Openvpn
Jump to navigation
Jump to search
Introduction
OpenVPN is an open source Virtual Privet Network (VPN), which allows one to establish a tunnel for any IP subnetwork or virtual ethernet adapter e.i. TUN/TAP kernel device over any UDP/TCP port
Installation
- on debian
you @ host $ apt-get install openvpn
- gentoo
you @ host $ USE='pam ssl examples' emerge openvpn
- Other
can be found here: http://openvpn.net/install.html
Setup
Once installed you will need to set some things up.
- Here is a sample config (though you will need to edit a few lines)
# both '#' and ';' act as comments client dev tap proto udp # change this to your server's address remote server 1194 # change server to either the host name or IP resolv-retry infinite nobind persist-key persist-tun # Point the key and crt files to # the ones for this user tls-client ca /path/to/ca.crt #change the "/path/to/foo.*" to where it really is cert /path/to/foo.crt key /path/to/foo.key #ensure that we are talking to a server ns-cert-type server #confirm we are talking to the correct server tls-auth /path/to/ta.key 1 # keep this one hidden like in /root # Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here. cipher AES-128-CBC # Enable compression on the VPN link. comp-lzo #fragment large packets # I found I needed this for some games but it is # not required #fragment 1400 # enable user/pass authentication auth-user-pass
So, now
if you read that configuration file, you would have seen:
ca /path/to/ca.crt cert /path/to/foo.crt key /pat/to/foo.key
and later on:
tls-auth /path/to/ta.key
you can't connect to the vpn without these files!