User Tools
Table of Contents
This is an old revision of the document!
OpenVPN Server
You can find a similar documentation to install and configure almost everywhere. This guide is for a connection between my Icingaserver and my QNAP, which I wanted to monitor. I dont configure this VPN for browsing the web or anything.
Installation
apt-get install openvpn easy-rsa
Configuration
Create your configuration
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf
Edit the following in “/etc/openvpn/server.conf
#from dh dh1024.pem #to dh dh2048.pem
Edit and uncomment
user nobody group nogroup
Create the Certificate Authority
cp -r /usr/share/easy-rsa/ /etc/openvpn mkdir /etc/openvpn/easy-rsa/keys
Edit the default vars in ”/etc/openvpn/easy-rsa/vars“
export KEY_COUNTRY="YOUR COUNTRY eg. DE" export KEY_PROVINCE="YOUR PROVINCE eg. BW" export KEY_CITY="YOUR CITY eg. Karlsruhe" export KEY_ORG="YOUR ORG eg. Lunetikk" export KEY_EMAIL="YOUR MAILADDRESS" export KEY_OU="YOUR OU eg. lunetikk" export KEY_NAME="ANY IDENTIFIER eg. openvpn"
Execute the following and if asked say “y” and enter
openssl dhparam -out /etc/openvpn/dh2048.pem 2048 cd /etc/openvpn/easy-rsa . ./vars ./clean-all ./build-ca
Build the cert, if asked say “y” and enter
./build-key-server openvpn
Copy your cert and keys
cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt} /etc/openvpn
and start the service
service openvpn start
Create client certificate
execute the following, if asked say “y” and enter
./build-key qnap
copy the client sampleconfig
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/qnap.ovpn
edit ”/etc/openvpn/easy-rsa/keys/qnap.ovpn“ and change the following
remote YOUROPENVPNSERVER 1194 #use these on qnap, make sure they exist user nobody group everyone #comment the 3 lines #ca ca.crt #cert client.crt #key client.key #at the end of the file, add your ca, client-cert and client-key <ca> -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- </ca> <cert> Certificate: ... -----END CERTIFICATE----- ... -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- </key>
Connecting the QNAP via OpenVPN
Edit the file ”/etc/config/vpn.conf“ and add the following
[OPENVPN_CLIENT1] Enable = TRUE Status = 1 Index = 1 Gateway = 0 Allow Connect = 0 Reconnect = 1 Server Address = lunetikk.de Profile File = OpenVPN4 VPN Proto Type = udp VPN Port = 1194 Compress = 1 Re-direct gateway = 1 Encryption = 1 AccessCode = AAA Time Stamp = 0
Start your client (parameter 1 is the index in your config)
/etc/init.d/vpn_openvpn_client.sh start 1 &
Check if your connection is up with ifconfig and ping your gateway (openvpn server)
# ifconfig
tun0 Link encap:UNSPEC Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet Adresse:10.8.0.6 P-z-P:10.8.0.2 Maske:255.255.255.255
# ping 10.8.0.1
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=38.6 ms
64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=37.9 ms
