from small one page howto to huge articles all in one place
 

search text in:




Other .linuxhowtos.org sites: www.linuxhowtos.org
toolsntoys.linuxhowtos.org



Last additions:
How to make X listen on port 6000

How to make X listen on port 6000

words:

34

views:

37011

userrating:

average rating: 1.5 (4 votes) (1=very good 6=terrible)


May, 25th 2007:
April, 26th 2007:
Apr, 10th. 2007:
Druckversion . pdf icon
You are here: Tutorials per portage category->net-misc->openvpn

OpenVPN primer


There are as many advantages to VPN tunnels as there are different VPN scenarios. One easy implementation is the "OpenVPN via tun-device" solution. An example: you'd like to connect your laptop to your LAN at home so that you can use your mail client without reconfiguring it anytime you switch from home to internet and back. Let's say your mail-server is 192.168.1.10 in your LAN (192.168.1.0/24) at home, and you have got a router/firewall providing access to the Internet. You connect from work or school and want to read mail. OpenVPN can create two virtual devices for you when connecting two computers through an encrypted tunnel. Naturally you then have the possibility of forwarding traffic into the networks behind them, and thus would be "virtually connected" to your LAN behind the firewall. To enable this, either your firewall or a server behind it should run OpenVPN (if you choose a server in your LAN, you'll have to forward the destination port to the OpenVPN server).

Here's what you need to do:
Code Listing 1: Enable the tun module in your kernel: Kernel config - tun module
          [*] Networking support    
Networking options --->
[ ] Amateur Radio support --->
< > IrDA (infrared) subsystem support --->
< > Bluetooth subsystem support --->
[*] Network device support
< > Dummy net driver support
< > Bonding driver support
< > EQL (serial line load balancing) support
Universal TUN/TAP device driver support
// This option must be enabled


Make sure this module exists and can be loaded. Next, install OpenVPN and it dependencies.
Code Listing 2: Install OpenVPN
emerge openvpn

Now on both server and client, create a directory for your configuration:

Code Listing 3: Make directory
mkdir /etc/openvpn    
mkdir /etc/openvpn/myhomelan


Inside that directory, create a shared key for your VPN session and copy that key to the client's directory, /etc/openvpn/myhomelan.

Code Listing 4: Generate shared key
cd /etc/openvpn/myhomelan    
openvpn --genkey --secret myhomelan-key.txt


Now for the tricky part, the routing. It is important that the two tun devices on the client and server use IP addresses from the same subnet. The configuration files shown below list the type of device, the two end-points of the tunnel, the compression method and the UDP-port on which the tunnel is established. Finally privileges are dropped to user and group as listed:

Code Listing 5: Server-side configuration file /etc/openvpn/myhomelan/local.conf
dev tun    
ifconfig 172.16.1.1 172.16.1.20 // IP of the local
// tun device and its peer
secret /etc/openvpn/myhomelan/myhomelan-key.txt
comp-lzo
port 5000
user nobody
group nobody


The client's configuration needs the tunnel's destination address. This is often a dynamic DNS address, sometimes a fixed IP, depending on your ISP. You also need to route to your home LAN (192.168.1.0 in our example). You can call a shell script from the configuration file that accordingly sets a route.

Code Listing 6: Client-side configuration file /etc/openvpn/myhomelan/local.conf
remote    // or your VPN 
// server's external IP if you have a fixed one
dev tun
ifconfig 172.16.1.20 172.16.1.1 // IP of the local tun
// device and its peer
secret /etc/openvpn/myhomelan/myhomelan-key.txt
comp-lzo
port 5000
user nobody
group nobody
up /etc/openvpn/myhomelan/route.sh // sets up the route
//to the network behind the VPN server


The route command would need to set the client's gateway for the network 192.168.1.0 to its peer's address (172.16.1.1 in our setup).

Code Listing 7: /etc/openvpn/myhomelan/route.sh
#!/bin/bash    
route add -net 192.168.1.0 netmask 255.255.255.0 gw 172.16.1.1


That's it. Start OpenVPN on the server and the client, and check the devices with ifconfig and the routes with route -n. Success!

