from small one page howto to huge articles all in one place

search text in:




Other .linuxhowtos.org sites: www.linuxhowtos.org
toolsntoys.linuxhowtos.org



Last additions:
How to make X listen on port 6000

How to make X listen on port 6000

words:

34

views:

86865

userrating:

average rating: 1.2 (52 votes) (1=very good 6=terrible)


May, 25th 2007:
April, 26th 2007:
Apr, 10th. 2007:
Druckversion . pdf icon
You are here: Tutorials per portage category->net-misc->openvpn

OpenVPN primer


There are as many advantages to VPN tunnels as there are different VPN scenarios. One easy implementation is the "OpenVPN via tun-device" solution. An example: you'd like to connect your laptop to your LAN at home so that you can use your mail client without reconfiguring it anytime you switch from home to internet and back. Let's say your mail-server is 192.168.1.10 in your LAN (192.168.1.0/24) at home, and you have got a router/firewall providing access to the Internet. You connect from work or school and want to read mail. OpenVPN can create two virtual devices for you when connecting two computers through an encrypted tunnel. Naturally you then have the possibility of forwarding traffic into the networks behind them, and thus would be "virtually connected" to your LAN behind the firewall. To enable this, either your firewall or a server behind it should run OpenVPN (if you choose a server in your LAN, you'll have to forward the destination port to the OpenVPN server).

Here's what you need to do:
Code Listing 1: Enable the tun module in your kernel: Kernel config - tun module
          [*] Networking support    
Networking options --->
[ ] Amateur Radio support --->
< > IrDA (infrared) subsystem support --->
< > Bluetooth subsystem support --->
[*] Network device support
< > Dummy net driver support
< > Bonding driver support
< > EQL (serial line load balancing) support
Universal TUN/TAP device driver support
// This option must be enabled


Make sure this module exists and can be loaded. Next, install OpenVPN and it dependencies.
Code Listing 2: Install OpenVPN
emerge openvpn

Now on both server and client, create a directory for your configuration:

Code Listing 3: Make directory
mkdir /etc/openvpn    
mkdir /etc/openvpn/myhomelan


Inside that directory, create a shared key for your VPN session and copy that key to the client's directory, /etc/openvpn/myhomelan.

Code Listing 4: Generate shared key
cd /etc/openvpn/myhomelan    
openvpn --genkey --secret myhomelan-key.txt


Now for the tricky part, the routing. It is important that the two tun devices on the client and server use IP addresses from the same subnet. The configuration files shown below list the type of device, the two end-points of the tunnel, the compression method and the UDP-port on which the tunnel is established. Finally privileges are dropped to user and group as listed:

Code Listing 5: Server-side configuration file /etc/openvpn/myhomelan/local.conf
dev tun    
ifconfig 172.16.1.1 172.16.1.20 // IP of the local
// tun device and its peer
secret /etc/openvpn/myhomelan/myhomelan-key.txt
comp-lzo
port 5000
user nobody
group nobody


The client's configuration needs the tunnel's destination address. This is often a dynamic DNS address, sometimes a fixed IP, depending on your ISP. You also need to route to your home LAN (192.168.1.0 in our example). You can call a shell script from the configuration file that accordingly sets a route.

Code Listing 6: Client-side configuration file /etc/openvpn/myhomelan/local.conf
remote    // or your VPN 
// server's external IP if you have a fixed one
dev tun
ifconfig 172.16.1.20 172.16.1.1 // IP of the local tun
// device and its peer
secret /etc/openvpn/myhomelan/myhomelan-key.txt
comp-lzo
port 5000
user nobody
group nobody
up /etc/openvpn/myhomelan/route.sh // sets up the route
//to the network behind the VPN server


The route command would need to set the client's gateway for the network 192.168.1.0 to its peer's address (172.16.1.1 in our setup).

Code Listing 7: /etc/openvpn/myhomelan/route.sh
#!/bin/bash    
route add -net 192.168.1.0 netmask 255.255.255.0 gw 172.16.1.1


That's it. Start OpenVPN on the server and the client, and check the devices with ifconfig and the routes with route -n. Success!

