from small one page howto to huge articles all in one place
 

search text in:




Other .linuxhowtos.org sites: www.linuxhowtos.org
toolsntoys.linuxhowtos.org



Last additions:
How to make X listen on port 6000

How to make X listen on port 6000

words:

34

views:

44731

userrating:

average rating: 1.5 (4 votes) (1=very good 6=terrible)


May, 25th 2007:
April, 26th 2007:
Apr, 10th. 2007:
Druckversion . pdf icon
You are here: Tutorials per portage category->net-misc->openvpn

OpenVPN primer


There are as many advantages to VPN tunnels as there are different VPN scenarios. One easy implementation is the "OpenVPN via tun-device" solution. An example: you'd like to connect your laptop to your LAN at home so that you can use your mail client without reconfiguring it anytime you switch from home to internet and back. Let's say your mail-server is 192.168.1.10 in your LAN (192.168.1.0/24) at home, and you have got a router/firewall providing access to the Internet. You connect from work or school and want to read mail. OpenVPN can create two virtual devices for you when connecting two computers through an encrypted tunnel. Naturally you then have the possibility of forwarding traffic into the networks behind them, and thus would be "virtually connected" to your LAN behind the firewall. To enable this, either your firewall or a server behind it should run OpenVPN (if you choose a server in your LAN, you'll have to forward the destination port to the OpenVPN server).

Here's what you need to do:
Code Listing 1: Enable the tun module in your kernel: Kernel config - tun module
          [*] Networking support    
Networking options --->
[ ] Amateur Radio support --->
< > IrDA (infrared) subsystem support --->
< > Bluetooth subsystem support --->
[*] Network device support
< > Dummy net driver support
< > Bonding driver support
< > EQL (serial line load balancing) support
Universal TUN/TAP device driver support
// This option must be enabled


Make sure this module exists and can be loaded. Next, install OpenVPN and it dependencies.
Code Listing 2: Install OpenVPN
emerge openvpn

Now on both server and client, create a directory for your configuration:

Code Listing 3: Make directory
mkdir /etc/openvpn    
mkdir /etc/openvpn/myhomelan


Inside that directory, create a shared key for your VPN session and copy that key to the client's directory, /etc/openvpn/myhomelan.

Code Listing 4: Generate shared key
cd /etc/openvpn/myhomelan    
openvpn --genkey --secret myhomelan-key.txt


Now for the tricky part, the routing. It is important that the two tun devices on the client and server use IP addresses from the same subnet. The configuration files shown below list the type of device, the two end-points of the tunnel, the compression method and the UDP-port on which the tunnel is established. Finally privileges are dropped to user and group as listed:

Code Listing 5: Server-side configuration file /etc/openvpn/myhomelan/local.conf
dev tun    
ifconfig 172.16.1.1 172.16.1.20 // IP of the local
// tun device and its peer
secret /etc/openvpn/myhomelan/myhomelan-key.txt
comp-lzo
port 5000
user nobody
group nobody


The client's configuration needs the tunnel's destination address. This is often a dynamic DNS address, sometimes a fixed IP, depending on your ISP. You also need to route to your home LAN (192.168.1.0 in our example). You can call a shell script from the configuration file that accordingly sets a route.

Code Listing 6: Client-side configuration file /etc/openvpn/myhomelan/local.conf
remote    // or your VPN 
// server's external IP if you have a fixed one
dev tun
ifconfig 172.16.1.20 172.16.1.1 // IP of the local tun
// device and its peer
secret /etc/openvpn/myhomelan/myhomelan-key.txt
comp-lzo
port 5000
user nobody
group nobody
up /etc/openvpn/myhomelan/route.sh // sets up the route
//to the network behind the VPN server


The route command would need to set the client's gateway for the network 192.168.1.0 to its peer's address (172.16.1.1 in our setup).

Code Listing 7: /etc/openvpn/myhomelan/route.sh
#!/bin/bash    
route add -net 192.168.1.0 netmask 255.255.255.0 gw 172.16.1.1


That's it. Start OpenVPN on the server and the client, and check the devices with ifconfig and the routes with route -n. Success!

From http://www.gentoo.org/news/en/gwn/20041011-newsletter.xml
rate this article:
current rating: average rating: 2.4 (16 votes) (1=very good 6=terrible)
Your rating:
Very good (1) Good (2) ok (3) average (4) bad (5) terrible (6)

back



Other free services
toURL.org
Shorten long
URLs to short
links like
http://tourl.org/2
tourl.org
.
Reverse DNS lookup
Find out which hostname(s)
resolve to a
given IP or other hostnames for the server
www.reversednslookup.org

New Packages

- as rdf newsfeed
- as rss newsfeed
- as Atom newsfeed
2019-02-22
albert - 0.16.1
Ebuild name:

x11-misc/albert-0.16.1

Description

Desktop agnostic launcher

Added to portage

2019-02-22

ansible - 2.6.14
Ebuild name:

app-admin/ansible-2.6.14

Description

Model-driven deployment, config management, and command execution framewor

Added to portage

2019-02-22

ansible - 2.7.8
Ebuild name:

app-admin/ansible-2.7.8

Description

Model-driven deployment, config management, and command execution framework

Added to portage

2019-02-22

asciinema - 2.0.2
Ebuild name:

app-misc/asciinema-2.0.2

Description

Command line recorder for asciinema.org service

Added to portage

2019-02-22

carbon-c-relay - 3.5
Ebuild name:

app-misc/carbon-c-relay-3.5

Description

Enhanced C version of Carbon relay, aggregator and rewriter

Added to portage

2019-02-22

dbus - 1.12.12-r1
Ebuild name:

sys-apps/dbus-1.12.12-r1

Description

A message bus system, a simple way for applications to talk to each other

Added to portage

2019-02-22

eiciel - 0.9.12.1
Ebuild name:

gnome-extra/eiciel-0.9.12.1

Description

ACL editor for GNOME, with Nautilus extension

Added to portage

2019-02-22

fakefs - 0.19.2
Ebuild name:

dev-ruby/fakefs-0.19.2

Description

A fake filesystem. Use it in your tests

Added to portage

2019-02-22

file - 5.36
Ebuild name:

sys-apps/file-5.36

Description

identify a file's format by scanning binary data for patterns

Added to portage

2019-02-22

gsoap - 2.8.80
Ebuild name:

net-libs/gsoap-2.8.80

Description

A cross-platform open source C and C++ SDK for SOAP/XML Web services

Added to portage

2019-02-22

ibm-plex - 1.2.3
Ebuild name:

media-fonts/ibm-plex-1.2.3

Description

The package of IBM's typeface

Added to portage

2019-02-22

joystick - 1.6.1
Ebuild name:

games-util/joystick-1.6.1

Description

joystick testing utilities

Added to portage

2019-02-22

js8call - 1.0.0_rc1
Ebuild name:

media-radio/js8call-1.0.0_rc1

Description

Weak signal ham radio communication

Added to portage

2019-02-22

json - 2.2.0
Ebuild name:

dev-ruby/json-2.2.0

Description

A JSON implementation as a Ruby extension

Added to portage

2019-02-22

kafka-bin - 2.1.1
Ebuild name:

net-misc/kafka-bin-2.1.1

Description

A high-throughput distributed messaging system

Added to portage

2019-02-22

netdata - 1.12.1
Ebuild name:

net-analyzer/netdata-1.12.1

Description

Linux real time system monitoring, done right

Added to portage

2019-02-22

nnn - 2.3
Ebuild name:

app-misc/nnn-2.3

Description

The missing terminal file browser for X

Added to portage

2019-02-22

openldap - 2.4.47-r1
Ebuild name:

net-nds/openldap-2.4.47-r1

Description

LDAP suite of application and development tools

Added to portage

2019-02-22

puppet - 6.3.0
Ebuild name:

app-admin/puppet-6.3.0

Description

A system automation and configuration management software.

