Home > sysadmin > A simple openvpn connection

A simple openvpn connection

September 6, 2013

Creating a Simple OPENVPN connection

The simplest openvpn setup is with a static key.
Here is how you set it up.

Install openvpn
apt-get install openvpn or yum install openvpn (depending on your distro).
Then cd /etc/openvpn and create a static key all config files and keys
are in this folder.
Server Configuration generate your static key
openvpn –genkey –secret static.key
Use this config file with your new static key

##tun0.conf##
dev tun0
port 1192
proto udp
ifconfig 10.10.10.1 10.10.10.2
secret /etc/openvpn/static.key
comp-lzo
keepalive 10 60
daemon
Restart openvpn
/etc/init.d/openvpn restart

From the command line run ifconfig

You should see a tun0 listed similar to this:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.10.10.1 P-t-P:10.10.10.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:8402 errors:0 dropped:0 overruns:0 frame:0
TX packets:7449 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:536155 (523.5 KiB) TX bytes:1033360 (1009.1 KiB)
Remote Client

Set up your remote client using the same static.key and same information
port # and IP addresses ( Note the IP addresses are reversed on the client)

You can either sftp to your client vpn or cut and paste the static key to your
Client.

Your remote config file should look like this:

##tun0.conf##
remote [yourdomain.com or IP address]
port 1192
proto udp ##udp is the preferred protocal
dev tun0
ifconfig 10.10.10.2 10.10.10.1
secret /etc/openvpn/static2.key
comp-lzo
keepalive 10 60
daemon

Testing your connection

After starting both openvpn daemons you should be able to ping the server
From the client..ie

Ping 10.10.10.1

If the ping is successful, you should be able to ssh over
the vpn from the client to the server or ssh (or telnet if you
have that port open) from the server to the client.

Multiple openvpn tunnels

Creating several tunnels is simple. For instance you can create
tunnels from your Server to your laptop, server to server, server
to home, etc. For each tunnel,

create a new config file. The simplest way is to copy your tun0.conf
to tun1.conf and then change the IP address and the port value
(keep things separate). You can generate a new static key for each tunnel.
If you want using openvpn –genkey –secret static1.key (each vpn could use
the same static key which is less secure arrangement)

Here is a sample tun1.conf

##tun1.conf##
dev tun1
port 1194
proto udp
ifconfig 10.10.10.3 10.10.10.4
secret /etc/openvpn/static1.key
comp-lzo
keepalive 10 60
daemon
Firewall considerations

If you are using tcpwrappers (hosts.allow and hosts.deny) you should create an
entry for the tunnel(s). ex

# hosts.allow This file describes the names of the hosts which are

# allowed to use the local INET services, as decided

# by the ‘/usr/sbin/tcpd’ server.

#

ALL : 10.10.10.0/24 : allow

Iptables may also need modified to allow the tunnel(s) or if you want
to forward the tunnel device.

Categories: sysadmin
%d bloggers like this: