from small one page howto to huge articles all in one place
 

search text in:




Other .linuxhowtos.org sites: www.linuxhowtos.org
toolsntoys.linuxhowtos.org



Last additions:
How to make X listen on port 6000

How to make X listen on port 6000

words:

34

views:

43503

userrating:

average rating: 1.5 (4 votes) (1=very good 6=terrible)


May, 25th 2007:
April, 26th 2007:
Apr, 10th. 2007:
Druckversion . pdf icon
You are here: Tutorials per portage category->net-misc->openvpn

OpenVPN primer


There are as many advantages to VPN tunnels as there are different VPN scenarios. One easy implementation is the "OpenVPN via tun-device" solution. An example: you'd like to connect your laptop to your LAN at home so that you can use your mail client without reconfiguring it anytime you switch from home to internet and back. Let's say your mail-server is 192.168.1.10 in your LAN (192.168.1.0/24) at home, and you have got a router/firewall providing access to the Internet. You connect from work or school and want to read mail. OpenVPN can create two virtual devices for you when connecting two computers through an encrypted tunnel. Naturally you then have the possibility of forwarding traffic into the networks behind them, and thus would be "virtually connected" to your LAN behind the firewall. To enable this, either your firewall or a server behind it should run OpenVPN (if you choose a server in your LAN, you'll have to forward the destination port to the OpenVPN server).

Here's what you need to do:
Code Listing 1: Enable the tun module in your kernel: Kernel config - tun module
          [*] Networking support    
Networking options --->
[ ] Amateur Radio support --->
< > IrDA (infrared) subsystem support --->
< > Bluetooth subsystem support --->
[*] Network device support
< > Dummy net driver support
< > Bonding driver support
< > EQL (serial line load balancing) support
Universal TUN/TAP device driver support
// This option must be enabled


Make sure this module exists and can be loaded. Next, install OpenVPN and it dependencies.
Code Listing 2: Install OpenVPN
emerge openvpn

Now on both server and client, create a directory for your configuration:

Code Listing 3: Make directory
mkdir /etc/openvpn    
mkdir /etc/openvpn/myhomelan


Inside that directory, create a shared key for your VPN session and copy that key to the client's directory, /etc/openvpn/myhomelan.

Code Listing 4: Generate shared key
cd /etc/openvpn/myhomelan    
openvpn --genkey --secret myhomelan-key.txt


Now for the tricky part, the routing. It is important that the two tun devices on the client and server use IP addresses from the same subnet. The configuration files shown below list the type of device, the two end-points of the tunnel, the compression method and the UDP-port on which the tunnel is established. Finally privileges are dropped to user and group as listed:

Code Listing 5: Server-side configuration file /etc/openvpn/myhomelan/local.conf
dev tun    
ifconfig 172.16.1.1 172.16.1.20 // IP of the local
// tun device and its peer
secret /etc/openvpn/myhomelan/myhomelan-key.txt
comp-lzo
port 5000
user nobody
group nobody


The client's configuration needs the tunnel's destination address. This is often a dynamic DNS address, sometimes a fixed IP, depending on your ISP. You also need to route to your home LAN (192.168.1.0 in our example). You can call a shell script from the configuration file that accordingly sets a route.

Code Listing 6: Client-side configuration file /etc/openvpn/myhomelan/local.conf
remote    // or your VPN 
// server's external IP if you have a fixed one
dev tun
ifconfig 172.16.1.20 172.16.1.1 // IP of the local tun
// device and its peer
secret /etc/openvpn/myhomelan/myhomelan-key.txt
comp-lzo
port 5000
user nobody
group nobody
up /etc/openvpn/myhomelan/route.sh // sets up the route
//to the network behind the VPN server


The route command would need to set the client's gateway for the network 192.168.1.0 to its peer's address (172.16.1.1 in our setup).

