Difference between revisions of "OpenVPN on 4.0.2CD"


From Knoppix Documentation Wiki
Jump to: navigation, search
(vpn client/server with static keySetup 2: tunnel with static-key security)
(refactored Setup 2: tunnel with static-key security)
Line 38: Line 38:
 
== Setup 2: tunnel with static-key security ==
 
== Setup 2: tunnel with static-key security ==
 
The first machine (192.168.0.200) will act as the server.  The second machine (192.168.0.201) will act as the client.
 
The first machine (192.168.0.200) will act as the server.  The second machine (192.168.0.201) will act as the client.
 +
 +
Setup environment variables on both client and server:
 +
public_server=192.168.0.200
 +
public_client=192.168.0.201
 +
open_vpn_server=10.1.1.200
 +
open_vpn_client=10.1.1.201
  
 
On the server, generate a key:
 
On the server, generate a key:
 
  openvpn --genkey --secret openvpn.key
 
  openvpn --genkey --secret openvpn.key
  
Copy key to second machine, e.g. using a USB stick or via ssh:
+
Copy key to the client, e.g. using a USB stick or via ssh:
  scp openvpn.key knoppix@192.168.0.201:
+
  scp openvpn.key knoppix@${public_client}:
  
On server, start openvpn:
+
On the server, start openvpn:
  sudo openvpn --dev tun --ifconfig 10.4.0.1 10.4.0.2 \
+
  sudo openvpn --dev tun --ifconfig ${open_vpn_server} ${open_vpn_client} \
 
   --secret openvpn.key --verb 9 >&vpn.log &
 
   --secret openvpn.key --verb 9 >&vpn.log &
  
On client, connect to openvpn on server:
+
On the client, connect to openvpn daemon on server:
  sudo openvpn --remote 192.168.0.200 --dev tun \
+
  sudo openvpn --dev tun --ifconfig ${open_vpn_client} ${open_vpn_server} \
    --ifconfig 10.4.0.2 10.4.0.1 --secret openvpn.key --verb 9 >&vpn.log &
+
  --remote ${public_server} \
 +
  --secret openvpn.key --verb 9 >&vpn.log &
 +
 
 +
On the client, ping the server:
 +
ping -R -c 4 ${open_vpn_server}
 +
 
 +
On the server, ping the client:
 +
ping -R -c 4 ${open_vpn_client}

Revision as of 06:52, 8 December 2005

The goal is to create a simple VPN between two machines on a network. The VPN software will be OpenVPN under Knoppix 4.0.2CD using a persistent disk image (PDI).


Setup

Create and boot with a persistent disk image. 500 MB should be plenty big.

Installing

Following notes from http://openvpn.net/howto.html#install

apt-get update
ls -la /dev/net/tun
apt-get -y install openvpn carpaltunnel
# Answer "yes" when the installer asks about creating the tun device.
# Answer "no" when asked about stopping VPN service (there is none)
ls -la /dev/net/tun

Configuring

Following example from http://openvpn.net/man.html#lbAV

lsmod| grep tun
modprobe tun
lsmod| grep tun

Run and test with two machines

This is on two machines connected to a router with a DHCP server that serves up IP addresses in the 192.168.0.xxx range.

Setup 1: simple tunnel without security

On first machine 192.168.0.200:

sudo openvpn --remote 192.168.0.201 --dev tun \
  --ifconfig 10.4.0.1 10.4.0.2 --verb 9 >& vpn.log &

On second machine 192.168.0.201:

sudo openvpn --remote 192.168.0.200 --dev tun \
  --ifconfig 10.4.0.2 10.4.0.1 --verb 9 >& vpn.log &

Test with a ping from first machine to second:

ping -R -c 4 10.4.0.2

Test with a ping from second machine to first:

ping -R -c 4 10.4.0.1

Setup 2: tunnel with static-key security

The first machine (192.168.0.200) will act as the server. The second machine (192.168.0.201) will act as the client.

Setup environment variables on both client and server:

public_server=192.168.0.200
public_client=192.168.0.201
open_vpn_server=10.1.1.200
open_vpn_client=10.1.1.201

On the server, generate a key:

openvpn --genkey --secret openvpn.key

Copy key to the client, e.g. using a USB stick or via ssh:

scp openvpn.key knoppix@${public_client}:

On the server, start openvpn:

sudo openvpn --dev tun --ifconfig ${open_vpn_server} ${open_vpn_client} \
  --secret openvpn.key --verb 9 >&vpn.log &

On the client, connect to openvpn daemon on server:

sudo openvpn --dev tun --ifconfig ${open_vpn_client} ${open_vpn_server} \
  --remote ${public_server} \
  --secret openvpn.key --verb 9 >&vpn.log &

On the client, ping the server:

ping -R -c 4 ${open_vpn_server}

On the server, ping the client:

ping -R -c 4 ${open_vpn_client}