Difference between revisions of "Openvpn"

From Linuxintro
imported>ThorstenStaerk
 
(5 intermediate revisions by 2 users not shown)
Line 2: Line 2:
  
 
= QuickStart =
 
= QuickStart =
 
+
You have two servers that you want to connect. For this tutorial, we will assume that one is called ''earth'' and the other is called ''mars''. ''earth'' will become your [[VPN]] server, ''mars'' your VPN [http://en.wikipedia.org/wiki/Client_(computing) client] You need two virtual [http://en.wikipedia.org/wiki/Ip_address ip addresses] for them, in this example, we will take ''10.0.0.1'' and ''10.0.0.2''.
You have two servers that you want to connect. For this tutorial, we will assume that one is called ''earth'' and the other is called ''mars''. ''earth'' will become your [[VPN]] [[server]], ''mars'' your VPN [http://en.wikipedia.org/wiki/Client_(computing) client] You need two virtual [http://en.wikipedia.org/wiki/Ip_address ip addresses] for them, in this example, we will take ''10.0.0.1'' and ''10.0.0.2''.
 
  
 
== On server ''earth'' ==
 
== On server ''earth'' ==
 
 
* Download openVPN from http://openvpn.net
 
* Download openVPN from http://openvpn.net
 
* unpack, compile, link and install openvpn:
 
* unpack, compile, link and install openvpn:
Line 12: Line 10:
 
  [[cd]] openvpn-*/
 
  [[cd]] openvpn-*/
 
  ./[[configure]] [[&&]] [[make]] && make [[install]]
 
  ./[[configure]] [[&&]] [[make]] && make [[install]]
If you run into problems, see the article [[compiling from source]].
+
If you run into problems, see the article on [[building software from source]].
 
* generate a key for encryption
 
* generate a key for encryption
 
  openvpn --genkey --secret mykey.key
 
  openvpn --genkey --secret mykey.key
Line 31: Line 29:
  
 
== On server ''mars'' ==
 
== On server ''mars'' ==
 
 
* Download openVPN from http://openvpn.net
 
* Download openVPN from http://openvpn.net
 
* unpack, compile, link and install openvpn:
 
* unpack, compile, link and install openvpn:
Line 37: Line 34:
 
  cd openvpn-*/
 
  cd openvpn-*/
 
  ./[[configure]] [[&&]] [[make]] && make [[install]]
 
  ./[[configure]] [[&&]] [[make]] && make [[install]]
If you run into problems, see the article [[compiling from source]]
+
If you run into problems, see the article [[building software from source]]
 
* create a client config [[file]]:
 
* create a client config [[file]]:
 
  cat >client.conf << EOF
 
  cat >client.conf << EOF
Line 45: Line 42:
 
  secret mykey.key
 
  secret mykey.key
 
  EOF
 
  EOF
* start [[openVPN]]:
+
* start openVPN:
 
  openvpn client.conf &
 
  openvpn client.conf &
 
* verify it worked:
 
* verify it worked:
Line 72: Line 69:
  
 
== transmission test ==
 
== transmission test ==
 
 
On ''earth'', open a [[socket]] on [[port]] 8000:
 
On ''earth'', open a [[socket]] on [[port]] 8000:
 
  [[netcat]] -l -p 8000
 
  [[netcat]] -l -p 8000
Line 78: Line 74:
 
  netcat 10.0.0.1 8000
 
  netcat 10.0.0.1 8000
 
  hello world
 
  hello world
Verify the [[console]] on ''earth'' now shows
+
Verify the [http://simple.wikipedia.org/wiki/Command_Line_Interface console] on ''earth'' now shows
 
  hello world
 
  hello world
  
Line 93: Line 89:
  
 
== All TAP-Win32 adapters on this system are currently in use ==
 
== All TAP-Win32 adapters on this system are currently in use ==
 
 
You may get the error message '''All TAP-Win32 adapters on this system are currently in use''' when attempting to use OpenVPN on Win32.
 