Code Listing 7: /etc/openvpn/myhomelan/route.sh
#!/bin/bash    
route add -net 192.168.1.0 netmask 255.255.255.0 gw 172.16.1.1


That's it. Start OpenVPN on the server and the client, and check the devices with ifconfig and the routes with route -n. Success!

From http://www.gentoo.org/news/en/gwn/20041011-newsletter.xml
rate this article:
current rating: average rating: 2.4 (16 votes) (1=very good 6=terrible)
Your rating:
Very good (1) Good (2) ok (3) average (4) bad (5) terrible (6)

back



Other free services
toURL.org
Shorten long
URLs to short
links like
http://tourl.org/2
tourl.org
.
Reverse DNS lookup
Find out which hostname(s)
resolve to a
given IP or other hostnames for the server
www.reversednslookup.org

New Packages

- as rdf newsfeed
- as rss newsfeed
- as Atom newsfeed
2018-11-14
alacritty - 0.2.3
Ebuild name:

x11-terms/alacritty-0.2.3

Description

GPU-accelerated terminal emulator

Added to portage

2018-11-14

chrome-binary-plugins - 72.0.3608.4_alpha
Ebuild name:

www-plugins/chrome-binary-plugins-72.0.3608.4_alpha

Description

Binary plugins from Google Chrome for use in Ch

Added to portage

2018-11-14

gentoo-sources - 4.19.2
Ebuild name:

sys-kernel/gentoo-sources-4.19.2

Description

Full sources including the Gentoo patchset for the . kernel tree

Added to portage

2018-11-14

google-chrome-unstable - 72.0.3608.4
Ebuild name:

www-client/google-chrome-unstable-72.0.3608.4

Description

The web browser from Google

Added to portage

2018-11-14

kio-extras - 18.08.3-r1
Ebuild name:

kde-apps/kio-extras-18.08.3-r1

Description

KIO plugins present a filesystem-like view of arbitrary data

Added to portage

2018-11-14

libnftnl - 1.1.2
Ebuild name:

net-libs/libnftnl-1.1.2

Description

Netlink API to the in-kernel nf_tables subsystem

Added to portage

2018-11-14

2018-11-13
Ice - 3.6.4
Ebuild name:

dev-libs/Ice-3.6.4

Description

ICE middleware C++ library and generator tools

Added to portage

2018-11-13

afflib - 3.7.17
Ebuild name:

app-forensics/afflib-3.7.17

Description

Library that implements the AFF image standard

Added to portage

2018-11-13

chump - 1.6.0
Ebuild name:

dev-python/chump-1.6.0

Description

API wrapper for Pushover

Added to portage

2018-11-13

drupal - 7.61
Ebuild name:

www-apps/drupal-7.61

Description

PHP-based open-source platform and content management system

Added to portage

2018-11-13

flask-nav - 0.6-r1
Ebuild name:

dev-python/flask-nav-0.6-r1

Description

Easily create navigation for Flask applications.

Added to portage

2018-11-13

fluentd - 1.2.6-r1
Ebuild name:

app-admin/fluentd-1.2.6-r1

Description

data collector and unified logging layer (project under CNCF)

Added to portage

2018-11-13

hplip - 3.18.10
Ebuild name:

net-print/hplip-3.18.10

Description

HP Linux Imaging and Printing - Print, scan, fax drivers and service tools

Added to portage

2018-11-13

hunspell - 1.7.0
Ebuild name:

app-text/hunspell-1.7.0

Description

Hunspell spell checker - an improved replacement for myspell in OOo

Added to portage

2018-11-13

inflect - 2.1.0
Ebuild name:

dev-python/inflect-2.1.0

Description

Correctly inflect words and numbers

Added to portage

2018-11-13

kodi - 17.6-r9
Ebuild name:

media-tv/kodi-17.6-r9

Description

A free and open source media-player and entertainment hub

Added to portage

2018-11-13

kodi-pvr-vdr-vnsi - 3.6.2
Ebuild name:

media-plugins/kodi-pvr-vdr-vnsi-3.6.2

Description

Kodi PVR addon VNSI

Added to portage

2018-11-13

konsole - 18.08.3-r1
Ebuild name:

kde-apps/konsole-18.08.3-r1

Description

KDE's terminal emulator

Added to portage

2018-11-13

kwin - 5.14.3-r1
Ebuild name:

kde-plasma/kwin-5.14.3-r1

Description

KDE window manager

Added to portage

2018-11-13

libaom - 1.0.0-r1
Ebuild name:

media-libs/libaom-1.0.0-r1

Description

Alliance for Open Media AV1 Codec SDK

Added to portage

2018-11-13

libcss - 0.8.0-r1
Ebuild name:

dev-libs/libcss-0.8.0-r1

Description

CSS parser and selection engine, written in C

Added to portage

2018-11-13

libdom - 0.3.3-r1
Ebuild name:

net-libs/libdom-0.3.3-r1

Description

implementation of the W3C DOM, written in C

Added to portage

2018-11-13

libhubbub - 0.3.5-r1
Ebuild name:

net-libs/libhubbub-0.3.5-r1

Description

HTML5 compliant parsing library, written in C

Added to portage

2018-11-13

libjpeg-turbo - 2.0.1
Ebuild name:

media-libs/libjpeg-turbo-2.0.1

Description

MMX, SSE, and SSE2 SIMD accelerated JPEG library

Added to portage

2018-11-13

libmicrohttpd - 0.9.60
Ebuild name:

net-libs/libmicrohttpd-0.9.60

Description

Small C library to run an HTTP server as part of another application

Added to portage

2018-11-13

libnsbmp - 0.1.5-r1
Ebuild name:

media-libs/libnsbmp-0.1.5-r1

Description

decoding library for BMP and ICO image file formats, written in C

Added to portage

2018-11-13

libnsfb - 0.2.0-r1
Ebuild name:

dev-libs/libnsfb-0.2.0-r1

Description

framebuffer abstraction library, written in C

Added to portage

2018-11-13

libnsgif - 0.2.1-r1
Ebuild name:

media-libs/libnsgif-0.2.1-r1

Description

decoding library for the GIF image file format, written in C

Added to portage

2018-11-13

libnspsl - 0.1.3-r1
Ebuild name:

media-libs/libnspsl-0.1.3-r1

Description

decoding library for BMP and ICO image file formats, written in C

Added to portage

2018-11-13

libnsutils - 0.0.5-r1
Ebuild name:

dev-libs/libnsutils-0.0.5-r1

Description

base64 and time library, written in C

Added to portage

2018-11-13

libparserutils - 0.2.4-r1
Ebuild name:

dev-libs/libparserutils-0.2.4-r1

Description

library for building efficient parsers, written in C

Added to portage

2018-11-13

libreswan - 3.27-r1
Ebuild name:

net-vpn/libreswan-3.27-r1

Description

IPsec implementation for Linux, fork of Openswan

Added to portage

2018-11-13

librosprite - 0.1.3-r1
Ebuild name:

media-libs/librosprite-0.1.3-r1

Description

framebuffer abstraction library, written in C

Added to portage

2018-11-13

libsvgtiny - 0.1.7-r1
Ebuild name:

media-libs/libsvgtiny-0.1.7-r1

Description

framebuffer abstraction library, written in C

Added to portage

2018-11-13

libutf8proc - 2.2.0_p1-r1
Ebuild name:

dev-libs/libutf8proc-2.2.0_p1-r1

Description

mapping tool for UTF-8 strings

Added to portage

2018-11-13

libwapcaplet - 0.4.1-r1
Ebuild name:

dev-libs/libwapcaplet-0.4.1-r1

Description

string internment library, written in C

Added to portage

2018-11-13

mesa - 18.3.0_rc2
Ebuild name:

media-libs/mesa-18.3.0_rc2

Description

OpenGL-like graphic library for Linux

Added to portage

2018-11-13

method_source - 0.9.2
Ebuild name:

dev-ruby/method_source-0.9.2

Description

Retrieve the source code for a method

Added to portage

2018-11-13

mpd - 0.21.2
Ebuild name:

media-sound/mpd-0.21.2

Description

The Music Player Daemon (mpd)