From http://www.gentoo.org/news/en/gwn/20041011-newsletter.xml
rate this article:
current rating: average rating: 2.4 (16 votes) (1=very good 6=terrible)
Your rating:
Very good (1) Good (2) ok (3) average (4) bad (5) terrible (6)

back
Please read "Why adblockers are bad".



other Ads
Trace My Cash
Wenn Sie sich schon immer mal gefragt haben, wo eigentlich Ihr geliebtes Bargeld geblieben ist, finden Sie hier vielleicht die Antwort.
www.tracemycash.com
Other free services
toURL.org
Shorten long
URLs to short
links like
http://tourl.org/2
tourl.org
.
Reverse DNS lookup
Find out which hostname(s)
resolve to a
given IP or other hostnames for the server
www.reversednslookup.org

New Packages

- as rdf newsfeed
- as rss newsfeed
- as Atom newsfeed
2017-03-26
gnupg - 2.1.19-r2
Ebuild name:

app-crypt/gnupg-2.1.19-r2

Description

The GNU Privacy Guard, a GPL OpenPGP implementation

Added to portage

2017-03-26

hdbc-sqlite3 - 2.3.3.1-r1
Ebuild name:

dev-haskell/hdbc-sqlite3-2.3.3.1-r1

Description

Sqlite v3 driver for HDBC

Added to portage

2017-03-26

perl-cleaner - 2.25
Ebuild name:

app-admin/perl-cleaner-2.25

Description

User land tool for cleaning up old perl installs

Added to portage

2017-03-26

2017-03-25
Test-File - 1.442.0
Ebuild name:

dev-perl/Test-File-1.442.0

Description

Test file attributes

Added to portage

2017-03-25

Test-utf8 - 1.10.0
Ebuild name:

dev-perl/Test-utf8-1.10.0

Description

Handy utf8 tests

Added to portage

2017-03-25

ack - 2.18
Ebuild name:

sys-apps/ack-2.18

Description

ack is a tool like grep, optimized for programmers

Added to portage

2017-03-25

apt-cacher-ng - 3
Ebuild name:

net-misc/apt-cacher-ng-3

Description

Yet another caching HTTP proxy for Debian/Ubuntu software packages

Added to portage

2017-03-25

avogadro2 - 0.9.0
Ebuild name:

sci-chemistry/avogadro2-0.9.0

Description

Advanced molecule editor and visualizer 2

Added to portage

2017-03-25

avogadrolibs - 0.9.0
Ebuild name:

sci-libs/avogadrolibs-0.9.0

Description

Advanced molecule editor and visualizer 2 - libraries

Added to portage

2017-03-25

brainparty - 0.61-r1
Ebuild name:

games-puzzle/brainparty-0.61-r1

Description

A puzzle-solving, brain-stretching game for all ages

Added to portage

2017-03-25

btrfs-progs - 4.10
Ebuild name:

sys-fs/btrfs-progs-4.10

Description

Btrfs filesystem utilities

Added to portage

2017-03-25

btrfs-progs - 4.9.1
Ebuild name:

sys-fs/btrfs-progs-4.9.1

Description

Btrfs filesystem utilities

Added to portage

2017-03-25

capstone - 3.0.5_rc2
Ebuild name:

dev-libs/capstone-3.0.5_rc2

Description

disassembly/disassembler framework + bindings

Added to portage

2017-03-25

conky - 1.10.6-r2
Ebuild name:

app-admin/conky-1.10.6-r2

Description

An advanced, highly configurable system monitor for X

Added to portage

2017-03-25

dbus - 1.10.16-r1
Ebuild name:

sys-apps/dbus-1.10.16-r1

Description

A message bus system, a simple way for applications to talk to each other

Added to portage

2017-03-25

exiftool - 10.47
Ebuild name:

media-libs/exiftool-10.47

Description

Read and write meta information in image, audio and video files

Added to portage

2017-03-25

genymotion-bin - 2.8.1-r1
Ebuild name:

app-emulation/genymotion-bin-2.8.1-r1

Description

Complete set of tools that provide a virtual environment for

Added to portage

2017-03-25

gnome - 3.22.2
Ebuild name:

gnome-base/gnome-3.22.2

Description

Meta package for GNOME 3, merge this package to install

Added to portage

2017-03-25

gnome-extra-apps - 3.22.2
Ebuild name:

gnome-base/gnome-extra-apps-3.22.2

Description

Sub-meta package for the applications of GNOME 3

Added to portage

2017-03-25

gnome-light - 3.22.2
Ebuild name:

