https://www.marcelpost.com/wiki/index.php?title=OpenVPN&feed=atom&action=historyOpenVPN - Revision history2024-03-28T09:29:51ZRevision history for this page on the wikiMediaWiki 1.39.5https://www.marcelpost.com/wiki/index.php?title=OpenVPN&diff=1210&oldid=prevAdmin at 02:47, 19 February 20132013-02-19T02:47:25Z<p></p>
<p><b>New page</b></p><div>This page describes how to set up a basic [http://openvpn.net/ OpenVPN] point-to-point installation on Debian Linux. For a setup with a server and username/certificate controlled clients, view the [[Openvpn-setup]] page.<br />
<br />
<br />
<br />
From the OpenVPN website:<br />
<br />
"OpenVPN is a full-featured SSL VPN which implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or username/password credentials, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN is not a web application proxy and does not operate through a web browser."<br />
<br />
http://openvpn.net/index.php/open-source/documentation/howto.html<br />
<br />
[[File:Openvpn logo.png]]<br />
<br />
==Installing the OpenVPN software==<br />
<br />
This step needs to be done on both server and client(s).<br />
<br />
Make sure to have 'contrib' listed in /etc/apt/sources.list<br />
<br />
<pre><br />
# apt-get update<br />
# apt-get install openvpn<br />
</pre><br />
<br />
<br />
on the vpn server machine:<br />
<br />
* create a new static key<br />
<br />
<pre><br />
# cd /etc/openvpn<br />
# openvpn --genkey --secret static.key<br />
</pre><br />
<br />
This will create a new file called 'static.key'. Copy this file securely to the client in the /etc/openvpn directory.<br />
<br />
<br />
* create the server configuration file<br />
<br />
Create /etc/openvpn/vpn.conf and add the following lines:<br />
<br />
<pre><br />
dev tun0<br />
port 655<br />
proto udp<br />
ifconfig 10.9.8.1 10.9.8.2<br />
secret /etc/openvpn/static.key<br />
</pre> <br />
<br />
<br />
Where 10.9.8.x is your VPN subnetwork once it is connected, 10.9.8.1 will be IP of the server and 10.9.8.2 is IP of client. There is no need to enter public ip addresses or internet domain names etc.. Only the client will need the server's (router's) public ip address.<br />
<br />
<br />
On the vpn client machine:<br />
<br />
* make sure the /etc/openvpn/static.key is read-only (chmod 400). This is not a requirement but simply best practice.<br />
<br />
<br />
* create the client configuration file<br />
<br />
Create /etc/openvpn/vpn.conf and add the following lines:<br />
<br />
<pre><br />
remote server.public.ip.address<br />
dev tun0<br />
port 655<br />
proto udp<br />
ifconfig 10.9.8.2 10.9.8.1<br />
secret /etc/openvpn/static.key<br />
</pre> <br />
<br />
<br />
<br />
To test, start OpenVPN by hand on both sides with the following command: <br />
<br />
<pre><br />
# openvpn --config /etc/openvpn/vpn.conf --verb 6<br />
</pre><br />
<br />
<br />
The openvpn startup script (in /etc/init.d) will automatically look for .conf files in /etc/openvpn and start them at boot. To change this behaviour, simply create a new directory under /etc/openvpn/ and move the .conf file in there (e.g. /etc/openpvn/myvpn/vpn.conf).</div>Admin