Vpn client
OPENVPN CLIENT HOWTO
Our vpn is accessible from the wireless DMZ. Which means in order to connect you have to be logged in to our local wireless network.
In this HOWTO I will cover what you will need to get connected to our vpn, which is simpler then one would think!
Installing the proper software
on a debian system this is as easy as install openvpn, and it's dependencies. We will also intall openssl, something apt doesn't install when installing openvpn. So on a debian based system type:
apt-get install openvpn openssl
and it's done.
on gentoo:
echo "net-misc/openvpn ssl examples" >> /etc/portage/package.keywords/common
then install with:
emerge openvpn
Setting up the Service
We are using a routed vpn, which requires use to use the TUN kernel device, which simulates a network layer device. most distributions that ship a packaged kernel come with this support. To make sure that it is enabled either built-in or as a module.
A command that you could check this with is:
grep CONFIG_TUN /usr/src/linux/.config
please take the to add kernel support for this by recompiling your kernel, or installing it otherwise.
Once you have tun support, it becomes a process of contacting a local ass, to build and give you your certificates. The file that you will need are (foo is actually the special identifier that tells us this is your key/crt):
ta.key foo.crt ca.crt foo.key
please put these in a secure directory. I suggest the following.
mkdir ~/.vpn && chmod 700 ~/.vpn
You can use the following configuration file, but you will have to change a few things ...
client dev tun proto udp remote 192.168.240.1 1194 resolv-retry infinite nobind user nobody group nobody persist-key persist-tun ca /home/foo/.vpn/ca.crt cert /home/foo/.vpn/foo.crt key /home/foo/.vpn/foo.key tls-auth /home/foo/.vpn/ta.key 1 cipher BF-CBC comp-lzo verb 3
- REMEMBER TO CHANGE FOO TO WHAT IS APPROPRIATE
save this file to /etc/openvpn/client.conf
Running OpenVpn
To start up a client, make sure you are connected to the wireless network, and then run
openvpn /etc/openvpn/client.conf
to test try
ping ryukin
or if martin hasn't fixed the dns issues
ping 192.168.3.22
and you are done!