from small one page howto to huge articles all in one place
 

search text in:




Other .linuxhowtos.org sites: www.linuxhowtos.org
toolsntoys.linuxhowtos.org



Last additions:
How to make X listen on port 6000

How to make X listen on port 6000

words:

34

views:

68178

userrating:

average rating: 1.2 (8 votes) (1=very good 6=terrible)


May, 25th 2007:
April, 26th 2007:
Apr, 10th. 2007:
Druckversion . pdf icon
You are here: Tutorials per portage category->net-misc->openvpn

OpenVPN primer


There are as many advantages to VPN tunnels as there are different VPN scenarios. One easy implementation is the "OpenVPN via tun-device" solution. An example: you'd like to connect your laptop to your LAN at home so that you can use your mail client without reconfiguring it anytime you switch from home to internet and back. Let's say your mail-server is 192.168.1.10 in your LAN (192.168.1.0/24) at home, and you have got a router/firewall providing access to the Internet. You connect from work or school and want to read mail. OpenVPN can create two virtual devices for you when connecting two computers through an encrypted tunnel. Naturally you then have the possibility of forwarding traffic into the networks behind them, and thus would be "virtually connected" to your LAN behind the firewall. To enable this, either your firewall or a server behind it should run OpenVPN (if you choose a server in your LAN, you'll have to forward the destination port to the OpenVPN server).

Here's what you need to do:
Code Listing 1: Enable the tun module in your kernel: Kernel config - tun module
          [*] Networking support    
Networking options --->
[ ] Amateur Radio support --->
< > IrDA (infrared) subsystem support --->
< > Bluetooth subsystem support --->
[*] Network device support
< > Dummy net driver support
< > Bonding driver support
< > EQL (serial line load balancing) support
Universal TUN/TAP device driver support
// This option must be enabled


Make sure this module exists and can be loaded. Next, install OpenVPN and it dependencies.
Code Listing 2: Install OpenVPN
emerge openvpn

Now on both server and client, create a directory for your configuration:

Code Listing 3: Make directory
mkdir /etc/openvpn    
mkdir /etc/openvpn/myhomelan


Inside that directory, create a shared key for your VPN session and copy that key to the client's directory, /etc/openvpn/myhomelan.

Code Listing 4: Generate shared key
cd /etc/openvpn/myhomelan    
openvpn --genkey --secret myhomelan-key.txt


Now for the tricky part, the routing. It is important that the two tun devices on the client and server use IP addresses from the same subnet. The configuration files shown below list the type of device, the two end-points of the tunnel, the compression method and the UDP-port on which the tunnel is established. Finally privileges are dropped to user and group as listed:

Code Listing 5: Server-side configuration file /etc/openvpn/myhomelan/local.conf
dev tun    
ifconfig 172.16.1.1 172.16.1.20 // IP of the local
// tun device and its peer
secret /etc/openvpn/myhomelan/myhomelan-key.txt
comp-lzo
port 5000
user nobody
group nobody


The client's configuration needs the tunnel's destination address. This is often a dynamic DNS address, sometimes a fixed IP, depending on your ISP. You also need to route to your home LAN (192.168.1.0 in our example). You can call a shell script from the configuration file that accordingly sets a route.

Code Listing 6: Client-side configuration file /etc/openvpn/myhomelan/local.conf
remote    // or your VPN 
// server's external IP if you have a fixed one
dev tun
ifconfig 172.16.1.20 172.16.1.1 // IP of the local tun
// device and its peer
secret /etc/openvpn/myhomelan/myhomelan-key.txt
comp-lzo
port 5000
user nobody
group nobody
up /etc/openvpn/myhomelan/route.sh // sets up the route
//to the network behind the VPN server


The route command would need to set the client's gateway for the network 192.168.1.0 to its peer's address (172.16.1.1 in our setup).

Code Listing 7: /etc/openvpn/myhomelan/route.sh
#!/bin/bash    
route add -net 192.168.1.0 netmask 255.255.255.0 gw 172.16.1.1


That's it. Start OpenVPN on the server and the client, and check the devices with ifconfig and the routes with route -n. Success!

From http://www.gentoo.org/news/en/gwn/20041011-newsletter.xml
rate this article:
current rating: average rating: 2.3 (17 votes) (1=very good 6=terrible)
Your rating:
Very good (1) Good (2) ok (3) average (4) bad (5) terrible (6)

back



Support us on Content Nation

New Packages

- as rdf newsfeed
- as rss newsfeed
- as Atom newsfeed
2024-07-27
bash - 5.3_alpha_p20240726
Ebuild name:

app-shells/bash-5.3_alpha_p20240726

Description

The standard GNU Bourne again shell

Added to portage

2024-07-27

faudio - 24.07
Ebuild name:

app-emulation/faudio-24.07

Description

Accuracy-focused XAudio reimplementation for open platforms

Added to portage

2024-07-27

installkernel - 41
Ebuild name:

sys-kernel/installkernel-41

Description

Gentoo fork of installkernel script from debianutils

Added to portage

2024-07-27

latexdiff - 1.3.4
Ebuild name:

dev-tex/latexdiff-1.3.4

Description

Compare two latex files and mark up significant differences

Added to portage

2024-07-27

litecli - 1.11.1
Ebuild name:

dev-db/litecli-1.11.1

Description

CLI for SQLite with auto-completion and syntax highlighting

Added to portage

2024-07-27

maildrop - 3.1.7
Ebuild name:

mail-filter/maildrop-3.1.7

Description

Mail delivery agent/filter

Added to portage

2024-07-27

metee - 4.2.0
Ebuild name:

dev-libs/metee-4.2.0

Description

Cross-platform access library for Intel CSME HECI interface

Added to portage

2024-07-27

pahole - 1.27-r1
Ebuild name:

dev-util/pahole-1.27-r1

Description

pahole (Poke-a-Hole) and other DWARF utilities

Added to portage

2024-07-27

ssldump - 1.8
Ebuild name:

net-analyzer/ssldump-1.8

Description

An SSLv3/TLS network protocol analyzer

Added to portage

2024-07-27

tcping - 2.1.0
Ebuild name:

net-analyzer/tcping-2.1.0

Description

Check if a desired port is reachable via TCP

Added to portage

2024-07-27

2024-07-26
apprise - 1.8.1
Ebuild name:

dev-python/apprise-1.8.1

Description

Push Notifications that work with just about every platform

Added to portage

2024-07-26

aquamarine - 0.1.1-r1
Ebuild name:

gui-libs/aquamarine-0.1.1-r1

Description

Aquamarine is a very light linux rendering backend library

Added to portage

2024-07-26

atlas - 3.10.2-r1
Ebuild name:

sci-libs/atlas-3.10.2-r1

Description

Automatically Tuned Linear Algebra Software

Added to portage

2024-07-26

atlas - 3.10.3
Ebuild name:

sci-libs/atlas-3.10.3

Description

Automatically Tuned Linear Algebra Software

Added to portage

2024-07-26

atlas - 3.11.41
Ebuild name:

sci-libs/atlas-3.11.41

Description

Automatically Tuned Linear Algebra Software

Added to portage

2024-07-26

atpublic - 5.0
Ebuild name:

dev-python/atpublic-5.0

Description

A decorator to populate __all__ and the module globals

Added to portage

2024-07-26

awscli - 1.33.31
Ebuild name:

app-admin/awscli-1.33.31

Description

Universal Command Line Environment for AWS

Added to portage

2024-07-26

bindgen - 0.69.4
Ebuild name:

dev-util/bindgen-0.69.4

Description

Automatically generates Rust FFI bindings to C and C++ libraries.

Added to portage

2024-07-26

blueman - 2.4.3
Ebuild name:

net-wireless/blueman-2.4.3

Description

Simple and intuitive GTK+ Bluetooth Manager

Added to portage

2024-07-26

boto3 - 1.34.149
Ebuild name:

dev-python/boto3-1.34.149

Description

The AWS SDK for Python

Added to portage

2024-07-26

botocore - 1.34.149
Ebuild name:

dev-python/botocore-1.34.149

Description

Low-level, data-driven core of boto 3

Added to portage

2024-07-26

croniter - 3.0.1
Ebuild name:

dev-python/croniter-3.0.1

Description

Python module to provide iteration for datetime object

Added to portage

2024-07-26

docile - 1.4.1
Ebuild name:

dev-ruby/docile-1.4.1

Description

Turns any Ruby object into a DSL

Added to portage

2024-07-26

faraday-net_http - 3.1.1
Ebuild name:

dev-ruby/faraday-net_http-3.1.1

Description

Faraday adapter for Net

Added to portage

2024-07-26

fastfetch - 2.20.0
Ebuild name:

app-misc/fastfetch-2.20.0

Description

Fast neofetch-like system information tool

Added to portage

2024-07-26

google-api-python-client - 2.138.0
Ebuild name:

dev-python/google-api-python-client-2.138.0

Description

Google API Client for Python

Added to portage

2024-07-26

grisbi - 3.0.4
Ebuild name:

app-office/grisbi-3.0.4

Description

Grisbi is a personal accounting application for Linux

Added to portage

2024-07-26

hcloud - 2.1.0
Ebuild name:

dev-python/hcloud-2.1.0

Description

Official Hetzner Cloud python library

Added to portage

2024-07-26

ibus-m17n - 1.4.31
Ebuild name:

app-i18n/ibus-m17n-1.4.31

Description

M17N engine for IBus

Added to portage

2024-07-26

ibus-typing-booster - 2.25.14
Ebuild name:

app-i18n/ibus-typing-booster-2.25.14

Description

Completion input method for IBus

Added to portage

2024-07-26

kdsingleapplication - 1.1.0-r1
Ebuild name:

dev-libs/kdsingleapplication-1.1.0-r1

Description

KDAB's helper class for single-instance policy applications

Added to portage

2024-07-26

libcdada - 0.6.0
Ebuild name:

dev-libs/libcdada-0.6.0

Description

Basic data structures in C

Added to portage

2024-07-26

micropython - 1.23.0
Ebuild name:

dev-lang/micropython-1.23.0

Description

Python implementation for microcontrollers

Added to portage

2024-07-26

mkdocstrings - 0.25.2
Ebuild name:

dev-python/mkdocstrings-0.25.2

Description

Automatic documentation from sources, for MkDocs

Added to portage

2024-07-26

mkdocstrings-python - 1.10.7
Ebuild name:

dev-python/mkdocstrings-python-1.10.7

Description

Python handler for dev-python/mkdocstrings

Added to portage

2024-07-26

mrcfile - 1.5.3
Ebuild name:

dev-python/mrcfile-1.5.3

Description

MRC2014 file format I/O library

Added to portage

2024-07-26

munin - 2.0.76-r1
Ebuild name:

net-analyzer/munin-2.0.76-r1

Description

Munin Server Monitoring Tool

Added to portage

2024-07-26

openjdk - 8.422_p05
Ebuild name:

dev-java/openjdk-8.422_p05

Description

Open source implementation of the Java programming language

Added to portage

2024-07-26

openjdk-bin - 8.422_p05
Ebuild name:

dev-java/openjdk-bin-8.422_p05

Description

Prebuilt Java JDK binaries provided by Eclipse Temurin

Added to portage

2024-07-26

owncloud-client - 5.2.1.13040-r1
Ebuild name:

net-misc/owncloud-client-5.2.1.13040-r1

Description

Synchronize files from ownCloud Server with your computer

Added to portage

2024-07-26

pytest - 8.3.2
Ebuild name:

dev-python/pytest-8.3.2

Description

Simple powerful testing with Python

Added to portage

2024-07-26

regress - 1.5.1
Ebuild name:

app-emacs/regress-1.5.1

Description

Regression test harness for Emacs Lisp code

Added to portage

2024-07-26

rssguard - 4.7.3
Ebuild name:

net-news/rssguard-4.7.3

Description

Simple (yet powerful) news feed reader

Added to portage

2024-07-26

simutrans - 124.1
Ebuild name:

games-simulation/simutrans-124.1

Description

A free Transport Tycoon clone

Added to portage

2024-07-26

sqlglot - 25.7.1
Ebuild name:

dev-python/sqlglot-25.7.1

Description

An easily customizable SQL parser and transpiler

Added to portage

2024-07-26

strawberry - 1.0.23-r2
Ebuild name:

media-sound/strawberry-1.0.23-r2

Description

Modern music player and library organizer based on Clementine and

Added to portage

2024-07-26

stripe - 10.5.0
Ebuild name:

dev-python/stripe-10.5.0

Description

Stripe Python bindings

Added to portage

2024-07-26

tempora - 5.7.0
Ebuild name:

dev-python/tempora-5.7.0

Description

Objects and routines pertaining to date and time

Added to portage

2024-07-26

tomcat-native - 1.3.1
Ebuild name:

dev-java/tomcat-native-1.3.1

Description

Allows Tomcat to use certain native resources for better performance

Added to portage

2024-07-26

tuxedo-drivers - 4.6.1
Ebuild name:

app-laptop/tuxedo-drivers-4.6.1

Description

Kernel modules for TUXEDO laptops

Added to portage

2024-07-26

virtualbox - 7.1.0_beta1
Ebuild name:

app-emulation/virtualbox-7.1.0_beta1

Description

Family of powerful x86 virtualization products for enterprise

Added to portage

2024-07-26

virtualbox-additions - 7.1.0_beta1
Ebuild name:

app-emulation/virtualbox-additions-7.1.0_beta1

Description

CD image containing guest additions for VirtualBox

Added to portage

2024-07-26

virtualbox-extpack-oracle - 7.1.0_beta1
Ebuild name:

app-emulation/virtualbox-extpack-oracle-7.1.0_beta1

Description

PUEL extensions for VirtualBox

Added to portage

2024-07-26

virtualbox-guest-additions - 7.1.0_beta1
Ebuild name:

app-emulation/virtualbox-guest-additions-7.1.0_beta1

Description

VirtualBox kernel modules and user-space tools

Added to portage

2024-07-26

virtualbox-modules - 7.1.0_beta1
Ebuild name:

app-emulation/virtualbox-modules-7.1.0_beta1

Description

Kernel Modules for Virtualbox

Added to portage

2024-07-26

yara-x - 0.5.0
Ebuild name:

app-forensics/yara-x-0.5.0

Description

A malware identification and classification tool

Added to portage

2024-07-26

rdf newsfeed | rss newsfeed | Atom newsfeed
- Powered by LeopardCMS - Running on Gentoo -
Copyright 2004-2020 Sascha Nitsch Unternehmensberatung GmbH
Valid XHTML1.1 : Valid CSS : buttonmaker
- Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0 -
- Copyright and legal notices -
Time to create this page: 60.0 ms