Vpn client

From FreekiWiki
Jump to navigation Jump to search

OPENVPN CLIENT HOWTO

Our vpn is accessible from the wireless DMZ. Which means in order to connect you have to be logged in to our local wireless network.

In this HOWTO I will cover what you will need to get connected to our vpn, which is simpler then one would think!


Installing the proper software

on a debian system this is as easy as install openvpn, and it's dependencies. We will also intall openssl, something apt doesn't install when installing openvpn. So on a debian based system type: 

apt-get install openvpn openssl

and it's done.

on gentoo: 

echo "net-misc/openvpn ssl examples" >> /etc/portage/package.keywords/common

then install with: 

emerge openvpn

Setting up the Service

We are using a routed vpn, which requires use to use the TUN kernel device, which simulates a network layer device. most distributions that ship a packaged kernel come with this support. To make sure that it is enabled either built-in or as a module.

A command that you could check this with is: 

 grep CONFIG_TUN /usr/src/linux/.config

please take the to add kernel support for this by recompiling your kernel, or installing it otherwise.


Once you have tun support, it becomes a process of contacting a local ass, to build and give you your certificates. The file that you will need are (foo is actually the special identifier that tells us this is your key/crt): 

ta.key
foo.crt      
ca.crt
foo.key

please put these in a secure directory. I suggest the following. 

mkdir ~/.vpn && chmod 700 ~/.vpn

You can use the following configuration file, but you will have to change a few things ... 

client
dev tun
proto udp
remote 192.168.240.1 1194
resolv-retry infinite 
nobind
user nobody
group nobody
persist-key
persist-tun 
ca /home/foo/.vpn/ca.crt
cert /home/foo/.vpn/foo.crt
key /home/foo/.vpn/foo.key
tls-auth /home/foo/.vpn/ta.key 1
cipher BF-CBC
comp-lzo
verb 3
  • REMEMBER TO CHANGE FOO TO WHAT IS APPROPRIATE

save this file to /etc/openvpn/client.conf

Running OpenVpn

To start up a client, make sure you are connected to the wireless network, and then run 

openvpn /etc/openvpn/client.conf

to test try pinging Free Geek's internal application server

or if martin hasn't fixed the dns issues 

ping 192.168.3.22

and you are done!

Retrieved from "http://wiki.freegeek.org/index.php?title=Vpn_client&oldid=52240"