Difference between revisions of "Openvpn"

Introduction

OpenVPN is an open source Virtual Privet Network (VPN), which allows one to establish a tunnel for any IP subnetwork or virtual ethernet adapter e.i. TUN/TAP kernel device over any UDP/TCP port

Installation

• on debian

you @ host $ apt-get install openvpn

• gentoo

you @ host $ USE='pam ssl examples' emerge openvpn

• Other

can be found here: http://openvpn.net/install.html

Setup

Once installed you will need to set some things up.

• Here is a sample config (though you will need to edit a few lines)

# both '#' and ';' act as comments
client
dev tap
proto udp
# change this to your server's address
remote server 1194 # change server to either the host name or IP
resolv-retry infinite
nobind
persist-key
persist-tun
# Point the key and crt files to
# the ones for this user
tls-client
ca /path/to/ca.crt      #change the "/path/to/foo.*" to where it really is
cert /path/to/foo.crt
key /path/to/foo.key
#ensure that we are talking to a server
ns-cert-type server
#confirm we are talking to the correct server
tls-auth /path/to/ta.key 1 # keep this one hidden like in /root 
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-128-CBC
# Enable compression on the VPN link.
comp-lzo
#fragment large packets
# I found I needed this for some games but it is
# not required
#fragment 1400
# enable user/pass authentication
auth-user-pass

So, now the keys

if you read that configuration file, you would have seen:

ca /path/to/ca.crt
cert /path/to/foo.crt
key /pat/to/foo.key

and later on:

tls-auth /path/to/ta.key

you can't connect to the vpn without these files!

so

root@here [/]# cp -Rv /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn; cd /etc/openvpn/easy-rsa
root@here [easy-rsa]# . ./vars
root@here [easy-rsa]# ./build-key client