gnome-base/gnome-light-3.22.2

Description

Meta package for GNOME-Light, merge this package to install

Added to portage

2017-03-25

gnome-shell-extensions-topicons-plus - 20
Ebuild name:

gnome-extra/gnome-shell-extensions-topicons-plus-20

Description

Moves legacy tray icons to top panel

Added to portage

2017-03-25

h5py - 2.7.0
Ebuild name:

dev-python/h5py-2.7.0

Description

Simple Python interface to HDF5 files

Added to portage

2017-03-25

kbibtex - 0.6.2
Ebuild name:

app-text/kbibtex-0.6.2

Description

BibTeX editor by KDE to edit bibliographies used with LaTeX

Added to portage

2017-03-25

kde4-l10n - 16.12.3-r1
Ebuild name:

kde-apps/kde4-l10n-16.12.3-r1

Description

KDE legacy internationalization package

Added to portage

2017-03-25

krfb - 16.12.3-r1
Ebuild name:

kde-apps/krfb-16.12.3-r1

Description

VNC-compatible server to share KDE desktops

Added to portage

2017-03-25

laf-plugin - 0.2-r2
Ebuild name:

dev-java/laf-plugin-0.2-r2

Description

Look'n'feel Java library

Added to portage

2017-03-25

laf-plugin - 1.1-r1
Ebuild name:

dev-java/laf-plugin-1.1-r1

Description

Look'n'feel Java library

Added to portage

2017-03-25

lilypond - 2.19.57
Ebuild name:

media-sound/lilypond-2.19.57

Description

GNU Music Typesetter

Added to portage

2017-03-25

marble - 16.12.3-r1
Ebuild name:

kde-apps/marble-16.12.3-r1

Description

Virtual Globe and World Atlas to learn more about Earth

Added to portage

2017-03-25

nm-applet - 1.4.6-r1
Ebuild name:

gnome-extra/nm-applet-1.4.6-r1

Description

GNOME applet for NetworkManager

Added to portage

2017-03-25

nmap - 7.40-r1
Ebuild name:

net-analyzer/nmap-7.40-r1

Description

A utility for network discovery and security auditing

Added to portage

2017-03-25

notmuch - 0.24
Ebuild name:

net-mail/notmuch-0.24

Description

Thread-based e-mail indexer, supporting quick search and tagging

Added to portage

2017-03-25

perl-cleaner - 2.24
Ebuild name:

app-admin/perl-cleaner-2.24

Description

User land tool for cleaning up old perl installs

Added to portage

2017-03-25

pouetchess - 0.2.0-r2
Ebuild name:

games-board/pouetchess-0.2.0-r2

Description

3D and open source chess game

Added to portage

2017-03-25

pysnmp - 4.3.5
Ebuild name:

dev-python/pysnmp-4.3.5

Description

Python SNMP library

Added to portage

2017-03-25

ripgrep - 0.5.0
Ebuild name:

sys-apps/ripgrep-0.5.0

Description

a command line search tool that combines usability with raw speed

Added to portage

2017-03-25

sddm - 0.14.0-r3
Ebuild name:

x11-misc/sddm-0.14.0-r3

Description

Simple Desktop Display Manager

Added to portage

2017-03-25

trayer - 1.0-r3
Ebuild name:

x11-misc/trayer-1.0-r3

Description

Lightweight GTK+ based systray for UNIX desktop

Added to portage

2017-03-25

vivaldi - 1.8.770.44_p1
Ebuild name:

www-client/vivaldi-1.8.770.44_p1

Description

A new browser for our friends

Added to portage

2017-03-25

wop - 0.4.3-r2
Ebuild name:

games-arcade/wop-0.4.3-r2

Description

Worms of Prey - A multi-player, real-time clone of Worms

Added to portage

2017-03-25

youtube-dl - 2017.03.24
Ebuild name:

net-misc/youtube-dl-2017.03.24

Description

Download videos from YouTube.com (and more sites...)

Added to portage

2017-03-25

rdf newsfeed | rss newsfeed | Atom newsfeed
- Powered by LeopardCMS - Running on Gentoo -
Copyright 2004-2017 Sascha Nitsch Unternehmensberatung UG(haftungsbeschänkt)
Valid XHTML1.1 : Valid CSS : buttonmaker
- Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0 -
- Copyright and legal notices -
Time to create this page: 5.1 ms
system status display