from small one page howto to huge articles all in one place
 

search text in:




Other .linuxhowtos.org sites: www.linuxhowtos.org
toolsntoys.linuxhowtos.org



Last additions:
How to make X listen on port 6000

How to make X listen on port 6000

words:

34

views:

40748

userrating:

average rating: 1.5 (4 votes) (1=very good 6=terrible)


May, 25th 2007:
April, 26th 2007:
Apr, 10th. 2007:
Druckversion . pdf icon
You are here: Tutorials per portage category->net-misc->openvpn

OpenVPN primer


There are as many advantages to VPN tunnels as there are different VPN scenarios. One easy implementation is the "OpenVPN via tun-device" solution. An example: you'd like to connect your laptop to your LAN at home so that you can use your mail client without reconfiguring it anytime you switch from home to internet and back. Let's say your mail-server is 192.168.1.10 in your LAN (192.168.1.0/24) at home, and you have got a router/firewall providing access to the Internet. You connect from work or school and want to read mail. OpenVPN can create two virtual devices for you when connecting two computers through an encrypted tunnel. Naturally you then have the possibility of forwarding traffic into the networks behind them, and thus would be "virtually connected" to your LAN behind the firewall. To enable this, either your firewall or a server behind it should run OpenVPN (if you choose a server in your LAN, you'll have to forward the destination port to the OpenVPN server).

Here's what you need to do:
Code Listing 1: Enable the tun module in your kernel: Kernel config - tun module
          [*] Networking support    
Networking options --->
[ ] Amateur Radio support --->
< > IrDA (infrared) subsystem support --->
< > Bluetooth subsystem support --->
[*] Network device support
< > Dummy net driver support
< > Bonding driver support
< > EQL (serial line load balancing) support
Universal TUN/TAP device driver support
// This option must be enabled


Make sure this module exists and can be loaded. Next, install OpenVPN and it dependencies.
Code Listing 2: Install OpenVPN
emerge openvpn

Now on both server and client, create a directory for your configuration:

Code Listing 3: Make directory
mkdir /etc/openvpn    
mkdir /etc/openvpn/myhomelan


Inside that directory, create a shared key for your VPN session and copy that key to the client's directory, /etc/openvpn/myhomelan.

Code Listing 4: Generate shared key
cd /etc/openvpn/myhomelan    
openvpn --genkey --secret myhomelan-key.txt


Now for the tricky part, the routing. It is important that the two tun devices on the client and server use IP addresses from the same subnet. The configuration files shown below list the type of device, the two end-points of the tunnel, the compression method and the UDP-port on which the tunnel is established. Finally privileges are dropped to user and group as listed:

Code Listing 5: Server-side configuration file /etc/openvpn/myhomelan/local.conf
dev tun    
ifconfig 172.16.1.1 172.16.1.20 // IP of the local
// tun device and its peer
secret /etc/openvpn/myhomelan/myhomelan-key.txt
comp-lzo
port 5000
user nobody
group nobody


The client's configuration needs the tunnel's destination address. This is often a dynamic DNS address, sometimes a fixed IP, depending on your ISP. You also need to route to your home LAN (192.168.1.0 in our example). You can call a shell script from the configuration file that accordingly sets a route.

Code Listing 6: Client-side configuration file /etc/openvpn/myhomelan/local.conf
remote    // or your VPN 
// server's external IP if you have a fixed one
dev tun
ifconfig 172.16.1.20 172.16.1.1 // IP of the local tun
// device and its peer
secret /etc/openvpn/myhomelan/myhomelan-key.txt
comp-lzo
port 5000
user nobody
group nobody
up /etc/openvpn/myhomelan/route.sh // sets up the route
//to the network behind the VPN server


The route command would need to set the client's gateway for the network 192.168.1.0 to its peer's address (172.16.1.1 in our setup).

Code Listing 7: /etc/openvpn/myhomelan/route.sh
#!/bin/bash    
route add -net 192.168.1.0 netmask 255.255.255.0 gw 172.16.1.1


That's it. Start OpenVPN on the server and the client, and check the devices with ifconfig and the routes with route -n. Success!

From http://www.gentoo.org/news/en/gwn/20041011-newsletter.xml
rate this article:
current rating: average rating: 2.4 (16 votes) (1=very good 6=terrible)
Your rating:
Very good (1) Good (2) ok (3) average (4) bad (5) terrible (6)

back



Other free services
toURL.org
Shorten long
URLs to short
links like
http://tourl.org/2
tourl.org
.
Reverse DNS lookup
Find out which hostname(s)
resolve to a
given IP or other hostnames for the server
www.reversednslookup.org

