Home > sysadmin > A simple openvpn

A simple openvpn

Creating a Simple OPENVPN connection

The simplest openvpn setup is with a static key.
Here is how you set it up.

Install openvpn
apt-get install openvpn or yum install openvpn (depending on your distro).
Then cd /etc/openvpn and create a static key all config files and keys
are in this folder.
Server Configuration generate your static key
openvpn –genkey –secret static.key
Use this config file with your new static key

dev tun0
port 1192
proto udp
secret /etc/openvpn/static.key
keepalive 10 60
Restart openvpn
/etc/init.d/openvpn restart

From the command line run ifconfig

You should see a tun0 listed similar to this:
tun0   Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:  P-t-P:  Mask:
RX packets:8402 errors:0 dropped:0 overruns:0 frame:0
TX packets:7449 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:536155 (523.5 KiB)  TX bytes:1033360 (1009.1 KiB)
Remote Client

Set up your remote client using the same static.key and same information
port # and IP addresses ( Note the IP addresses are reversed on the client)

You can either sftp to your client vpn or cut and paste the static key to your

Your remote config file should look like this:

remote [yourdomain.com or IP address]
port 1192
proto udp  ##udp is the preferred protocal
dev tun0
secret /etc/openvpn/static2.key
keepalive 10 60

Testing your connection

After starting both openvpn daemons you should be able to ping the server
From the client..ie


If the ping is successful, you should be able to ssh over
the vpn from the client to the server or ssh (or telnet if you
have that port open) from the server to the client.

Multiple openvpn tunnels

Creating several tunnels is simple. For instance you can create
tunnels from your Server to your laptop, server to server, server
to home, etc. For each tunnel,

create a new config file. The simplest way is to copy your tun0.conf
to tun1.conf and then change the IP address and the port value
(keep things separate).  You can generate a new static key for each tunnel.
If you want using openvpn –genkey –secret static1.key (each vpn could use
the same static key which is less secure arrangement)

Here is a sample tun1.conf

dev tun1
port 1194
proto udp
secret /etc/openvpn/static1.key
keepalive 10 60
Firewall considerations

If you are using tcpwrappers (hosts.allow and hosts.deny) you should create an
entry for the tunnel(s). ex

# hosts.allow            This file describes the names of the hosts which are

#                        allowed to use the local INET services, as decided

#                        by the ‘/usr/sbin/tcpd’ server.


ALL : : allow

Iptables may also need modified to allow the tunnel(s) or if you want
to forward the tunnel device.

Categories: sysadmin
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: