Archive

Posts Tagged ‘server’

Setup OpenVPN Client in Linux

April 23, 2012 4 comments

I needed to install OpenVPN(open source virtual private network) in my Linux machine to be able to access our staging server. OpenVPN allows you to establish a secure point to point  access to network resources and services.

OpenVPN can be used in two ways – Server and Client. OpenVPN server is the system that you wish to use as VPN end-point or the one you want to access. In my case what I needed to do is to install OpenVPN as client or the one making a service request.

1. Install OpenVPN using terminal:

sudo apt-get install openvpn

2. Create client configuration file in /etc/openvpn

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn

3. Setup client config file, server keys and certificates in /etc/openvpn folder (in my case our client sent these files generated from the server)

/etc/openvpn/client.conf
/etc/openvpn/keys/ca.crt
/etc/openvpn/keys/hostname.crt
/etc/openvpn/keys/hostname.key
/etc/openvpn/keys/ta.key

4. Edit client configuration file (client.conf) based on above directory

# example client config file
client
remote [server] 1194
dev tun
proto udp

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/hostname.crt
key /etc/openvpn/keys/hostname.key
ns-cert-type server
tls-auth /etc/openvpn/keys/ta.key 1

comp-lzo
keepalive 10 60
ping-timer-rem
persist-key
persist-tun

verb 3

5. Go to /etc/openvpn folder and start the OpenVPN

exist@exist:/etc/openvpn$ sudo openvpn client.conf
Mon Apr 23 13:44:43 2012 OpenVPN 2.1.0 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 12 2010
Mon Apr 23 13:44:43 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
...
Mon Apr 23 13:44:50 2012 [server] Peer Connection Initiated with [AF_INET]xxx.xxx.xx.xxx:1194
Mon Apr 23 13:44:52 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
...
Mon Apr 23 13:44:53 2012 TUN/TAP TX queue length set to 100
Mon Apr 23 13:44:53 2012 /sbin/ifconfig tun0 10.8.1.190 pointopoint 10.8.1.189 mtu 1500
Mon Apr 23 13:44:53 2012 /sbin/route add -net 192.168.3.0 netmask 255.255.255.0 gw 10.8.1.189
Mon Apr 23 13:44:53 2012 /sbin/route add -net 10.3.0.0 netmask 255.255.0.0 gw 10.8.1.189
Mon Apr 23 13:44:53 2012 /sbin/route add -net 10.8.1.1 netmask 255.255.255.255 gw 10.8.1.189
Mon Apr 23 13:44:53 2012 Initialization Sequence Completed

There you go! By this time, you should be able to access the application you want to test🙂 However in our case we needed to setup the IP address of the server that we are trying to gain access in our hosts file. From the terminal, we type:

[user]@exist:~$ sudo su -
[sudo] password for [user]: [input password]
root@[user]:~# vi /etc/hosts

Then input the IP address and the corresponding name of the web server we are trying to access at the end of the line.