Added to portage

2019-02-22

puppet-agent - 6.3.0
Ebuild name:

app-admin/puppet-agent-6.3.0

Description

general puppet client utils along with hiera and facter

Added to portage

2019-02-22

puppetserver - 6.2.1
Ebuild name:

app-admin/puppetserver-6.2.1

Description

Puppet Server is the next-generation application for managing Puppet a

Added to portage

2019-02-22

stress-ng - 0.09.53
Ebuild name:

app-benchmarks/stress-ng-0.09.53

Description

Stress test for a computer system with various selectable ways

Added to portage

2019-02-22

teamspeak-client - 3.2.3-r1
Ebuild name:

media-sound/teamspeak-client-3.2.3-r1

Description

A client software for quality voice communication via the int

Added to portage

2019-02-22

xf86-video-intel - 2.99.917_p20180214-r2
Ebuild name:

x11-drivers/xf86-video-intel-2.99.917_p20180214-r2

Description

X.Org driver for Intel cards

Added to portage

2019-02-22

2019-02-21
aribb24 - 1.0.3-r2
Ebuild name:

media-libs/aribb24-1.0.3-r2

Description

Library for decoding ARIB STD-B24 subtitles

Added to portage

2019-02-21

drupal - 8.5.11
Ebuild name:

www-apps/drupal-8.5.11

Description

PHP-based open-source platform and content management system

Added to portage

2019-02-21

drupal - 8.6.10
Ebuild name:

www-apps/drupal-8.6.10

Description

PHP-based open-source platform and content management system

Added to portage

2019-02-21

gdal-grass - 2.1.3
Ebuild name:

sci-geosciences/gdal-grass-2.1.3

Description

GDAL plugin to access GRASS data

Added to portage

2019-02-21

git - 2.21.0_rc2
Ebuild name:

dev-vcs/git-2.21.0_rc2

Description

stupid content tracker distributed VCS designed for speed and efficiency

Added to portage

2019-02-21

grass - 7.4.4
Ebuild name:

sci-geosciences/grass-7.4.4

Description

A free GIS with raster and vector functionality, as well as 3D vizualiz

Added to portage

2019-02-21

imagemagick - 6.9.10.28
Ebuild name:

media-gfx/imagemagick-6.9.10.28

Description

A collection of tools and libraries for many image formats

Added to portage

2019-02-21

imagemagick - 7.0.8.28
Ebuild name:

media-gfx/imagemagick-7.0.8.28

Description

A collection of tools and libraries for many image formats

Added to portage

2019-02-21

json_schema - 0.20.2
Ebuild name:

dev-ruby/json_schema-0.20.2

Description

A JSON Schema V4 and Hyperschema V4 parser and validator

Added to portage

2019-02-21

keepalived - 2.0.13
Ebuild name:

sys-cluster/keepalived-2.0.13

Description

A strong & robust keepalive facility to the Linux Virtual Server proj

Added to portage

2019-02-21

kube-apiserver - 1.13.3
Ebuild name:

sys-cluster/kube-apiserver-1.13.3

Description

Kubernetes API server

Added to portage

2019-02-21

kube-controller-manager - 1.13.3
Ebuild name:

sys-cluster/kube-controller-manager-1.13.3

Description

Kubernetes Controller Manager

Added to portage

2019-02-21

kube-proxy - 1.13.3
Ebuild name:

sys-cluster/kube-proxy-1.13.3

Description

Kubernetes Proxy service

Added to portage

2019-02-21

kube-scheduler - 1.13.3
Ebuild name:

sys-cluster/kube-scheduler-1.13.3

Description

Kubernetes Scheduler

Added to portage

2019-02-21

libva - 2.4.0
Ebuild name:

x11-libs/libva-2.4.0

Description

Video Acceleration (VA) API for Linux

Added to portage

2019-02-21

libva-intel-driver - 2.3.0
Ebuild name:

