Lunetikk's IT Wiki

User Tools

Site Tools

You are here: start » linux » ubuntu » openvpn
Trace: games
linux:ubuntu:openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
linux:ubuntu:openvpn [2018/02/20 18:21] lunetikklinux:ubuntu:openvpn [2020/04/20 10:48] lunetikk
Line 57: Line 57:
 </code> </code>
  
-Build the cert+Build the cert, if asked say "y" and enter
 <code>./build-key-server openvpn</code> <code>./build-key-server openvpn</code>
  
-<code></code>+Copy your cert and keys 
 +<code>cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt} /etc/openvpn</code>
  
-<code></code>+and start the service 
 +<code>service openvpn start</code>
  
-<code></code>+==== Create client certificate ==== 
 + 
 +execute the following, if asked say "y" and enter 
 +<code>./build-key qnap</code> 
 + 
 +copy the client sampleconfig 
 +<code>cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/qnap.ovpn</code> 
 + 
 +edit "/etc/openvpn/easy-rsa/keys/qnap.ovpn" and change the following 
 +<code> 
 +remote YOUROPENVPNSERVER 1194 
 + 
 +#use these on qnap, make sure they exist 
 +user nobody 
 +group everyone 
 + 
 +#comment the 3 lines 
 +#ca ca.crt 
 +#cert client.crt 
 +#key client.key 
 + 
 +#at the end of the file, add your ca, client-cert and client-key 
 +<ca> 
 +-----BEGIN CERTIFICATE----- 
 +... 
 +-----END CERTIFICATE----- 
 +</ca> 
 + 
 +<cert> 
 +Certificate: 
 +... 
 +-----END CERTIFICATE----- 
 +... 
 +-----END CERTIFICATE----- 
 +</cert> 
 + 
 +<key> 
 +-----BEGIN PRIVATE KEY----- 
 +... 
 +-----END PRIVATE KEY----- 
 +</key> 
 +</code> 
 + 
 +===== Commands ===== 
 + 
 +^  Command  ^  Function 
 +|   nmap -sL 10.8.0.*    shows all connected clients in the given IP range  | 
 + 
 +===== Connecting a QNAP as client ===== 
 + 
 +Edit the file "/etc/config/vpn.conf" and add the following 
 +<code> 
 +[OPENVPN_CLIENT1] 
 +Enable = TRUE 
 +Status = 1 
 +Index = 1 
 +Gateway = 0 
 +Allow Connect = 0 
 +Reconnect = 1 
 +Server Address = lunetikk.de 
 +Profile File = OpenVPN4 
 +VPN Proto Type = udp 
 +VPN Port = 1194 
 +Compress = 1 
 +Re-direct gateway = 1 
 +Encryption = 1 
 +AccessCode = AAA 
 +Time Stamp = 0 
 +</code> 
 + 
 +Start your client (parameter 1 is the index in your config) 
 +<code>/etc/init.d/vpn_openvpn_client.sh start 1 &</code> 
 + 
 +Check if your connection is up with ifconfig and ping your gateway (OpenVPN server) 
 +<code> 
 +# ifconfig 
 +tun0      Link encap:UNSPEC  Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
 +          inet Adresse:10.8.0.6  P-z-P:10.8.0.2  Maske:255.255.255.255 
 + 
 +# ping 10.8.0.1 
 +PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. 
 +64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=38.6 ms 
 +64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=37.9 ms 
 +</code> 
 + 
 +===== Connecting an Ubuntu 16 as client ===== 
 + 
 +Install the client 
 +<code> 
 +apt-get update 
 +apt-get install openvpn 
 +</code> 
 + 
 +Copy the .ovpn file from your server to your client into /etc/openvpn/ \\ 
 +Rename it to .conf, for example client.conf 
 +<code> 
 +mv client.ovpn client.conf 
 +</code> 
 + 
 +If you run OpenVPN with systemd you need to configure your configfiles in "/etc/default/openvpn" 
 +Add your filename (client) if you only want the single file to be recognized, add "all" if you want any .conf files to be loaded 
 +<code> 
 +AUTOSTART="client" 
 +#or 
 +AUTOSTART="all"</code> 
 + 
 +Reload the "/etc/default/" configs 
 +<code>systemctl daemon-reload </code> 
 + 
 +Restart the OpenVPN  
 +<code>systemctl restart openvpn</code> 
 + 
 +Check if your connection is up with ifconfig and ping your gateway (OpenVPN server) 
 +<code> 
 +# ifconfig 
 +tun0      Link encap:UNSPEC  Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
 +          inet Adresse:10.8.0.6  P-z-P:10.8.0.2  Maske:255.255.255.255 
 + 
 +# ping 10.8.0.1 
 +PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. 
 +64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=38.6 ms 
 +64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=37.9 ms 
 +</code> 
 + 
 +===== Connecting a Raspbian 9 as client ===== 
 + 
 +Install the client 
 +<code> 
 +apt-get update 
 +apt-get install openvpn 
 +</code> 
 + 
 +Copy the .ovpn file from your server to your client into /etc/openvpn/ \\ 
 +Rename it to .conf, for example client.conf 
 +<code> 
 +mv client.ovpn client.conf 
 +</code> 
 + 
 +If you run OpenVPN with systemd you need to configure your configfiles in "/etc/default/openvpn" 
 +Add your filename (client) if you only want the single file to be recognized, add "all" if you want any .conf files to be loaded 
 +<code> 
 +AUTOSTART="client" 
 +#or 
 +AUTOSTART="all"</code> 
 + 
 +Reload the "/etc/default/" configs 
 +<code>systemctl restart openvpn</code> 
 + 
 +Restart the OpenVPN  
 +<code>systemctl restart openvpn</code> 
 + 
 +Check if your connection is up with ifconfig and ping your gateway (OpenVPN server) 
 +<code> 
 +# ifconfig 
 +tun0      Link encap:UNSPEC  Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
 +          inet Adresse:10.8.0.6  P-z-P:10.8.0.2  Maske:255.255.255.255 
 + 
 +# ping 10.8.0.1 
 +PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. 
 +64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=38.6 ms 
 +64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=37.9 ms 
 +</code> 
 + 
 +and with systemctl 
 +<code> 
 +# systemctl status [email protected] 
 +[email protected] - OpenVPN connection to client 
 +   Loaded: loaded (/lib/systemd/system/[email protected]; disabled; vendor preset: enabled) 
 +   Active: active (running) since Mon 2019-01-21 12:56:38 CET; 3min 6s ago 
 +     Docs: man:openvpn(8) 
 +           https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage 
 +           https://community.openvpn.net/openvpn/wiki/HOWTO 
 +  Process: 1684 ExecStart=/usr/sbin/openvpn --daemon ovpn-client --status /run/openvpn/client.status 10 --cd /etc/openvpn --config /etc/openvpn/client.conf --writepid /run/openvpn/client.pid (code=exited, status=0/SUCCESS) 
 + Main PID: 1686 (openvpn) 
 +   CGroup: /system.slice/system-openvpn.slice/[email protected] 
 +           └─1686 /usr/sbin/openvpn --daemon ovpn-client --status /run/openvpn/client.status 10 --cd /etc/openvpn --config /etc/openvpn/client.conf --writepid /run/openvpn/client.pid 
 + 
 +Jan 21 12:56:40 raspbian ovpn-client[1686]: ROUTE_GATEWAY 192.168.178.1/255.255.255.0 IFACE=wlan0 HWADDR=xx:xx:xx:xx:xx:xx 
 +Jan 21 12:56:40 raspbian ovpn-client[1686]: TUN/TAP device tun0 opened 
 +Jan 21 12:56:40 raspbian ovpn-client[1686]: TUN/TAP TX queue length set to 100 
 +Jan 21 12:56:40 raspbian ovpn-client[1686]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0 
 +Jan 21 12:56:40 raspbian ovpn-client[1686]: /sbin/ip link set dev tun0 up mtu 1500 
 +Jan 21 12:56:40 raspbian ovpn-client[1686]: /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.1 
 +Jan 21 12:56:40 raspbian ovpn-client[1686]: /sbin/ip route add 10.8.0.1/32 via 10.8.0.1 
 +Jan 21 12:56:40 raspbian ovpn-client[1686]: GID set to nogroup 
 +Jan 21 12:56:40 raspbian ovpn-client[1686]: UID set to nobody 
 +Jan 21 12:56:40 raspbian ovpn-client[1686]: Initialization Sequence Completed 
 +</code>
linux/ubuntu/openvpn.txt · Last modified: 2021/05/14 17:14 by lunetikk

Page Tools

Impressum Datenschutz
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki