OPenVPN

From LQWiki
Jump to navigation Jump to search

oPenVPN is a VPN software.

QuickStart

You have two servers that you want to connect. For this tutorial, we will assume that one is called earth and the other is called mars. earth will become your VPN server, mars your VPN client You need two virtual ip addresses for them, in this example, we will take 10.0.0.1 and 10.0.0.2.

On server earth

tar xvfz openvpn*.tar.gz
cd openvpn-*/
./configure && make && make install

If you run into problems, see the article compiling from source.

  • generate a key for encryption
openvpn --genkey --secret mykey.key
  • create a server.conf
cat >server.conf << EOF
dev tun
ifconfig 10.0.0.1 10.0.0.2
secret mykey.key
EOF
  • copy your encryption file to your client:
scp mykey.key root@earth:
  • shut down your fireWall or make sure port 1194 is open
  • start openvpn
openvpn server.conf &
  • verify it is running:
netstat -putan | grep 1194
udp        0      0 0.0.0.0:1194            0.0.0.0:*                           11767/openvpn

On server mars

tar xvfz openvpn*.tar.gz
cd openvpn-*/
./configure && make && make install

If you run into problems, see the article compiling from source

  • create a client config file:
cat >client.conf << EOF
remote earth
dev tun
ifconfig 10.0.0.2 10.0.0.1
secret mykey.key
EOF
openvpn client.conf &
  • verify it worked:
$ ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.0.0.2  P-t-P:10.0.0.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
$ ping -c 1 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.518 ms

--- 10.0.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms 
rtt min/avg/max/mdev = 0.518/0.518/0.518/0.000 ms
$ ping -c 1 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.040 ms

--- 10.0.0.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.040/0.040/0.040/0.000 ms

transmission test

On earth, open a socket on port 8000:

netcat -l -p 8000

On mars, send over a "hello world":

netcat 10.0.0.1 8000
hello world

Verify the console on earth now shows

hello world

TroubleShooting

Kernel-unsupported (RHEL 3)

If you are using RHEL 3, install the kernel-unsupported package. It is required for tun support.

Load the tun driver:

modprobe tun

Enable IP Forwarding.

echo 1 > /proc/sys/net/ipv4/ip_forward

All TAP-Win32 adapters on this system are currently in use

You may get the error message All TAP-Win32 adapters on this system are currently in use when attempting to use OpenVPN on Win32.

It appears that this error occurs when OpenVPN cannot open a TAP-Win32 adapter to use when attempting to set up a VPN connection.

This can happen for a number of reasons, but the top reasons are:

  • The TAP-Win32 'adapter' is marked as disabled. This can be checked by going into the "Network Connections" folder and seeing if the TAP-Win32 'adapter' is disabled. If it is, right-click and select "Enable". Then try OpenVPN again. If this answers your question, please send me a quick note.
  • The user does not have administrative privileges on the machine. OpenVPN needs administrative privileges to be able to manipulate a TAP-Win32 'adapter'.
  • There is no TAP-Win32 'adapter' installed. Run addtap.bat in the OpenVPN directory. (This is a special case of the following problem.)
  • There are insufficient TAP-Win32 'adapters' installed. This can happen if you are running more than one OpenVPN connection at the same time, but without sufficient instances of the TAP-Win32 adapter to be able to service the number of simultaneous VPN connections requested. Run addtap.bat in the OpenVPN directory.

See also