This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
linux:ubuntu:openvpn [2018/02/20 18:21] – lunetikk | linux:ubuntu:openvpn [2020/04/20 10:48] – lunetikk | ||
---|---|---|---|
Line 57: | Line 57: | ||
</ | </ | ||
- | Build the cert | + | Build the cert, if asked say " |
< | < | ||
- | < | + | Copy your cert and keys |
+ | < | ||
- | < | + | and start the service |
+ | < | ||
- | < | + | ==== Create client certificate ==== |
+ | |||
+ | execute the following, if asked say " | ||
+ | < | ||
+ | |||
+ | copy the client sampleconfig | ||
+ | < | ||
+ | |||
+ | edit "/ | ||
+ | < | ||
+ | remote YOUROPENVPNSERVER 1194 | ||
+ | |||
+ | #use these on qnap, make sure they exist | ||
+ | user nobody | ||
+ | group everyone | ||
+ | |||
+ | #comment the 3 lines | ||
+ | #ca ca.crt | ||
+ | #cert client.crt | ||
+ | #key client.key | ||
+ | |||
+ | #at the end of the file, add your ca, client-cert and client-key | ||
+ | < | ||
+ | -----BEGIN CERTIFICATE----- | ||
+ | ... | ||
+ | -----END CERTIFICATE----- | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | Certificate: | ||
+ | ... | ||
+ | -----END CERTIFICATE----- | ||
+ | ... | ||
+ | -----END CERTIFICATE----- | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | -----BEGIN PRIVATE KEY----- | ||
+ | ... | ||
+ | -----END PRIVATE KEY----- | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | ===== Commands ===== | ||
+ | |||
+ | ^ Command | ||
+ | | nmap -sL 10.8.0.* | ||
+ | |||
+ | ===== Connecting a QNAP as client ===== | ||
+ | |||
+ | Edit the file "/ | ||
+ | < | ||
+ | [OPENVPN_CLIENT1] | ||
+ | Enable = TRUE | ||
+ | Status = 1 | ||
+ | Index = 1 | ||
+ | Gateway = 0 | ||
+ | Allow Connect = 0 | ||
+ | Reconnect = 1 | ||
+ | Server Address = lunetikk.de | ||
+ | Profile File = OpenVPN4 | ||
+ | VPN Proto Type = udp | ||
+ | VPN Port = 1194 | ||
+ | Compress = 1 | ||
+ | Re-direct gateway = 1 | ||
+ | Encryption = 1 | ||
+ | AccessCode = AAA | ||
+ | Time Stamp = 0 | ||
+ | </ | ||
+ | |||
+ | Start your client (parameter 1 is the index in your config) | ||
+ | < | ||
+ | |||
+ | Check if your connection is up with ifconfig and ping your gateway (OpenVPN server) | ||
+ | < | ||
+ | # ifconfig | ||
+ | tun0 Link encap: | ||
+ | inet Adresse: | ||
+ | |||
+ | # ping 10.8.0.1 | ||
+ | PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. | ||
+ | 64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=38.6 ms | ||
+ | 64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=37.9 ms | ||
+ | </ | ||
+ | |||
+ | ===== Connecting an Ubuntu 16 as client ===== | ||
+ | |||
+ | Install the client | ||
+ | < | ||
+ | apt-get update | ||
+ | apt-get install openvpn | ||
+ | </ | ||
+ | |||
+ | Copy the .ovpn file from your server to your client into / | ||
+ | Rename it to .conf, for example client.conf | ||
+ | < | ||
+ | mv client.ovpn client.conf | ||
+ | </ | ||
+ | |||
+ | If you run OpenVPN with systemd you need to configure your configfiles in "/ | ||
+ | Add your filename (client) if you only want the single file to be recognized, add " | ||
+ | < | ||
+ | AUTOSTART=" | ||
+ | #or | ||
+ | AUTOSTART=" | ||
+ | |||
+ | Reload the "/ | ||
+ | < | ||
+ | |||
+ | Restart the OpenVPN | ||
+ | < | ||
+ | |||
+ | Check if your connection is up with ifconfig and ping your gateway (OpenVPN server) | ||
+ | < | ||
+ | # ifconfig | ||
+ | tun0 Link encap: | ||
+ | inet Adresse: | ||
+ | |||
+ | # ping 10.8.0.1 | ||
+ | PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. | ||
+ | 64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=38.6 ms | ||
+ | 64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=37.9 ms | ||
+ | </ | ||
+ | |||
+ | ===== Connecting a Raspbian 9 as client ===== | ||
+ | |||
+ | Install the client | ||
+ | < | ||
+ | apt-get update | ||
+ | apt-get install openvpn | ||
+ | </ | ||
+ | |||
+ | Copy the .ovpn file from your server to your client into / | ||
+ | Rename it to .conf, for example client.conf | ||
+ | < | ||
+ | mv client.ovpn client.conf | ||
+ | </ | ||
+ | |||
+ | If you run OpenVPN with systemd you need to configure your configfiles in "/ | ||
+ | Add your filename (client) if you only want the single file to be recognized, add " | ||
+ | < | ||
+ | AUTOSTART=" | ||
+ | #or | ||
+ | AUTOSTART=" | ||
+ | |||
+ | Reload the "/ | ||
+ | < | ||
+ | |||
+ | Restart the OpenVPN | ||
+ | < | ||
+ | |||
+ | Check if your connection is up with ifconfig and ping your gateway (OpenVPN server) | ||
+ | < | ||
+ | # ifconfig | ||
+ | tun0 Link encap: | ||
+ | inet Adresse: | ||
+ | |||
+ | # ping 10.8.0.1 | ||
+ | PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. | ||
+ | 64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=38.6 ms | ||
+ | 64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=37.9 ms | ||
+ | </ | ||
+ | |||
+ | and with systemctl | ||
+ | < | ||
+ | # systemctl status [email protected] | ||
+ | ● [email protected] - OpenVPN connection to client | ||
+ | | ||
+ | | ||
+ | Docs: man: | ||
+ | | ||
+ | | ||
+ | Process: 1684 ExecStart=/ | ||
+ | Main PID: 1686 (openvpn) | ||
+ | | ||
+ | | ||
+ | |||
+ | Jan 21 12:56:40 raspbian ovpn-client[1686]: | ||
+ | Jan 21 12:56:40 raspbian ovpn-client[1686]: | ||
+ | Jan 21 12:56:40 raspbian ovpn-client[1686]: | ||
+ | Jan 21 12:56:40 raspbian ovpn-client[1686]: | ||
+ | Jan 21 12:56:40 raspbian ovpn-client[1686]: | ||
+ | Jan 21 12:56:40 raspbian ovpn-client[1686]: | ||
+ | Jan 21 12:56:40 raspbian ovpn-client[1686]: | ||
+ | Jan 21 12:56:40 raspbian ovpn-client[1686]: | ||
+ | Jan 21 12:56:40 raspbian ovpn-client[1686]: | ||
+ | Jan 21 12:56:40 raspbian ovpn-client[1686]: | ||
+ | </ |