You are here: Home how to... OpenVPN Linux Client

Linux Client

This setup is the Kubuntu Linux client part of setting up OpenVPN.

Install

  • First install OpenVPN
    [root@perky ~]#apt-get install openvpn
  • Copy the easy-rsa dir over to the /etc/openvpn/ dir.
    [root@perky ~]#cp -fr /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn
    [root@perky ~]#cd /etc/openvpn

    Configuration

  • Edit /etc/openvpn/vars
    export KEY_SIZE=2048
    export KEY_COUNTRY="US"
    export KEY_PROVINCE="CA"
    export KEY_CITY="SanFrancisco"
    export KEY_ORG="Schmut"
    export KEY_EMAIL="mario@schmut.com"
  • Now run the initialization stuff. On the client i only setup the directory.
    # source the vars
    [root@perky /etc/openvpn]#. vars

    # setup key directory
    [root@perky /etc/openvpn]#./clean-all
  • Here's my client conf file /usr/local/etc/openvpn/openvpn.conf.
    client
    dev tun0
    proto udp
    remote snoopy.schmut.com 1194
    resolv-retry infinite
    nobind
    user nobody
    group nogroup
    persist-key
    persist-tun
    ca keys/ca.crt
    cert keys/perky.crt
    key keys/perky.key
    ns-cert-type server
    tls-auth keys/ta.key 1
    cipher BF-CBC
    comp-lzo
    verb 3
    up "/home/mario/bin/schmut-ns.sh"
    #down "/home/mario/bin/no-schmut-ns.sh"

    Client

  • I made my client keys on the server and need to move them and the tls-auth key over to
    • /etc/openvpn/keys/ta.key
    • /etc/openvpn/keys/ca.crt
    • /etc/openvpn/keys/perky.key
    • /etc/openvpn/keys/perky.crt


    Start / Stop

    I use a dnscache instead of other people's DNS servers. This is due to some of the configurations i run. In the absence of this assuming the server pushes the DNS server dhcp-option simply use /etc/init.d/openvpn start/stop to control your connection and skip to Firewall.

  • The up script /home/mario/bin/schmut-ns.sh tells my dnscache about the new name server for schmut related lookups. I took out the down script again because it always returned exit 1, maybe a bug in openvpn?
    This is the up script:
    #!/bin/sh

    set -e

    echo 192.168.1.1 > /etc/dns/dnscache/root/servers/1.168.192.in-addr.arpa
    echo 192.168.1.1 > /etc/dns/dnscache/root/servers/10.168.192.in-addr.arpa
    echo 192.168.1.1 > /etc/dns/dnscache/root/servers/schmut.com
    svc -t /service/dnscache

    exit 0
  • As a work around to my problems with the down script run this script to stop OpenVPN after updating DNS Cache.
    This is the down script:
    #!/bin/sh

    rm -f /etc/dns/dnscache/root/servers/1.168.192.in-addr.arpa
    rm -f /etc/dns/dnscache/root/servers/10.168.192.in-addr.arpa
    rm -f /etc/dns/dnscache/root/servers/schmut.com
    svc -t /service/dnscache
    /etc/init.d/openvpn stop
  • So in short to start OpenVPN
    /etc/init.d/openvpn start
  • To stop OpenVPN
    /home/mario/bin/no-schmut-ns.sh
    These could obviously be named more intuitively, but i leave that up to the reader to decide upon.

    Firewall

  • My firewall 'keeps state' of outgoing connections so no modifications are needed to allow for UDP port 1194 as was needed on the server.

  • Document Actions

    Copyright © 2007-2015 Mario Theodoridis. All rights reserved. Content licensed under AFL.   Impressum   Datenschutz
    Content from the underlying Plone CMS is © 2000-2009 by the Plone Foundation