Difference between revisions of "OpenVPN"
From Fixme.ch
(→Command Line) |
(→Command Line) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
* Easy access to the FIXME [[Network]] from the outside world | * Easy access to the FIXME [[Network]] from the outside world | ||
* This is part of the [[Internal_Server]] | * This is part of the [[Internal_Server]] | ||
− | * You must have a local account on foo and be in the '' | + | * You must have a local account on foo and be in the '''vpnusers''' unix group |
== Client configuration == | == Client configuration == | ||
=== Command Line === | === Command Line === | ||
− | * | + | * Copy this to ca.crt |
+ | <pre> | ||
+ | -----BEGIN CERTIFICATE----- | ||
+ | MIIDvDCCAyWgAwIBAgIJALowX2zad5mbMA0GCSqGSIb3DQEBBQUAMIGbMQswCQYD | ||
+ | VQQGEwJDSDELMAkGA1UECBMCVkQxETAPBgNVBAcTCExhdXNhbm5lMRowGAYDVQQK | ||
+ | ExFGSVhNRSBIQUNLRVJTUEFDRTEMMAoGA1UECxMDVlBOMRUwEwYDVQQDEwxmb28u | ||
+ | Zml4bWUuY2gxDjAMBgNVBCkTBUZJWE1FMRswGQYJKoZIhvcNAQkBFgx2cG5AZml4 | ||
+ | bWUuY2gwHhcNMTIxMjI4MjMzODE4WhcNMjIxMjI2MjMzODE4WjCBmzELMAkGA1UE | ||
+ | BhMCQ0gxCzAJBgNVBAgTAlZEMREwDwYDVQQHEwhMYXVzYW5uZTEaMBgGA1UEChMR | ||
+ | RklYTUUgSEFDS0VSU1BBQ0UxDDAKBgNVBAsTA1ZQTjEVMBMGA1UEAxMMZm9vLmZp | ||
+ | eG1lLmNoMQ4wDAYDVQQpEwVGSVhNRTEbMBkGCSqGSIb3DQEJARYMdnBuQGZpeG1l | ||
+ | LmNoMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpL2ZXBJw9MX7b2iezP+P7 | ||
+ | +hI4XjXx1HCyV1TmM2sXCxenN+BmS9uD+hz/kOtHxakVHsm4QKkqcppNJGscpZis | ||
+ | HopK733rEviVARZxhn4ANEOp9JXeXu8hsy0hC5DEozGceSOzkxnJWUM64e7rhBzQ | ||
+ | CiZN7FDrJN2ok1ifFEojtQIDAQABo4IBBDCCAQAwHQYDVR0OBBYEFJV7oFA/wZX1 | ||
+ | Yp6enu/++UkotcrXMIHQBgNVHSMEgcgwgcWAFJV7oFA/wZX1Yp6enu/++UkotcrX | ||
+ | oYGhpIGeMIGbMQswCQYDVQQGEwJDSDELMAkGA1UECBMCVkQxETAPBgNVBAcTCExh | ||
+ | dXNhbm5lMRowGAYDVQQKExFGSVhNRSBIQUNLRVJTUEFDRTEMMAoGA1UECxMDVlBO | ||
+ | MRUwEwYDVQQDEwxmb28uZml4bWUuY2gxDjAMBgNVBCkTBUZJWE1FMRswGQYJKoZI | ||
+ | hvcNAQkBFgx2cG5AZml4bWUuY2iCCQC6MF9s2neZmzAMBgNVHRMEBTADAQH/MA0G | ||
+ | CSqGSIb3DQEBBQUAA4GBAAi2XgH93CxEhff2Q5tk/B2hzu+xtcBLzYjcgq1QqJ63 | ||
+ | ipG9maoav2UrjuWDjb+7WnzSe7JMF8Ay8CqWHgf9Dfqb04PLcIGPe5OPo8jlf4QF | ||
+ | k1uBZs0F+Z2v1yq4EK4KJ/hJxLJIX6xs5UGeK2GaaHKROuQX9N5iIb6BhyA5tlzd | ||
+ | -----END CERTIFICATE----- | ||
+ | </pre> | ||
* Put the following content in a ''foo.cfg'' configuration file | * Put the following content in a ''foo.cfg'' configuration file | ||
− | |||
<pre> | <pre> | ||
client | client | ||
Line 23: | Line 46: | ||
verb 4 | verb 4 | ||
auth-user-pass | auth-user-pass | ||
