Lunetikk's IT Wiki

User Tools

Site Tools

You are here: start » linux » ubuntu » openvpn
Trace: calculator commands mousehotkey
linux:ubuntu:openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux:ubuntu:openvpn [2018/02/20 18:17] lunetikklinux:ubuntu:openvpn [2021/05/14 17:14] (current) lunetikk
Line 44: Line 44:
 export KEY_OU="YOUR OU eg. lunetikk" export KEY_OU="YOUR OU eg. lunetikk"
  
-export KEY_NAME="ANY IDENTIFIER eg. openvpnsrv"+export KEY_NAME="ANY IDENTIFIER eg. openvpn"
 </code> </code>
  
-<code></code>+Execute the following and if asked say "y" and enter 
 +<code> 
 +openssl dhparam -out /etc/openvpn/dh2048.pem 2048
  
-<code></code>+cd /etc/openvpn/easy-rsa 
 +. ./vars 
 +./clean-all 
 +./build-ca 
 +</code>
  
-<code></code>+Build the cert, if asked say "y" and enter 
 +<code>./build-key-server openvpn</code>
  
-<code></code>+Copy your cert and keys 
 +<code>cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt} /etc/openvpn</code>
  
-<code></code>+and start the service 
 +<code>service openvpn start</code> 
 + 
 +==== Create client certificate ==== 
 + 
 +execute the following, if asked say "y" and enter 
 +<code>./build-key qnap</code> 
 + 
 +copy the client sampleconfig 
 +<code>cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/qnap.ovpn</code> 
 + 
 +edit "/etc/openvpn/easy-rsa/keys/qnap.ovpn" and change the following 
 +<code> 
 +remote YOUROPENVPNSERVER 1194 
 + 
 +#use these on qnap, make sure they exist 
 +user nobody 
 +group everyone 
 + 
 +#comment the 3 lines 
 +#ca ca.crt 
 +#cert client.crt 
 +#key client.key 
 + 
 +#at the end of the file, add your ca, client-cert and client-key 
 +<ca> 
 +-----BEGIN CERTIFICATE----- 
 +... 
 +-----END CERTIFICATE----- 
 +</ca> 
 + 
 +<cert> 
 +Certificate: 
 +... 
 +-----END CERTIFICATE----- 
 +... 
 +-----END CERTIFICATE----- 
 +</cert> 
 + 
 +<key> 
 +-----BEGIN PRIVATE KEY----- 
 +... 
 +-----END PRIVATE KEY----- 
 +</key> 
 +</code> 
 + 
 +===== Commands ===== 
 + 
 +^  Command  ^  Function 
 +|   nmap -sL 10.8.0.*    shows all connected clients in the given IP range  | 
 + 
 +===== Connecting a QNAP as client ===== 
 + 
 +Edit the file "/etc/config/vpn.conf" and add the following 
 +<code> 
 +[OPENVPN_CLIENT1] 
 +Enable = TRUE 
 +Status = 1 
 +Index = 1 
 +Gateway = 0 
 +Allow Connect = 0 
 +Reconnect = 1 
 +Server Address = lunetikk.de 
 +Profile File = OpenVPN4 
 +VPN Proto Type = udp 
 +VPN Port = 1194 
 +Compress = 1 
 +Re-direct gateway = 1 
 +Encryption = 1 
 +AccessCode = AAA 
 +Time Stamp = 0 
 +</code> 
 + 
 +Start your client (parameter 1 is the index in your config) 
 +<code>/etc/init.d/vpn_openvpn_client.sh start 1 &</code> 
 + 
 +Check if your connection is up with ifconfig and ping your gateway (OpenVPN server) 
 +<code> 
 +# ifconfig 
 +tun0      Link encap:UNSPEC  Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
 +          inet Adresse:10.8.0.6  P-z-P:10.8.0.2  Maske:255.255.255.255 
 + 
 +# ping 10.8.0.1 
 +PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. 
 +64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=38.6 ms 
 +64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=37.9 ms 
 +</code> 
 + 
 +===== Connecting an Ubuntu 16 as client ===== 
 + 
 +Install the client 
 +<code> 
 +apt-get update 
 +apt-get install openvpn 
 +</code> 
 + 
 +Copy the .ovpn file from your server to your client into /etc/openvpn/ \\ 
 +Rename it to .conf, for example client.conf 
 +<code> 
 +mv client.ovpn client.conf 
 +</code> 
 + 
 +If you run OpenVPN with systemd you need to configure your configfiles in "/etc/default/openvpn" 
 +Add your filename (client) if you only want the single file to be recognized, add "all" if you want any .conf files to be loaded 
 +<code> 
 +AUTOSTART="client" 
 +#or 
 +AUTOSTART="all"</code> 
 + 
 +Reload the "/etc/default/" configs 
 +<code>systemctl daemon-reload </code> 
 + 