From http://www.gentoo.org/news/en/gwn/20041011-newsletter.xml
rate this article:
current rating: average rating: 1.5 (69 votes) (1=very good 6=terrible)
Your rating:
Very good (1) Good (2) ok (3) average (4) bad (5) terrible (6)

back



Support us on Content Nation

New Packages

- as rdf newsfeed
- as rss newsfeed
- as Atom newsfeed
2026-07-15
android-studio - 2026.1.2.10
Ebuild name:

dev-util/android-studio-2026.1.2.10

Description

Android development environment based on IntelliJ IDEA

Added to portage

2026-07-15

claude-code - 2.1.209
Ebuild name:

dev-util/claude-code-2.1.209

Description

Claude Code - an agentic coding tool by Anthropic

Added to portage

2026-07-15

fontconfig - 2.18.2
Ebuild name:

media-libs/fontconfig-2.18.2

Description

A library for configuring and customizing font access

Added to portage

2026-07-15

nv-codec-headers - 12.1.14.1
Ebuild name:

media-libs/nv-codec-headers-12.1.14.1

Description

FFmpeg version of headers required to interface with Nvidias

Added to portage

2026-07-15

nv-codec-headers - 13.0.19.1
Ebuild name:

media-libs/nv-codec-headers-13.0.19.1

Description

FFmpeg version of headers required to interface with Nvidias

Added to portage

2026-07-15

nv-codec-headers - 13.1.15.0
Ebuild name:

media-libs/nv-codec-headers-13.1.15.0

Description

FFmpeg version of headers required to interface with Nvidias

Added to portage

2026-07-15

pkgconf - 3.0.3
Ebuild name:

dev-util/pkgconf-3.0.3

Description

pkg-config compatible replacement with no dependencies other than C99

Added to portage

2026-07-15

pytest-tap - 3.5
Ebuild name:

dev-python/pytest-tap-3.5

Description

Reporting plugin for pytest that outputs Test Anything Protocol (TAP) dat

Added to portage

2026-07-15

tox - 0.2.23
Ebuild name:

net-libs/tox-0.2.23

Description

Encrypted P2P, messaging, and audio/video calling platform

Added to portage

2026-07-15

toxic - 0.16.3
Ebuild name:

net-im/toxic-0.16.3

Description

A curses-based client for Tox

Added to portage

2026-07-15

yq - 3.4.4
Ebuild name:

app-misc/yq-3.4.4

Description

Command-line YAML processor - jq wrapper for YAML documents

Added to portage

2026-07-15

yq - 4.1.2
Ebuild name:

app-misc/yq-4.1.2

Description

Command-line YAML processor - jq wrapper for YAML documents

Added to portage

2026-07-15

2026-07-14
3proxy - 0.9.7
Ebuild name:

net-proxy/3proxy-0.9.7

Description

Really tiny cross-platform proxy servers set

Added to portage

2026-07-14

awscli - 1.45.47
Ebuild name:

app-admin/awscli-1.45.47

Description

Universal Command Line Environment for AWS

Added to portage

2026-07-14

bcachefs-tools - 1.38.8
Ebuild name:

sys-fs/bcachefs-tools-1.38.8

Description

Tools for bcachefs

Added to portage

2026-07-14

bear - 4.1.5
Ebuild name:

dev-util/bear-4.1.5

Description

A tool that generates a compilation database for clang tooling

Added to portage

2026-07-14

boost - 1.91.0-r2
Ebuild name:

dev-libs/boost-1.91.0-r2

Description

Boost Libraries for C++

Added to portage

2026-07-14

boto3 - 1.43.47
Ebuild name:

dev-python/boto3-1.43.47

Description

The AWS SDK for Python

Added to portage

2026-07-14

botocore - 1.43.47
Ebuild name:

dev-python/botocore-1.43.47

Description

Low-level, data-driven core of boto 3

Added to portage

2026-07-14

brscan5 - 1.6.2.0-r1
Ebuild name:

media-gfx/brscan5-1.6.2.0-r1

Description

SANE driver for Brother scanners (brscan5)