You may get the error message '''All TAP-Win32 adapters on this system are currently in use''' when attempting to use OpenVPN on Win32.
  
Line 106: Line 101:
  
 
= See also =
 
= See also =
 
+
* http://openvpn.se/ - providing an openVPN gui for Windows.
* http://openvpn.se/ - providing an openVPN [[gui]] for [[Windows]].
 
 
* [http://openvpn.net/static.html openvpn.net's tutorial]
 
* [http://openvpn.net/static.html openvpn.net's tutorial]
  
 
[[Category:Guides]]
 
[[Category:Guides]]

Latest revision as of 14:17, 21 January 2012

openvpn is a VPN software.

QuickStart

You have two servers that you want to connect. For this tutorial, we will assume that one is called earth and the other is called mars. earth will become your VPN server, mars your VPN client You need two virtual ip addresses for them, in this example, we will take 10.0.0.1 and 10.0.0.2.

On server earth

tar xvfz openvpn*.tar.gz
cd openvpn-*/
./configure && make && make install

If you run into problems, see the article on building software from source.

  • generate a key for encryption
openvpn --genkey --secret mykey.key
  • create a server.conf
cat >server.conf << EOF
dev tun
ifconfig 10.0.0.1 10.0.0.2
secret mykey.key
EOF
  • copy your encryption file to your client:
scp mykey.key root@earth:
  • shut down your fireWAll or make sure port 1194 is open
  • start openvpn
openvpn server.conf &
  • verify it is running:
netstat -putan | grep 1194
udp        0      0 0.0.0.0:1194            0.0.0.0:*                           11767/openvpn

On server mars

tar xvfz openvpn*.tar.gz
cd openvpn-*/
./configure && make && make install

If you run into problems, see the article building software from source

  • create a client config file:
cat >client.conf << EOF
remote earth
dev tun
ifconfig 10.0.0.2 10.0.0.1
secret mykey.key
EOF
  • start openVPN:
openvpn client.conf &
  • verify it worked:
$ ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.0.0.2  P-t-P:10.0.0.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
$ ping -c 1 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.518 ms

--- 10.0.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms 
rtt min/avg/max/mdev = 0.518/0.518/0.518/0.000 ms
$ ping -c 1 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.040 ms

--- 10.0.0.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.040/0.040/0.040/0.000 ms

transmission test

On earth, open a socket on port 8000:

netcat -l -p 8000

On mars, send over a "hello world":

netcat 10.0.0.1 8000
hello world

Verify the console on earth now shows

hello world

TroubleShooting

Kernel-unsupported (RHEL 3)

If you are using RHEL 3, install the kernel-unsupported package. It is required for tun support.

Load the tun driver:

modprobe tun

Enable IP Forwarding.

echo 1 > /proc/sys/net/ipv4/ip_forward

All TAP-Win32 adapters on this system are currently in use

You may get the error message All TAP-Win32 adapters on this system are currently in use when attempting to use OpenVPN on Win32.

It appears that this error occurs when OpenVPN cannot open a TAP-Win32 adapter to use when attempting to set up a VPN connection.

This can happen for a number of reasons, but the top reasons are:

  • The TAP-Win32 'adapter' is marked as disabled. This can be checked by going into the "Network Connections" folder and seeing if the TAP-Win32 'adapter' is disabled. If it is, right-click and select "Enable". Then try OpenVPN again. If this answers your question, please send me a quick note.
  • The user does not have administrative privileges on the machine. OpenVPN needs administrative privileges to be able to manipulate a TAP-Win32 'adapter'.
  • There is no TAP-Win32 'adapter' installed. Run addtap.bat in the OpenVPN directory. (This is a special case of the following problem.)
  • There are insufficient TAP-Win32 'adapters' installed. This can happen if you are running more than one OpenVPN connection at the same time, but without sufficient instances of the TAP-Win32 adapter to be able to service the number of simultaneous VPN connections requested. Run addtap.bat in the OpenVPN directory.

See also