvpn /etc/openvpn/client.conf
to test try pinging Free Geek's internal application server
or if martin hasn't fixed the dns issues
ping 192.168.3.22
and you are done!