Archive

Posts Tagged ‘openvpn’

Setup OpenVPN Client in Linux

April 23, 2012 4 comments

I needed to install OpenVPN(open source virtual private network) in my Linux machine to be able to access our staging server. OpenVPN allows you to establish a secure point to point  access to network resources and services.

OpenVPN can be used in two ways – Server and Client. OpenVPN server is the system that you wish to use as VPN end-point or the one you want to access. In my case what I needed to do is to install OpenVPN as client or the one making a service request.

1. Install OpenVPN using terminal:

sudo apt-get install openvpn

2. Create client configuration file in /etc/openvpn

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn

3. Setup client config file, server keys and certificates in /etc/openvpn folder (in my case our client sent these files generated from the server)

/etc/openvpn/client.conf
/etc/openvpn/keys/ca.crt
/etc/openvpn/keys/hostname.crt
/etc/openvpn/keys/hostname.key
/etc/openvpn/keys/ta.key

4. Edit client configuration file (client.conf) based on above directory

# example client config file
client
remote [server] 1194
dev tun
proto udp

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/hostname.crt
key /etc/openvpn/keys/hostname.key
ns-cert-type server
tls-auth /etc/openvpn/keys/ta.key 1

comp-lzo
keepalive 10 60
ping-timer-rem
persist-key
persist-tun

verb 3

5. Go to /etc/openvpn folder and start the OpenVPN

exist@exist:/etc/openvpn$ sudo openvpn client.conf
Mon Apr 23 13:44:43 2012 OpenVPN 2.1.0 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 12 2010
Mon Apr 23 13:44:43 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
...
Mon Apr 23 13:44:50 2012 [server] Peer Connection Initiated with [AF_INET]xxx.xxx.xx.xxx:1194
Mon Apr 23 13:44:52 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
...
Mon Apr 23 13:44:53 2012 TUN/TAP TX queue length set to 100
Mon Apr 23 13:44:53 2012 /sbin/ifconfig tun0 10.8.1.190 pointopoint 10.8.1.189 mtu 1500
Mon Apr 23 13:44:53 2012 /sbin/route add -net 192.168.3.0 netmask 255.255.255.0 gw 10.8.1.189
Mon Apr 23 13:44:53 2012 /sbin/route add -net 10.3.0.0 netmask 255.255.0.0 gw 10.8.1.189
Mon Apr 23 13:44:53 2012 /sbin/route add -net 10.8.1.1 netmask 255.255.255.255 gw 10.8.1.189
Mon Apr 23 13:44:53 2012 Initialization Sequence Completed

There you go! By this time, you should be able to access the application you want to test :) However in our case we needed to setup the IP address of the server that we are trying to gain access in our hosts file. From the terminal, we type:

[user]@exist:~$ sudo su -
[sudo] password for [user]: [input password]
root@[user]:~# vi /etc/hosts

Then input the IP address and the corresponding name of the web server we are trying to access at the end of the line.

Follow

Get every new post delivered to your Inbox.