Difference between revisions of "OpenVPN on 4.0.2CD"


From Knoppix Documentation Wiki
Jump to: navigation, search
(lsmod Configuring)
 
(9 intermediate revisions by 4 users not shown)
Line 9: Line 9:
 
Following notes from http://openvpn.net/howto.html#install
 
Following notes from http://openvpn.net/howto.html#install
 
  apt-get update
 
  apt-get update
 +
ls -la /dev/net/tun
 
  apt-get -y install openvpn carpaltunnel
 
  apt-get -y install openvpn carpaltunnel
  # Select "yes" when the installer asks about creating the tun device.
+
  # Answer "yes" when the installer asks about creating the tun device.
 +
# Answer "no" when asked about stopping VPN service (there is none)
 +
ls -la /dev/net/tun
  
 
= Configuring =
 
= Configuring =
Line 17: Line 20:
 
  modprobe tun
 
  modprobe tun
 
  lsmod| grep tun
 
  lsmod| grep tun
 +
 +
= Run and test with two machines =
 +
This is on two machines connected to a router with a DHCP server that serves up IP addresses in the 192.168.0.xxx range.
 +
 +
== Setup 1: simple tunnel without security ==
 +
On first machine 192.168.0.200:
 +
sudo openvpn --remote 192.168.0.201 --dev tun \
 +
  --ifconfig 10.4.0.1 10.4.0.2 --verb 9 >& vpn.log &
 +
On second machine 192.168.0.201:
 +
sudo openvpn --remote 192.168.0.200 --dev tun \
 +
  --ifconfig 10.4.0.2 10.4.0.1 --verb 9 >& vpn.log &
 +
Test with a ping from first machine to second:
 +
ping -R -c 4 10.4.0.2
 +
Test with a ping from second machine to first:
 +
ping -R -c 4 10.4.0.1
 +
 +
== Setup 2: tunnel with static-key security ==
 +
The first machine (192.168.0.200) will act as the server.  The second machine (192.168.0.201) will act as the client.
 +
 +
Setup environment variables on both client and server:
 +
public_server=192.168.0.200
 +
public_client=192.168.0.201
 +
open_vpn_server=10.1.1.200
 +
open_vpn_client=10.1.1.201
 +
 +
On the server, generate a key:
 +
openvpn --genkey --secret openvpn.key
 +
 +
Copy key to the client, e.g. using a USB stick or via ssh:
 +
scp openvpn.key knoppix@${public_client}:
 +
 +
On the server, start openvpn:
 +
sudo openvpn --dev tun --ifconfig ${open_vpn_server} ${open_vpn_client} \
 +
  --secret openvpn.key --verb 9 >&vpn.log &
 +
 +
On the client, connect to openvpn daemon on server:
 +
sudo openvpn --dev tun --ifconfig ${open_vpn_client} ${open_vpn_server} \
 +
  --remote ${public_server} \
 +
  --secret openvpn.key --verb 9 >&vpn.log &
 +
 +
On the client, ping the server:
 +
ping -R -c 4 ${open_vpn_server}
 +
 +
On the server, ping the client:
 +
ping -R -c 4 ${open_vpn_client}

Latest revision as of 05:35, 15 July 2008

The goal is to create a simple VPN between two machines on a network. The VPN software will be OpenVPN under Knoppix 4.0.2CD using a persistent disk image (PDI).


Setup

Create and boot with a persistent disk image. 500 MB should be plenty big.

Installing

Following notes from http://openvpn.net/howto.html#install

apt-get update
ls -la /dev/net/tun
apt-get -y install openvpn carpaltunnel
# Answer "yes" when the installer asks about creating the tun device.
# Answer "no" when asked about stopping VPN service (there is none)
ls -la /dev/net/tun

Configuring

Following example from http://openvpn.net/man.html#lbAV

lsmod| grep tun
modprobe tun
lsmod| grep tun

Run and test with two machines

This is on two machines connected to a router with a DHCP server that serves up IP addresses in the 192.168.0.xxx range.

Setup 1: simple tunnel without security

On first machine 192.168.0.200:

sudo openvpn --remote 192.168.0.201 --dev tun \
  --ifconfig 10.4.0.1 10.4.0.2 --verb 9 >& vpn.log &

On second machine 192.168.0.201:

sudo openvpn --remote 192.168.0.200 --dev tun \
  --ifconfig 10.4.0.2 10.4.0.1 --verb 9 >& vpn.log &

Test with a ping from first machine to second:

ping -R -c 4 10.4.0.2

Test with a ping from second machine to first:

ping -R -c 4 10.4.0.1

Setup 2: tunnel with static-key security

The first machine (192.168.0.200) will act as the server. The second machine (192.168.0.201) will act as the client.

Setup environment variables on both client and server:

public_server=192.168.0.200
public_client=192.168.0.201
open_vpn_server=10.1.1.200
open_vpn_client=10.1.1.201

On the server, generate a key:

openvpn --genkey --secret openvpn.key

Copy key to the client, e.g. using a USB stick or via ssh:

scp openvpn.key knoppix@${public_client}:

On the server, start openvpn:

sudo openvpn --dev tun --ifconfig ${open_vpn_server} ${open_vpn_client} \
  --secret openvpn.key --verb 9 >&vpn.log &

On the client, connect to openvpn daemon on server:

sudo openvpn --dev tun --ifconfig ${open_vpn_client} ${open_vpn_server} \
  --remote ${public_server} \
  --secret openvpn.key --verb 9 >&vpn.log &

On the client, ping the server:

ping -R -c 4 ${open_vpn_server}

On the server, ping the client:

ping -R -c 4 ${open_vpn_client}