from small one page howto to huge articles all in one place

search text in:




Other .linuxhowtos.org sites: www.linuxhowtos.org
toolsntoys.linuxhowtos.org



Last additions:
How to make X listen on port 6000

How to make X listen on port 6000

words:

34

views:

86618

userrating:

average rating: 1.2 (52 votes) (1=very good 6=terrible)


May, 25th 2007:
April, 26th 2007:
Apr, 10th. 2007:
Druckversion . pdf icon
You are here: Tutorials per portage category->net-misc->openvpn

OpenVPN primer


There are as many advantages to VPN tunnels as there are different VPN scenarios. One easy implementation is the "OpenVPN via tun-device" solution. An example: you'd like to connect your laptop to your LAN at home so that you can use your mail client without reconfiguring it anytime you switch from home to internet and back. Let's say your mail-server is 192.168.1.10 in your LAN (192.168.1.0/24) at home, and you have got a router/firewall providing access to the Internet. You connect from work or school and want to read mail. OpenVPN can create two virtual devices for you when connecting two computers through an encrypted tunnel. Naturally you then have the possibility of forwarding traffic into the networks behind them, and thus would be "virtually connected" to your LAN behind the firewall. To enable this, either your firewall or a server behind it should run OpenVPN (if you choose a server in your LAN, you'll have to forward the destination port to the OpenVPN server).

Here's what you need to do:
Code Listing 1: Enable the tun module in your kernel: Kernel config - tun module
          [*] Networking support    
Networking options --->
[ ] Amateur Radio support --->
< > IrDA (infrared) subsystem support --->
< > Bluetooth subsystem support --->
[*] Network device support
< > Dummy net driver support
< > Bonding driver support
< > EQL (serial line load balancing) support
Universal TUN/TAP device driver support
// This option must be enabled


Make sure this module exists and can be loaded. Next, install OpenVPN and it dependencies.
Code Listing 2: Install OpenVPN
emerge openvpn

Now on both server and client, create a directory for your configuration:

Code Listing 3: Make directory
mkdir /etc/openvpn    
mkdir /etc/openvpn/myhomelan


Inside that directory, create a shared key for your VPN session and copy that key to the client's directory, /etc/openvpn/myhomelan.

Code Listing 4: Generate shared key
cd /etc/openvpn/myhomelan    
openvpn --genkey --secret myhomelan-key.txt


Now for the tricky part, the routing. It is important that the two tun devices on the client and server use IP addresses from the same subnet. The configuration files shown below list the type of device, the two end-points of the tunnel, the compression method and the UDP-port on which the tunnel is established. Finally privileges are dropped to user and group as listed:

Code Listing 5: Server-side configuration file /etc/openvpn/myhomelan/local.conf
dev tun    
ifconfig 172.16.1.1 172.16.1.20 // IP of the local
// tun device and its peer
secret /etc/openvpn/myhomelan/myhomelan-key.txt
comp-lzo
port 5000
user nobody
group nobody


The client's configuration needs the tunnel's destination address. This is often a dynamic DNS address, sometimes a fixed IP, depending on your ISP. You also need to route to your home LAN (192.168.1.0 in our example). You can call a shell script from the configuration file that accordingly sets a route.

Code Listing 6: Client-side configuration file /etc/openvpn/myhomelan/local.conf
remote    // or your VPN 
// server's external IP if you have a fixed one
dev tun
ifconfig 172.16.1.20 172.16.1.1 // IP of the local tun
// device and its peer
secret /etc/openvpn/myhomelan/myhomelan-key.txt
comp-lzo
port 5000
user nobody
group nobody
up /etc/openvpn/myhomelan/route.sh // sets up the route
//to the network behind the VPN server


The route command would need to set the client's gateway for the network 192.168.1.0 to its peer's address (172.16.1.1 in our setup).

Code Listing 7: /etc/openvpn/myhomelan/route.sh
#!/bin/bash    
route add -net 192.168.1.0 netmask 255.255.255.0 gw 172.16.1.1


That's it. Start OpenVPN on the server and the client, and check the devices with ifconfig and the routes with route -n. Success!

From http://www.gentoo.org/news/en/gwn/20041011-newsletter.xml
rate this article:
current rating: average rating: 1.5 (69 votes) (1=very good 6=terrible)
Your rating:
Very good (1) Good (2) ok (3) average (4) bad (5) terrible (6)

back



Support us on Content Nation

New Packages

- as rdf newsfeed
- as rss newsfeed
- as Atom newsfeed
2026-07-07
roundcube - 1.6.17
Ebuild name:

mail-client/roundcube-1.6.17

Description

Browser-based multilingual IMAP client with an application-like user i

Added to portage

2026-07-07

vanilla-sources - 6.12.95
Ebuild name:

sys-kernel/vanilla-sources-6.12.95

Description

Full sources for the Linux kernel

Added to portage

2026-07-07

2026-07-06
citus - 12.1.13
Ebuild name:

dev-db/citus-12.1.13

Description

Open-source postgresql extension for clustering/multi-node setups

Added to portage

2026-07-06

cloudflared - 2026.6.1
Ebuild name:

net-vpn/cloudflared-2026.6.1

Description

A command-line client and tunneling daemon for Cloudflare Tunnel

Added to portage

2026-07-06

containerd - 2.2.5-r1
Ebuild name:

app-containers/containerd-2.2.5-r1

Description

A daemon to control runC

Added to portage

2026-07-06

containerd - 2.3.2-r1
Ebuild name:

app-containers/containerd-2.3.2-r1

Description

A daemon to control runC

Added to portage

2026-07-06

dbus-python - 1.4.0-r1
Ebuild name:

dev-python/dbus-python-1.4.0-r1

Description

Python bindings for the D-Bus messagebus

Added to portage

2026-07-06

dulwich - 1.2.8
Ebuild name:

dev-python/dulwich-1.2.8

Description

Pure-Python implementation of the Git file formats and protocols

Added to portage

2026-07-06

dxvk - 3.0.1
Ebuild name:

app-emulation/dxvk-3.0.1

Description

Vulkan-based implementation of D3D9, D3D10 and D3D11 for Linux / Wine

Added to portage

2026-07-06

firecracker-bin - 1.16.0
Ebuild name:

app-emulation/firecracker-bin-1.16.0

Description

Secure and fast microVMs for serverless computing (static buil

Added to portage

2026-07-06

gawk - 5.4.0e
Ebuild name:

sys-apps/gawk-5.4.0e

Description

GNU awk pattern-matching language

Added to portage

2026-07-06

gcc - 17.0.0_p20260705
Ebuild name:

sys-devel/gcc-17.0.0_p20260705

Description

The GNU Compiler Collection

Added to portage

2026-07-06

getmail - 6.20.00
Ebuild name:

net-mail/getmail-6.20.00

Description

A mail retriever with reliable Maildir and mbox delivery

Added to portage

2026-07-06

ggml - 0.15.3-r1
Ebuild name:

sci-ml/ggml-0.15.3-r1

Description

Tensor library for machine learning

Added to portage

2026-07-06

git-sources - 7.2_rc2
Ebuild name:

sys-kernel/git-sources-7.2_rc2

Description

The very latest -git version of the Linux kernel

Added to portage

2026-07-06

gst-plugins-sndio - 1.24.0
Ebuild name:

media-plugins/gst-plugins-sndio-1.24.0

Description

Sndio audio sink and source for GStreamer

Added to portage

2026-07-06

haproxy - 3.0.25
Ebuild name:

net-proxy/haproxy-3.0.25

Description

A TCP/HTTP reverse proxy for high availability environments

Added to portage

2026-07-06

haproxy - 3.2.21
Ebuild name:

net-proxy/haproxy-3.2.21

Description

A TCP/HTTP reverse proxy for high availability environments

Added to portage

2026-07-06

haproxy - 3.3.12
Ebuild name:

net-proxy/haproxy-3.3.12

Description

A TCP/HTTP reverse proxy for high availability environments

Added to portage

2026-07-06

haproxy - 3.4.2
Ebuild name:

net-proxy/haproxy-3.4.2

Description

A TCP/HTTP reverse proxy for high availability environments

Added to portage

2026-07-06

khard - 0.21.0
Ebuild name:

app-misc/khard-0.21.0

Description

Console vCard address book

Added to portage

2026-07-06

lmdb - 1.0.0
Ebuild name:

dev-db/lmdb-1.0.0

Description

An ultra-fast, ultra-compact key-value embedded data store

Added to portage

2026-07-06

mcrypt - 2.6.8-r3
Ebuild name:

app-crypt/mcrypt-2.6.8-r3

Description

Replacement of the old unix crypt(1)

Added to portage

2026-07-06

md5deep - 4.4
Ebuild name:

app-crypt/md5deep-4.4

Description

Expanded md5sum program with recursive and comparison options

Added to portage

2026-07-06

md6sum - 1.0-r3
Ebuild name:

app-crypt/md6sum-1.0-r3

Description

A C implementation of MD6

Added to portage

2026-07-06

mhash - 0.9.9.9-r4
Ebuild name:

app-crypt/mhash-0.9.9.9-r4

Description

Library providing a uniform interface to a large number of hash algorith

Added to portage

2026-07-06

micawber - 0.7.0
Ebuild name:

dev-python/micawber-0.7.0

Description

A small library for extracting rich content from urls

Added to portage

2026-07-06

minisign - 0.12
Ebuild name:

app-crypt/minisign-0.12

Description

Dead simple tool to sign files and verify signatures

Added to portage

2026-07-06

mit-krb5 - 1.22.2-r2
Ebuild name:

app-crypt/mit-krb5-1.22.2-r2

Description

MIT Kerberos V

Added to portage

2026-07-06

mit-krb5-appl - 1.0.3-r4
Ebuild name:

app-crypt/mit-krb5-appl-1.0.3-r4

Description

Kerberized applications split from the main MIT Kerberos V distrib

Added to portage

2026-07-06

mit-krb5-appl - 1.0.3-r5
Ebuild name:

app-crypt/mit-krb5-appl-1.0.3-r5

Description

Kerberized applications split from the main MIT Kerberos V distrib

Added to portage

2026-07-06

mkp224o - 1.7.0
Ebuild name:

app-crypt/mkp224o-1.7.0

Description

Vanity address generator for v3 Tor hidden service addresses

Added to portage

2026-07-06

munt-mt32emu - 2.8.3
Ebuild name:

media-libs/munt-mt32emu-2.8.3

Description

Library for emulating the Roland MT-32, CM-32L, CM-64 and LAPC-I

Added to portage

2026-07-06

nnn - 5.2
Ebuild name:

app-misc/nnn-5.2

Description

The missing terminal file browser for X

Added to portage

2026-07-06

ollama - 0
Ebuild name:

acct-group/ollama-0

Description

A group for ollama

Added to portage

2026-07-06

ollama - 0
Ebuild name:

acct-user/ollama-0

Description

A user for ollama

Added to portage

2026-07-06

ollama - 0.31.1-r1
Ebuild name:

sci-ml/ollama-0.31.1-r1

Description

Get up and running with Llama 3, Mistral, Gemma, and other language models.

Added to portage

2026-07-06

packer - 1.15.4
Ebuild name:

dev-util/packer-1.15.4

Description

A tool to create identical machine images for multiple platforms

Added to portage

2026-07-06

pip - 26.1.2-r1
Ebuild name:

dev-python/pip-26.1.2-r1

Description

The PyPA recommended tool for installing Python packages

Added to portage

2026-07-06

portage - 3.0.81.1
Ebuild name:

sys-apps/portage-3.0.81.1

Description

The package management and distribution system for Gentoo

Added to portage

2026-07-06

roundcube - 1.7.2
Ebuild name:

mail-client/roundcube-1.7.2

Description

A browser-based multilingual IMAP client with an application-like user

Added to portage

2026-07-06

runc - 1.3.6
Ebuild name:

app-containers/runc-1.3.6

Description

runc container cli tools

Added to portage

2026-07-06

rust - 1.96.1
Ebuild name:

dev-lang/rust-1.96.1

Description

Systems programming language originally developed by Mozilla

Added to portage

2026-07-06

rust-bin - 1.96.1
Ebuild name:

dev-lang/rust-bin-1.96.1

Description

Added to portage

2026-07-06

rust-common - 1.96.1
Ebuild name:

dev-lang/rust-common-1.96.1

Description

Common files shared between multiple slots of Rust

Added to portage

2026-07-06

rust-std - 1.96.1
Ebuild name:

sys-devel/rust-std-1.96.1

Description

Rust standard library, standalone (for crossdev)

Added to portage

2026-07-06

seedfiles - 1.7
Ebuild name:

sys-apps/seedfiles-1.7

Description

Portable drop-in reimplementation of systemd-tmpfiles

Added to portage

2026-07-06

signxml - 5.1.0
Ebuild name:

dev-python/signxml-5.1.0

Description

Python XML Signature and XAdES library

Added to portage

2026-07-06

telegram-desktop-bin - 6.9.3
Ebuild name:

net-im/telegram-desktop-bin-6.9.3

Description

Official desktop client for Telegram (binary package)

Added to portage

2026-07-06

tibs - 0.12.0
Ebuild name:

dev-python/tibs-0.12.0

Description

A sleek Python library for your binary data

Added to portage

2026-07-06

rdf newsfeed | rss newsfeed | Atom newsfeed
Copyright 2004-2025 Sascha Nitsch Unternehmensberatung GmbH
- Copyright and legal notices -
Time to create this page: 100.8 ms