from small one page howto to huge articles all in one place
 

search text in:




Other .linuxhowtos.org sites: www.linuxhowtos.org
toolsntoys.linuxhowtos.org



Last additions:
How to make X listen on port 6000

How to make X listen on port 6000

words:

34

views:

45371

userrating:

average rating: 1.5 (4 votes) (1=very good 6=terrible)


May, 25th 2007:
April, 26th 2007:
Apr, 10th. 2007:
Druckversion . pdf icon
You are here: Tutorials per portage category->net-misc->openvpn

OpenVPN primer


There are as many advantages to VPN tunnels as there are different VPN scenarios. One easy implementation is the "OpenVPN via tun-device" solution. An example: you'd like to connect your laptop to your LAN at home so that you can use your mail client without reconfiguring it anytime you switch from home to internet and back. Let's say your mail-server is 192.168.1.10 in your LAN (192.168.1.0/24) at home, and you have got a router/firewall providing access to the Internet. You connect from work or school and want to read mail. OpenVPN can create two virtual devices for you when connecting two computers through an encrypted tunnel. Naturally you then have the possibility of forwarding traffic into the networks behind them, and thus would be "virtually connected" to your LAN behind the firewall. To enable this, either your firewall or a server behind it should run OpenVPN (if you choose a server in your LAN, you'll have to forward the destination port to the OpenVPN server).

Here's what you need to do:
Code Listing 1: Enable the tun module in your kernel: Kernel config - tun module
          [*] Networking support    
Networking options --->
[ ] Amateur Radio support --->
< > IrDA (infrared) subsystem support --->
< > Bluetooth subsystem support --->
[*] Network device support
< > Dummy net driver support
< > Bonding driver support
< > EQL (serial line load balancing) support
Universal TUN/TAP device driver support
// This option must be enabled


Make sure this module exists and can be loaded. Next, install OpenVPN and it dependencies.
Code Listing 2: Install OpenVPN
emerge openvpn

Now on both server and client, create a directory for your configuration:

Code Listing 3: Make directory
mkdir /etc/openvpn    
mkdir /etc/openvpn/myhomelan


Inside that directory, create a shared key for your VPN session and copy that key to the client's directory, /etc/openvpn/myhomelan.

Code Listing 4: Generate shared key
cd /etc/openvpn/myhomelan    
openvpn --genkey --secret myhomelan-key.txt


Now for the tricky part, the routing. It is important that the two tun devices on the client and server use IP addresses from the same subnet. The configuration files shown below list the type of device, the two end-points of the tunnel, the compression method and the UDP-port on which the tunnel is established. Finally privileges are dropped to user and group as listed:

Code Listing 5: Server-side configuration file /etc/openvpn/myhomelan/local.conf
dev tun    
ifconfig 172.16.1.1 172.16.1.20 // IP of the local
// tun device and its peer
secret /etc/openvpn/myhomelan/myhomelan-key.txt
comp-lzo
port 5000
user nobody
group nobody


The client's configuration needs the tunnel's destination address. This is often a dynamic DNS address, sometimes a fixed IP, depending on your ISP. You also need to route to your home LAN (192.168.1.0 in our example). You can call a shell script from the configuration file that accordingly sets a route.

Code Listing 6: Client-side configuration file /etc/openvpn/myhomelan/local.conf
remote    // or your VPN 
// server's external IP if you have a fixed one
dev tun
ifconfig 172.16.1.20 172.16.1.1 // IP of the local tun
// device and its peer
secret /etc/openvpn/myhomelan/myhomelan-key.txt
comp-lzo
port 5000
user nobody
group nobody
up /etc/openvpn/myhomelan/route.sh // sets up the route
//to the network behind the VPN server


The route command would need to set the client's gateway for the network 192.168.1.0 to its peer's address (172.16.1.1 in our setup).

Code Listing 7: /etc/openvpn/myhomelan/route.sh
#!/bin/bash    
route add -net 192.168.1.0 netmask 255.255.255.0 gw 172.16.1.1


That's it. Start OpenVPN on the server and the client, and check the devices with ifconfig and the routes with route -n. Success!