New Packages

- as rdf newsfeed
- as rss newsfeed
- as Atom newsfeed
2018-05-27
2018-05-26
albert - 0.14.19
Ebuild name:

x11-misc/albert-0.14.19

Description

Desktop agnostic launcher

Added to portage

2018-05-26

asio - 1.12.1
Ebuild name:

dev-cpp/asio-1.12.1

Description

Asynchronous Network Library

Added to portage

2018-05-26

capybara - 3.1.1
Ebuild name:

dev-ruby/capybara-3.1.1

Description

Capybara aims to simplify the process of integration testing Rack applicati

Added to portage

2018-05-26

dnscrypt-proxy - 2.0.14
Ebuild name:

net-dns/dnscrypt-proxy-2.0.14

Description

A flexible DNS proxy, with support for encrypted DNS protocols

Added to portage

2018-05-26

docker-py - 3.3.0
Ebuild name:

dev-python/docker-py-3.3.0

Description

Python client for Docker

Added to portage

2018-05-26

docker-pycreds - 0.2.3
Ebuild name:

dev-python/docker-pycreds-0.2.3

Description

Python bindings for the docker credentials store API

Added to portage

2018-05-26

enlightenment - 0.21.11
Ebuild name:

x11-wm/enlightenment-0.21.11

Description

Enlightenment window manager

Added to portage

2018-05-26

glusterfs - 4.0.2
Ebuild name:

sys-cluster/glusterfs-4.0.2

Description

GlusterFS is a powerful network/cluster filesystem

Added to portage

2018-05-26

id3 - 0.15-r1
Ebuild name:

media-sound/id3-0.15-r1

Description

changes the id3 tag in an mp3 file

Added to portage

2018-05-26

jwt - 2.1.0
Ebuild name:

dev-ruby/jwt-2.1.0

Description

A Ruby implementation of JSON Web Token draft 06

Added to portage

2018-05-26

keepass - 2.39.1
Ebuild name:

app-admin/keepass-2.39.1

Description

A free, open source, light-weight and easy-to-use password manager

Added to portage

2018-05-26

livecd-tools - 2.4
Ebuild name:

app-misc/livecd-tools-2.4

Description

Gentoo LiveCD tools for autoconfiguration of hardware

Added to portage

2018-05-26

monitorix - 3.10.1
Ebuild name:

www-misc/monitorix-3.10.1

Description

A lightweight system monitoring tool

Added to portage

2018-05-26

networkmanager-openvpn - 1.8.4
Ebuild name:

net-misc/networkmanager-openvpn-1.8.4

Description

NetworkManager OpenVPN plugin

Added to portage

2018-05-26

opencv - 3.4.1
Ebuild name:

media-libs/opencv-3.4.1

Description

A collection of algorithms and sample code for various computer vision prob

Added to portage

2018-05-26

openvpn - 2.4.6
Ebuild name:

net-vpn/openvpn-2.4.6

Description

Robust and highly flexible tunneling application compatible with many OSes

Added to portage

2018-05-26

percona-toolkit - 3.0.10-r1
Ebuild name:

dev-db/percona-toolkit-3.0.10-r1

Description

Advanced command-line tools to perform a variety of MySQL and syst

Added to portage

2018-05-26

python-efl - 1.20.0
Ebuild name:

dev-python/python-efl-1.20.0

Description

Python bindings for Enlightenment Foundation Libraries

Added to portage

2018-05-26

redmine - 3.3.7
Ebuild name:

www-apps/redmine-3.3.7

Description

Flexible project management web application using the Ruby on Rails framewor

Added to portage

2018-05-26

redmine - 3.4.5
Ebuild name:

www-apps/redmine-3.4.5

Description

Flexible project management web application using the Ruby on Rails framewor

Added to portage

2018-05-26

retext - 7.0.0-r2
Ebuild name:

app-editors/retext-7.0.0-r2

Description

Simple editor for Markdown and reStructuredText

Added to portage

2018-05-26

retext - 7.0.1-r2
Ebuild name:

app-editors/retext-7.0.1-r2

Description

Simple editor for Markdown and reStructuredText

Added to portage

2018-05-26

rkhunter - 1.4.6-r1
Ebuild name:

app-forensics/rkhunter-1.4.6-r1

Description

Rootkit Hunter scans for known and unknown rootkits, backdoors, and

Added to portage

2018-05-26

tiled - 1.1.5
Ebuild name:

dev-games/tiled-1.1.5

Description

A general purpose tile map editor

Added to portage

2018-05-26

vdirsyncer - 0.16.4
Ebuild name:

dev-python/vdirsyncer-0.16.4

Description

Synchronize calendars and contacts

Added to portage

2018-05-26

wordpress - 4.9.6
Ebuild name:

www-apps/wordpress-4.9.6

Description

Wordpress PHP and MySQL based content management system (CMS)

Added to portage

2018-05-26

rdf newsfeed | rss newsfeed | Atom newsfeed
- Powered by LeopardCMS - Running on Gentoo -
Copyright 2004-2018 Sascha Nitsch Unternehmensberatung UG(haftungsbeschänkt)
Valid XHTML1.1 : Valid CSS : buttonmaker
- Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0 -
- Copyright and legal notices -
Time to create this page: 4.0 ms