E
Eric Hansen
Guest
In the last part of this series we set up an OpenVPN server from scratch in a VPS. Now we are going to set up the client. Again this will be done on Debian/Ubuntu.
Installing OpenVPN is the same:
Now on the server we need to generate a certificate for this client as well (when the prompt comes up set the Common Name to the hostname if its not already):
This will create a SKYNet.csr/crt key pair in the keys/ directory. Now, what we need to ensure is transferred is the CA file and the SKYNet files:
(Server)
(Client)
We need a client config, so we’ll work with this one:
We will also need to extract our keys so we can use them:
There’s a few lines in the client.conf we need to edit as well:
Change “cs01.example.com” to point to the OpenVPN server (can either be IP or hostname).
Same as what we had to do for the server, just we're using the client cert and key this time.
Now we need to start the client:
Not done just yet though. Again we need to make sure its running:
A tun adapter won’t be created if OpenVPN isn’t started or running. Make note of the inet addr (10.8.0.6 in my case). We’ll need that in the next part.
Now for the final test, see if you can ping the server itself (10.8.0.1):
Installing OpenVPN is the same:
Code:
root@SKYNet:~# apt-get install openvpn
Code:
root@cs01:/etc/openvpn# cd easy-rsa/
root@cs01:/etc/openvpn/easy-rsa# ./build-key SKYNet
(Server)
Code:
root@cs01:/etc/openvpn/easy-rsa# tar -cf /home/ehansen/keys.tar.gz keys/{ca.crt,SKYNet.crt,SKYNet.key}
root@cs01:/etc/openvpn/easy-rsa# chown ehansen:ehansen /home/ehansen/keys.tar.gz
Code:
root@SKYNet:/etc/openvpn# scp [email protected]:keys.tar.gz .
[email protected]'s password:
keys.tar.gz 100% 10KB 10.0KB/s 00:00
Code:
root@SKYNet:/etc/openvpn# cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf .
Code:
root@SKYNet:/etc/openvpn# tar -xf keys.tar.gz
root@SKYNet:/etc/openvpn# ls
client.conf keys keys.tar.gz update-resolv-conf
Code:
remote cs01.example.com 1194
Code:
ca keys/ca.crt
cert keys/SKYNet.crt
key keys/SKYNet.key
Now we need to start the client:
Code:
root@SKYNet:/etc/openvpn# service openvpn restart
* Stopping virtual private network daemon(s)...
* Stopping VPN 'client' [ OK ]
* Starting virtual private network daemon(s)...
* Autostarting VPN 'client'
Code:
root@SKYNet:/etc/openvpn# ifconfig tun0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Now for the final test, see if you can ping the server itself (10.8.0.1):
Code:
root@SKYNet:/etc/openvpn# ping -c 1 10.8.0.1
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
64 bytes from 10.8.0.1: icmp_req=1 ttl=64 time=41.7 ms
--- 10.8.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 41.733/41.733/41.733/0.000 ms