Added to portage

2026-07-14

checksec - 2.7.1-r2
Ebuild name:

app-admin/checksec-2.7.1-r2

Description

Tool to check properties of executables (e.g. ASLR/PIE, RELRO, PaX, Can

Added to portage

2026-07-14

cifs-utils - 7.7
Ebuild name:

net-fs/cifs-utils-7.7

Description

Tools for Managing Linux CIFS Client Filesystems

Added to portage

2026-07-14

dolphin - 2606
Ebuild name:

games-emulation/dolphin-2606

Description

Gamecube and Wii game emulator

Added to portage

2026-07-14

freerdp - 3.29.0
Ebuild name:

net-misc/freerdp-3.29.0

Description

Free implementation of the Remote Desktop Protocol

Added to portage

2026-07-14

gdm - 49.3
Ebuild name:

gnome-base/gdm-49.3

Description

GNOME Display Manager for managing graphical display servers and user logins

Added to portage

2026-07-14

gnome-shell-extension-lockscreen-studio - 1.1.2
Ebuild name:

gnome-extra/gnome-shell-extension-lockscreen-studio-1.1.2

Description

Customization extension for the gnome-she

Added to portage

2026-07-14

google-auth - 2.56.0
Ebuild name:

dev-python/google-auth-2.56.0

Description

Google Authentication Library

Added to portage

2026-07-14

grub2-theme-preview - 2.10.0
Ebuild name:

x11-misc/grub2-theme-preview-2.10.0

Description

Preview a GRUB 2.x theme using KVM/QEMU

Added to portage

2026-07-14

ig - 0.54.1
Ebuild name:

app-admin/ig-0.54.1

Description

Tools and framework for data collection and system inspection using eBPF

Added to portage

2026-07-14

jaraco-functools - 4.6.0
Ebuild name:

dev-python/jaraco-functools-4.6.0

Description

Additional functions used by other projects by developer jaraco

Added to portage

2026-07-14

just - 1.55.1
Ebuild name:

dev-build/just-1.55.1

Description

Just a command runner (with syntax inspired by 'make')

Added to portage

2026-07-14

kas - 5.4
Ebuild name:

dev-build/kas-5.4

Description

Setup tool for bitbake based projects

Added to portage

2026-07-14

msgpack - 7.0.1
Ebuild name:

dev-libs/msgpack-7.0.1

Description

MessagePack is a binary-based efficient data interchange format

Added to portage

2026-07-14

msgpack-cxx - 8.0.0
Ebuild name:

dev-cpp/msgpack-cxx-8.0.0

Description

MessagePack for C++

Added to portage

2026-07-14

mypy - 2.3.0
Ebuild name:

dev-python/mypy-2.3.0

Description

Optional static typing for Python

Added to portage

2026-07-14

narwhals - 2.24.0
Ebuild name:

dev-python/narwhals-2.24.0

Description

Extremely lightweight compatibility layer between dataframe libraries

Added to portage

2026-07-14

nerd-icons - 0.1.0
Ebuild name:

app-emacs/nerd-icons-0.1.0

Description

Emacs Nerd Font Icons Library

Added to portage

2026-07-14

nwipe - 0.41
Ebuild name:

app-crypt/nwipe-0.41

Description

Securely erase disks using a variety of recognized methods

Added to portage

2026-07-14

onak - 0.6.3
Ebuild name:

app-crypt/onak-0.6.3

Description

onak is an OpenPGP keyserver

Added to portage

2026-07-14

onak - 0.6.4
Ebuild name:

app-crypt/onak-0.6.4

Description

onak is an OpenPGP keyserver

Added to portage

2026-07-14

ophcrack - 3.8.0-r2
Ebuild name:

app-crypt/ophcrack-3.8.0-r2

Description

A time-memory-trade-off-cracker

Added to portage

2026-07-14

ophcrack-tables - 1.0-r2
Ebuild name:

app-crypt/ophcrack-tables-1.0-r2

Description

Tables available for ophcrack

Added to portage

2026-07-14

osslsigncode - 2.13
Ebuild name:

app-crypt/osslsigncode-2.13

Description

Platform-independent tool for Authenticode signing of EXE/CAB files

Added to portage

2026-07-14

osslsigncode - 2.9
Ebuild name:

app-crypt/osslsigncode-2.9

Description

Platform-independent tool for Authenticode signing of EXE/CAB files

Added to portage

2026-07-14

pch-session - 49.1
Ebuild name:

gnome-extra/pch-session-49.1

Description

Unofficial gnome based session with different default settings and ext

Added to portage

2026-07-14

peewee - 4.2.2
Ebuild name:

dev-python/peewee-4.2.2

Description

Small Python ORM

Added to portage

2026-07-14

php - 8.2.32
Ebuild name:

dev-lang/php-8.2.32

Description

The PHP language runtime engine

Added to portage

2026-07-14

php - 8.3.32
Ebuild name:

dev-lang/php-8.3.32

Description

The PHP language runtime engine

Added to portage

2026-07-14

php - 8.4.23
Ebuild name:

dev-lang/php-8.4.23

Description

The PHP language runtime engine

Added to portage

2026-07-14

php - 8.5.8
Ebuild name:

dev-lang/php-8.5.8

Description

The PHP language runtime engine

Added to portage

2026-07-14

pkixssh - 19.0.1
Ebuild name:

net-misc/pkixssh-19.0.1

Description

OpenSSH fork with X.509 v3 certificate support

Added to portage

2026-07-14

postfix - 3.12_pre20260713
Ebuild name:

mail-mta/postfix-3.12_pre20260713

Description

A fast and secure drop-in replacement for sendmail

Added to portage

2026-07-14

prismlauncher - 11.0.3
Ebuild name:

games-action/prismlauncher-11.0.3

Description

Custom, open source Minecraft launcher

Added to portage

2026-07-14

pyghmi - 1.6.19
Ebuild name:

dev-python/pyghmi-1.6.19

Description

A pure python implementation of IPMI protocol

Added to portage

2026-07-14

pyproject-fmt - 2.25.3
Ebuild name:

dev-python/pyproject-fmt-2.25.3

Description

Format your pyproject.toml file

Added to portage

2026-07-14

python-manilaclient - 6.2.0
Ebuild name:

dev-python/python-manilaclient-6.2.0

Description

Python bindings to the OpenStack Manila API

Added to portage

2026-07-14

python-openstackclient - 10.2.0
Ebuild name:

dev-python/python-openstackclient-10.2.0

Description

A client for the OpenStack APIs

Added to portage

2026-07-14

rutorrent - 5.3.7
Ebuild name:

www-apps/rutorrent-5.3.7

Description

ruTorrent is a front-end for the popular Bittorrent client rTorrent

Added to portage

2026-07-14

sabnzbd - 5.0.4
Ebuild name:

net-nntp/sabnzbd-5.0.4

Description

Binary newsgrabber with web-interface

Added to portage

2026-07-14

sed - 4.10-r1
Ebuild name:

sys-apps/sed-4.10-r1

Description

Super-useful stream editor

Added to portage

2026-07-14

tempora - 5.12.0
Ebuild name:

dev-python/tempora-5.12.0

Description

Objects and routines pertaining to date and time

Added to portage

2026-07-14

translate-toolkit - 3.19.14
Ebuild name:

dev-python/translate-toolkit-3.19.14

Description

Toolkit to convert between many translation formats

Added to portage

2026-07-14

ttyplot - 1.7.5
Ebuild name:

app-admin/ttyplot-1.7.5

Description

Realtime plotting utility with data input from stdin

Added to portage

2026-07-14

urwid - 4.0.4
Ebuild name:

dev-python/urwid-4.0.4

Description

Curses-based user interface library for Python

Added to portage

2026-07-14

zsnes - 2.2.1
Ebuild name:

games-emulation/zsnes-2.2.1

Description

Fork of the classic Super Nintendo emulator

Added to portage

2026-07-14

rdf newsfeed | rss newsfeed | Atom newsfeed
Copyright 2004-2025 Sascha Nitsch Unternehmensberatung GmbH
- Copyright and legal notices -
Time to create this page: 95.8 ms