+ | auth-nocache | ||
</pre> | </pre> | ||
− | * | + | * Add the following to route all ipv4 traffic (with dns) throught the VPN (ipv6 not supported...??) |
+ | redirect-gateway def1 | ||
+ | * /!\ The certificate ca.crt must be in the same directory as foo.cfg, or change path in foo.cfg /!\ | ||
+ | * Then connect to the VPN | ||
<pre> | <pre> | ||
$ openvpn foo.cfg | $ openvpn foo.cfg |
Latest revision as of 21:06, 27 December 2013
Information
- Easy access to the FIXME Network from the outside world
- This is part of the Internal_Server
- You must have a local account on foo and be in the vpnusers unix group
Client configuration
Command Line
- Copy this to ca.crt
-----BEGIN CERTIFICATE----- MIIDvDCCAyWgAwIBAgIJALowX2zad5mbMA0GCSqGSIb3DQEBBQUAMIGbMQswCQYD VQQGEwJDSDELMAkGA1UECBMCVkQxETAPBgNVBAcTCExhdXNhbm5lMRowGAYDVQQK ExFGSVhNRSBIQUNLRVJTUEFDRTEMMAoGA1UECxMDVlBOMRUwEwYDVQQDEwxmb28u Zml4bWUuY2gxDjAMBgNVBCkTBUZJWE1FMRswGQYJKoZIhvcNAQkBFgx2cG5AZml4 bWUuY2gwHhcNMTIxMjI4MjMzODE4WhcNMjIxMjI2MjMzODE4WjCBmzELMAkGA1UE BhMCQ0gxCzAJBgNVBAgTAlZEMREwDwYDVQQHEwhMYXVzYW5uZTEaMBgGA1UEChMR RklYTUUgSEFDS0VSU1BBQ0UxDDAKBgNVBAsTA1ZQTjEVMBMGA1UEAxMMZm9vLmZp eG1lLmNoMQ4wDAYDVQQpEwVGSVhNRTEbMBkGCSqGSIb3DQEJARYMdnBuQGZpeG1l LmNoMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpL2ZXBJw9MX7b2iezP+P7 +hI4XjXx1HCyV1TmM2sXCxenN+BmS9uD+hz/kOtHxakVHsm4QKkqcppNJGscpZis HopK733rEviVARZxhn4ANEOp9JXeXu8hsy0hC5DEozGceSOzkxnJWUM64e7rhBzQ CiZN7FDrJN2ok1ifFEojtQIDAQABo4IBBDCCAQAwHQYDVR0OBBYEFJV7oFA/wZX1 Yp6enu/++UkotcrXMIHQBgNVHSMEgcgwgcWAFJV7oFA/wZX1Yp6enu/++UkotcrX oYGhpIGeMIGbMQswCQYDVQQGEwJDSDELMAkGA1UECBMCVkQxETAPBgNVBAcTCExh dXNhbm5lMRowGAYDVQQKExFGSVhNRSBIQUNLRVJTUEFDRTEMMAoGA1UECxMDVlBO MRUwEwYDVQQDEwxmb28uZml4bWUuY2gxDjAMBgNVBCkTBUZJWE1FMRswGQYJKoZI hvcNAQkBFgx2cG5AZml4bWUuY2iCCQC6MF9s2neZmzAMBgNVHRMEBTADAQH/MA0G CSqGSIb3DQEBBQUAA4GBAAi2XgH93CxEhff2Q5tk/B2hzu+xtcBLzYjcgq1QqJ63 ipG9maoav2UrjuWDjb+7WnzSe7JMF8Ay8CqWHgf9Dfqb04PLcIGPe5OPo8jlf4QF k1uBZs0F+Z2v1yq4EK4KJ/hJxLJIX6xs5UGeK2GaaHKROuQX9N5iIb6BhyA5tlzd -----END CERTIFICATE-----
- Put the following content in a foo.cfg configuration file
client dev tun proto udp remote foo.fixme.ch 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt comp-lzo verb 4 auth-user-pass auth-nocache
- Add the following to route all ipv4 traffic (with dns) throught the VPN (ipv6 not supported...??)
redirect-gateway def1
- /!\ The certificate ca.crt must be in the same directory as foo.cfg, or change path in foo.cfg /!\
- Then connect to the VPN
$ openvpn foo.cfg