Difference between revisions of "OpenVPN on 4.0.2CD"
(vpn client/server with static key→Setup 2: tunnel with static-key security) |
|||
(4 intermediate revisions by 4 users not shown) | |||
Line 38: | Line 38: | ||
== Setup 2: tunnel with static-key security == | == Setup 2: tunnel with static-key security == | ||
The first machine (192.168.0.200) will act as the server. The second machine (192.168.0.201) will act as the client. | The first machine (192.168.0.200) will act as the server. The second machine (192.168.0.201) will act as the client. | ||
+ | |||
+ | Setup environment variables on both client and server: | ||
+ | public_server=192.168.0.200 | ||
+ | public_client=192.168.0.201 | ||
+ | open_vpn_server=10.1.1.200 | ||
+ | open_vpn_client=10.1.1.201 | ||
On the server, generate a key: | On the server, generate a key: | ||
openvpn --genkey --secret openvpn.key | openvpn --genkey --secret openvpn.key | ||
− | Copy key to | + | Copy key to the client, e.g. using a USB stick or via ssh: |
− | scp openvpn.key knoppix@ | + | scp openvpn.key knoppix@${public_client}: |
− | On server, start openvpn: | + | On the server, start openvpn: |
− | sudo openvpn --dev tun --ifconfig | + | sudo openvpn --dev tun --ifconfig ${open_vpn_server} ${open_vpn_client} \ |
--secret openvpn.key --verb 9 >&vpn.log & | --secret openvpn.key --verb 9 >&vpn.log & | ||
− | On client, connect to openvpn on server: | + | On the client, connect to openvpn daemon on server: |
− | sudo openvpn | + | sudo openvpn --dev tun --ifconfig ${open_vpn_client} ${open_vpn_server} \ |
− | + | --remote ${public_server} \ | |
+ | --secret openvpn.key --verb 9 >&vpn.log & | ||
+ | |||
+ | On the client, ping the server: | ||
+ | ping -R -c 4 ${open_vpn_server} | ||
+ | |||
+ | On the server, ping the client: | ||
+ | ping -R -c 4 ${open_vpn_client} |
Latest revision as of 05:35, 15 July 2008
The goal is to create a simple VPN between two machines on a network. The VPN software will be OpenVPN under Knoppix 4.0.2CD using a persistent disk image (PDI).
Contents
Setup
Create and boot with a persistent disk image. 500 MB should be plenty big.
Installing
Following notes from http://openvpn.net/howto.html#install
apt-get update ls -la /dev/net/tun apt-get -y install openvpn carpaltunnel # Answer "yes" when the installer asks about creating the tun device. # Answer "no" when asked about stopping VPN service (there is none) ls -la /dev/net/tun
Configuring
Following example from http://openvpn.net/man.html#lbAV
lsmod| grep tun modprobe tun lsmod| grep tun
Run and test with two machines
This is on two machines connected to a router with a DHCP server that serves up IP addresses in the 192.168.0.xxx range.
Setup 1: simple tunnel without security
On first machine 192.168.0.200:
sudo openvpn --remote 192.168.0.201 --dev tun \ --ifconfig 10.4.0.1 10.4.0.2 --verb 9 >& vpn.log &
On second machine 192.168.0.201:
sudo openvpn --remote 192.168.0.200 --dev tun \ --ifconfig 10.4.0.2 10.4.0.1 --verb 9 >& vpn.log &
Test with a ping from first machine to second:
ping -R -c 4 10.4.0.2
Test with a ping from second machine to first:
ping -R -c 4 10.4.0.1
Setup 2: tunnel with static-key security
The first machine (192.168.0.200) will act as the server. The second machine (192.168.0.201) will act as the client.
Setup environment variables on both client and server:
public_server=192.168.0.200 public_client=192.168.0.201 open_vpn_server=10.1.1.200 open_vpn_client=10.1.1.201
On the server, generate a key:
openvpn --genkey --secret openvpn.key
Copy key to the client, e.g. using a USB stick or via ssh:
scp openvpn.key knoppix@${public_client}:
On the server, start openvpn:
sudo openvpn --dev tun --ifconfig ${open_vpn_server} ${open_vpn_client} \ --secret openvpn.key --verb 9 >&vpn.log &
On the client, connect to openvpn daemon on server:
sudo openvpn --dev tun --ifconfig ${open_vpn_client} ${open_vpn_server} \ --remote ${public_server} \ --secret openvpn.key --verb 9 >&vpn.log &
On the client, ping the server:
ping -R -c 4 ${open_vpn_server}
On the server, ping the client:
ping -R -c 4 ${open_vpn_client}