Added to portage

2018-11-13

netsurf - 3.8-r2
Ebuild name:

www-client/netsurf-3.8-r2

Description

a free, open source web browser

Added to portage

2018-11-13

netsurf-buildsystem - 1.7
Ebuild name:

dev-util/netsurf-buildsystem-1.7

Description

Build system used for netsurf and its libs

Added to portage

2018-11-13

nsgenbind - 0.6-r1
Ebuild name:

dev-libs/nsgenbind-0.6-r1

Description

generate javascript to dom bindings from w3c webidl files

Added to portage

2018-11-13

openssl - 1.0.2p-r1
Ebuild name:

dev-libs/openssl-1.0.2p-r1

Description

full-strength general purpose cryptography library (including SSL and TL

Added to portage

2018-11-13

openssl - 1.1.0i-r2
Ebuild name:

dev-libs/openssl-1.1.0i-r2

Description

full-strength general purpose cryptography library (including SSL and TL

Added to portage

2018-11-13

openssl - 1.1.1-r2
Ebuild name:

dev-libs/openssl-1.1.1-r2

Description

full-strength general purpose cryptography library (including SSL and TLS

Added to portage

2018-11-13

plymouth-openrc-plugin - 0.1.2-r1
Ebuild name:

sys-boot/plymouth-openrc-plugin-0.1.2-r1

Description

Plymouth plugin for OpenRC

Added to portage

2018-11-13

pychess - 0.99.3
Ebuild name:

games-board/pychess-0.99.3

Description

A chess client for Gnome

Added to portage

2018-11-13

razor - 2.85-r3
Ebuild name:

mail-filter/razor-2.85-r3

Description

Distributed, collaborative spam detection and filtering network

Added to portage

2018-11-13

redis - 5.0.1
Ebuild name:

dev-db/redis-5.0.1

Description

A persistent caching system, key-value and data structures database

Added to portage

2018-11-13

snes9x - 1.57
Ebuild name:

games-emulation/snes9x-1.57

Description

Super Nintendo Entertainment System (SNES) emulator

Added to portage

2018-11-13

stellarium - 0.18.2
Ebuild name:

sci-astronomy/stellarium-0.18.2

Description

3D photo-realistic skies in real time

Added to portage

2018-11-13

toxic - 0.8.3
Ebuild name:

net-im/toxic-0.8.3

Description

A curses-based client for Tox

Added to portage

2018-11-13

trace-cmd - 2.7
Ebuild name:

dev-util/trace-cmd-2.7

Description

User-space front-end for Ftrace

Added to portage

2018-11-13

trace-cmd - 9999
Ebuild name:

dev-util/trace-cmd-9999

Description

User-space front-end for Ftrace

Added to portage

2018-11-13

typhoeus - 1.3.1
Ebuild name:

dev-ruby/typhoeus-1.3.1

Description

Runs HTTP requests in parallel while cleanly encapsulating handling logic

Added to portage

2018-11-13

vifm - 0.10
Ebuild name:

app-misc/vifm-0.10

Description

Console file manager with vi(m)-like keybindings

Added to portage

2018-11-13

rdf newsfeed | rss newsfeed | Atom newsfeed
- Powered by LeopardCMS - Running on Gentoo -
Copyright 2004-2018 Sascha Nitsch Unternehmensberatung UG(haftungsbeschänkt)
Valid XHTML1.1 : Valid CSS : buttonmaker
- Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0 -
- Copyright and legal notices -
Time to create this page: 72.6 ms