x11-libs/libva-intel-driver-2.3.0

Description

HW video decode support for Intel integrated graphics

Added to portage

2019-02-21

libva-utils - 2.3.0
Ebuild name:

media-video/libva-utils-2.3.0

Description

Collection of utilities and tests for VA-API

Added to portage

2019-02-21

libva-utils - 2.4.0
Ebuild name:

media-video/libva-utils-2.4.0

Description

Collection of utilities and tests for VA-API

Added to portage

2019-02-21

lynis - 2.7.1
Ebuild name:

app-forensics/lynis-2.7.1

Description

Security and system auditing tool

Added to portage

2019-02-21

mc - 2019.02.20.22.21.50
Ebuild name:

net-fs/mc-2019.02.20.22.21.50

Description

Minio client provides alternatives for ls, cat on cloud storage and f

Added to portage

2019-02-21

minio - 2019.02.20.22.44.29
Ebuild name:

net-fs/minio-2019.02.20.22.44.29

Description

An Amazon S3 compatible object storage server

Added to portage

2019-02-21

numexpr - 2.6.9
Ebuild name:

dev-python/numexpr-2.6.9

Description

Fast numerical array expression evaluator for Python and NumPy

Added to portage

2019-02-21

opera-developer - 60.0.3236.0
Ebuild name:

www-client/opera-developer-60.0.3236.0

Description

A fast and secure web browser

Added to portage

2019-02-21

postfix - 3.4.0_rc2
Ebuild name:

mail-mta/postfix-3.4.0_rc2

Description

A fast and secure drop-in replacement for sendmail

Added to portage

2019-02-21

radare2 - 3.3.0
Ebuild name:

dev-util/radare2-3.3.0

Description

unix-like reverse engineering framework and commandline tools

Added to portage

2019-02-21

refbase - 0.9.6_p20180223
Ebuild name:

app-text/refbase-0.9.6_p20180223

Description

Web-based solution for managing scientific literature, references

Added to portage

2019-02-21

requests-credssp - 1.0.2
Ebuild name:

dev-python/requests-credssp-1.0.2

Description

HTTPS CredSSP authentication with the requests library

Added to portage

2019-02-21

ruby-macho - 2.2.0
Ebuild name:

dev-ruby/ruby-macho-2.2.0

Description

A library for viewing and manipulating Mach-O files in Ruby

Added to portage

2019-02-21

udev-init-scripts - 33
Ebuild name:

sys-fs/udev-init-scripts-33

Description

udev startup scripts for openrc

Added to portage

2019-02-21

vanilla-sources - 4.14.102
Ebuild name:

sys-kernel/vanilla-sources-4.14.102

Description

Full sources for the Linux kernel

Added to portage

2019-02-21

vanilla-sources - 4.19.24
Ebuild name:

sys-kernel/vanilla-sources-4.19.24

Description

Full sources for the Linux kernel

Added to portage

2019-02-21

vanilla-sources - 4.20.11
Ebuild name:

sys-kernel/vanilla-sources-4.20.11

Description

Full sources for the Linux kernel

Added to portage

2019-02-21

vanilla-sources - 4.4.175
Ebuild name:

sys-kernel/vanilla-sources-4.4.175

Description

Full sources for the Linux kernel

Added to portage

2019-02-21

vanilla-sources - 4.9.159
Ebuild name:

sys-kernel/vanilla-sources-4.9.159

Description

Full sources for the Linux kernel

Added to portage

2019-02-21

zim - 0.70_rc3
Ebuild name:

x11-misc/zim-0.70_rc3

Description

A desktop wiki

Added to portage

2019-02-21

rdf newsfeed | rss newsfeed | Atom newsfeed
- Powered by LeopardCMS - Running on Gentoo -
Copyright 2004-2018 Sascha Nitsch Unternehmensberatung UG(haftungsbeschänkt)
Valid XHTML1.1 : Valid CSS : buttonmaker
- Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0 -
- Copyright and legal notices -
Time to create this page: 50.7 ms