From http://www.gentoo.org/news/en/gwn/20041011-newsletter.xml
rate this article:
current rating: average rating: 2.4 (16 votes) (1=very good 6=terrible)
Your rating:
Very good (1) Good (2) ok (3) average (4) bad (5) terrible (6)

back



Other free services
toURL.org
Shorten long
URLs to short
links like
http://tourl.org/2
tourl.org
.
Reverse DNS lookup
Find out which hostname(s)
resolve to a
given IP or other hostnames for the server
www.reversednslookup.org

New Packages

- as rdf newsfeed
- as rss newsfeed
- as Atom newsfeed
2019-04-24
exiftool - 11.37
Ebuild name:

media-libs/exiftool-11.37

Description

Read and write meta information in image, audio and video files

Added to portage

2019-04-24

git-remote-hg - 1.0.0-r1
Ebuild name:

dev-vcs/git-remote-hg-1.0.0-r1

Description

Semi-official Mercurial bridge from Git project

Added to portage

2019-04-24

kdiff3 - 1.8.0_pre20190420
Ebuild name:

kde-misc/kdiff3-1.8.0_pre20190420

Description

Frontend to diff3 based on KDE Frameworks

Added to portage

2019-04-24

libgit2-glib - 0.28.0.1
Ebuild name:

dev-libs/libgit2-glib-0.28.0.1

Description

Git library for GLib

Added to portage

2019-04-24

libressl - 2.6.5
Ebuild name:

dev-libs/libressl-2.6.5

Description

Free version of the SSL/TLS protocol forked from OpenSSL

Added to portage

2019-04-24

libressl - 2.9.1
Ebuild name:

dev-libs/libressl-2.9.1

Description

Free version of the SSL/TLS protocol forked from OpenSSL

Added to portage

2019-04-24

parallel - 20190422
Ebuild name:

sys-process/parallel-20190422

Description

A shell tool for executing jobs in parallel locally or on remote mach

Added to portage

2019-04-24

postfix - 3.5_pre20190330-r1
Ebuild name:

mail-mta/postfix-3.5_pre20190330-r1

Description

A fast and secure drop-in replacement for sendmail

Added to portage

2019-04-24

pycairo - 1.18.1
Ebuild name:

dev-python/pycairo-1.18.1

Description

Python bindings for the cairo library

Added to portage

2019-04-24

serverengine - 2.1.1
Ebuild name:

dev-ruby/serverengine-2.1.1

Description

A framework to implement robust multiprocess servers

Added to portage

2019-04-24

skrooge - 2.19.1
Ebuild name:

app-office/skrooge-2.19.1

Description

Personal finances manager, aiming at being simple and intuitive

Added to portage

2019-04-24

stunnel - 5.51-r1
Ebuild name:

net-misc/stunnel-5.51-r1

Description

TLS/SSL - Port Wrapper

Added to portage

2019-04-24

urllib3 - 1.24.2
Ebuild name:

dev-python/urllib3-1.24.2

Description

HTTP library with thread-safe connection pooling, file post, and more

Added to portage

2019-04-24

wpa_supplicant - 2.8-r1
Ebuild name:

net-wireless/wpa_supplicant-2.8-r1

Description

IEEE 802.1X/WPA supplicant for secure wireless transfers

Added to portage

2019-04-24

2019-04-23
alacritty - 0.3.2
Ebuild name:

x11-terms/alacritty-0.3.2

Description

GPU-accelerated terminal emulator

Added to portage

2019-04-23

atftp - 0.7.2
Ebuild name:

net-ftp/atftp-0.7.2

Description

Advanced TFTP implementation client/server

Added to portage

2019-04-23

calibre - 3.41.3
Ebuild name:

app-text/calibre-3.41.3

Description

Ebook management application

Added to portage

2019-04-23

cdw - 0.8.1-r1
Ebuild name:

app-cdr/cdw-0.8.1-r1

Description

An ncurses based console frontend for cdrtools and dvd+rw-tools

Added to portage

2019-04-23

cmake - 3.14.3
Ebuild name:

dev-util/cmake-3.14.3

Description

Cross platform Make

Added to portage

2019-04-23

eduke32 - 20190419.7615
Ebuild name:

games-fps/eduke32-20190419.7615

Description

An open source engine port of the classic PC first person shooter D

Added to portage

2019-04-23

elfix - 0.9.5
Ebuild name:

sys-apps/elfix-0.9.5

Description

A suite of tools to work with ELF objects on Hardened Gentoo

Added to portage

2019-04-23

flannel - 0.11.0
Ebuild name:

app-emulation/flannel-0.11.0

Description

An etcd backed network fabric for containers

Added to portage

2019-04-23

fuse-python - 0.3.1
Ebuild name:

dev-python/fuse-python-0.3.1

Description

Python FUSE bindings

Added to portage

2019-04-23

fwupd - 1.2.8
Ebuild name:

sys-apps/fwupd-1.2.8

Description

Aims to make updating firmware on Linux automatic, safe and reliable

Added to portage

2019-04-23

gitea - 1.8.0
Ebuild name:

www-apps/gitea-1.8.0

Description

A painless self-hosted Git service

Added to portage

2019-04-23

gnuradio - 3.7.13.5
Ebuild name:

net-wireless/gnuradio-3.7.13.5

Description

Toolkit that provides signal processing blocks to implement software

Added to portage

2019-04-23

gssproxy - 0.7.0-r1
Ebuild name:

net-nds/gssproxy-0.7.0-r1

Description

daemon to proxy GSSAPI context establishment and channel handling

Added to portage

2019-04-23

gssproxy - 0.8.0
Ebuild name:

net-nds/gssproxy-0.8.0

Description

daemon to proxy GSSAPI context establishment and channel handling

Added to portage

2019-04-23

gssproxy - 0.8.2
Ebuild name:

net-nds/gssproxy-0.8.2

Description

daemon to proxy GSSAPI context establishment and channel handling

Added to portage

2019-04-23

hashdiff - 0.3.9
Ebuild name:

dev-ruby/hashdiff-0.3.9

Description

Simple Hash extension to make working with nested hashes easier

Added to portage

2019-04-23

karma-bin - 0.33
Ebuild name:

www-apps/karma-bin-0.33

Description

Alerts dashboard for Prometheus Alertmanager

Added to portage

2019-04-23

kube-bench - 0.0.27
Ebuild name:

app-admin/kube-bench-0.0.27

Description

Kubernetes Bench for Security runs the CIS Kubernetes Benchmark

Added to portage

2019-04-23

kubectl - 1.14.1
Ebuild name:

sys-cluster/kubectl-1.14.1

Description

CLI to run commands against Kubernetes clusters

Added to portage

2019-04-23

libfilezilla - 0.16.0
Ebuild name:

dev-libs/libfilezilla-0.16.0

Description

C++ library offering some basic functionality for platform-independent

Added to portage

2019-04-23

libgpg-error - 1.36
Ebuild name:

dev-libs/libgpg-error-1.36

Description

Contains error handling functions used by GnuPG software

Added to portage

2019-04-23

maim - 5.5.3
Ebuild name:

media-gfx/maim-5.5.3

Description

Commandline tool to take screenshots of the desktop

Added to portage

2019-04-23

mendeleydesktop - 1.19.4
Ebuild name:

sci-misc/mendeleydesktop-1.19.4

Description

Research management tool for desktop and web

Added to portage

2019-04-23

mercurial - 4.9.1
Ebuild name:

dev-vcs/mercurial-4.9.1

Description

Scalable distributed SCM

Added to portage

2019-04-23

multipath-tools - 0.8.1
Ebuild name:

sys-fs/multipath-tools-0.8.1

Description

Device mapper target autoconfig

Added to portage

2019-04-23

prometheus_flask_exporter - 0.7.2
Ebuild name:

dev-python/prometheus_flask_exporter-0.7.2

Description

Provides HTTP request metrics to export into Prometheus

Added to portage

2019-04-23

pypax - 0.9.5
Ebuild name:

dev-python/pypax-0.9.5

Description

Python module to get or set either PT_PAX and/or XATTR_PAX flags

Added to portage

2019-04-23

rinku - 2.0.6
Ebuild name:

dev-ruby/rinku-2.0.6

Description

A Ruby library that does autolinking

Added to portage

2019-04-23

setuptools - 41.0.1
Ebuild name:

dev-python/setuptools-41.0.1

Description

Collection of extensions to Distutils

Added to portage

2019-04-23

signal-desktop-bin - 1.24.1
Ebuild name:

net-im/signal-desktop-bin-1.24.1

Description

Allows you to send and receive messages of Signal Messenger on you

Added to portage

2019-04-23

tortoisehg - 4.9.1
Ebuild name:

dev-vcs/tortoisehg-4.9.1

Description

Set of graphical tools for Mercurial

Added to portage

2019-04-23

unifi - 5.10.22
Ebuild name:

net-wireless/unifi-5.10.22

Description

A Management Controller for Ubiquiti Networks UniFi APs

Added to portage

2019-04-23

userspace-rcu - 0.10.2
Ebuild name:

dev-libs/userspace-rcu-0.10.2

Description

userspace RCU (read-copy-update) library

Added to portage

2019-04-23

wsmake - 0.6.4-r1
Ebuild name:

www-misc/wsmake-0.6.4-r1

Description

Website pre-processor features tag substitution and page ordering

Added to portage

2019-04-23

xchm - 1.29
Ebuild name:

app-text/xchm-1.29

Description

Utility for viewing Compiled HTML Help (CHM) files

Added to portage

2019-04-23

xfce4-notifyd - 0.4.4
Ebuild name:

xfce-extra/xfce4-notifyd-0.4.4

Description

Notification daemon for the Xfce desktop environment

Added to portage

2019-04-23

rdf newsfeed | rss newsfeed | Atom newsfeed
- Powered by LeopardCMS - Running on Gentoo -
Copyright 2004-2018 Sascha Nitsch Unternehmensberatung UG(haftungsbeschänkt)
Valid XHTML1.1 : Valid CSS : buttonmaker
- Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0 -
- Copyright and legal notices -
Time to create this page: 64.2 ms