 +Restart the OpenVPN  
 +<code>systemctl restart openvpn</code> 
 + 
 +Check if your connection is up with ifconfig and ping your gateway (OpenVPN server) 
 +<code> 
 +# ifconfig 
 +tun0      Link encap:UNSPEC  Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
 +          inet Adresse:10.8.0.6  P-z-P:10.8.0.2  Maske:255.255.255.255 
 + 
 +# ping 10.8.0.1 
 +PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. 
 +64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=38.6 ms 
 +64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=37.9 ms 
 +</code> 
 + 
 +===== Connecting a Raspbian 9 as client ===== 
 + 
 +Install the client 
 +<code> 
 +apt-get update 
 +apt-get install openvpn 
 +</code> 
 + 
 +Copy the .ovpn file from your server to your client into /etc/openvpn/ \\ 
 +Rename it to .conf, for example client.conf 
 +<code> 
 +mv client.ovpn client.conf 
 +</code> 
 + 
 +If you run OpenVPN with systemd you need to configure your configfiles in "/etc/default/openvpn" 
 +Add your filename (client) if you only want the single file to be recognized, add "all" if you want any .conf files to be loaded 
 +<code> 
 +AUTOSTART="client" 
 +#or 
 +AUTOSTART="all"</code> 
 + 
 +Reload the "/etc/default/" configs 
 +<code>systemctl daemon-reload</code> 
 + 
 +Restart the OpenVPN  
 +<code>systemctl restart openvpn</code> 
 + 
 +Check if your connection is up with ifconfig and ping your gateway (OpenVPN server) 
 +<code> 
 +# ifconfig 
 +tun0      Link encap:UNSPEC  Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
 +          inet Adresse:10.8.0.6  P-z-P:10.8.0.2  Maske:255.255.255.255 
 + 
 +# ping 10.8.0.1 
 +PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. 
 +64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=38.6 ms 
 +64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=37.9 ms 
 +</code> 
 + 
 +and with systemctl 
 +<code> 
 +# systemctl status [email protected] 
 +[email protected] - OpenVPN connection to client 
 +   Loaded: loaded (/lib/systemd/system/[email protected]; disabled; vendor preset: enabled) 
 +   Active: active (running) since Mon 2019-01-21 12:56:38 CET; 3min 6s ago 
 +     Docs: man:openvpn(8) 
 +           https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage 
 +           https://community.openvpn.net/openvpn/wiki/HOWTO 
 +  Process: 1684 ExecStart=/usr/sbin/openvpn --daemon ovpn-client --status /run/openvpn/client.status 10 --cd /etc/openvpn --config /etc/openvpn/client.conf --writepid /run/openvpn/client.pid (code=exited, status=0/SUCCESS) 
 + Main PID: 1686 (openvpn) 
 +   CGroup: /system.slice/system-openvpn.slice/[email protected] 
 +           └─1686 /usr/sbin/openvpn --daemon ovpn-client --status /run/openvpn/client.status 10 --cd /etc/openvpn --config /etc/openvpn/client.conf --writepid /run/openvpn/client.pid 
 + 
 +Jan 21 12:56:40 raspbian ovpn-client[1686]: ROUTE_GATEWAY 192.168.178.1/255.255.255.0 IFACE=wlan0 HWADDR=xx:xx:xx:xx:xx:xx 
 +Jan 21 12:56:40 raspbian ovpn-client[1686]: TUN/TAP device tun0 opened 
 +Jan 21 12:56:40 raspbian ovpn-client[1686]: TUN/TAP TX queue length set to 100 
 +Jan 21 12:56:40 raspbian ovpn-client[1686]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0 
 +Jan 21 12:56:40 raspbian ovpn-client[1686]: /sbin/ip link set dev tun0 up mtu 1500 
 +Jan 21 12:56:40 raspbian ovpn-client[1686]: /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.1 
 +Jan 21 12:56:40 raspbian ovpn-client[1686]: /sbin/ip route add 10.8.0.1/32 via 10.8.0.1 
 +Jan 21 12:56:40 raspbian ovpn-client[1686]: GID set to nogroup 
 +Jan 21 12:56:40 raspbian ovpn-client[1686]: UID set to nobody 
 +Jan 21 12:56:40 raspbian ovpn-client[1686]: Initialization Sequence Completed 
 +</code>
linux/ubuntu/openvpn.1519147075.txt.gz · Last modified: 2018/02/20 18:17 (external edit)

Page Tools

Impressum Datenschutz
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki