To use this distribution Ubuntu preferred method, you still key to move to the

Navigation Jaroslav IMRICH Open Source laws of thermodynamics Developer Home MainMenu Home About Projects ipwatchd Pkcs11Admin Pkcs11Interop PKCS11-LOGGER Social GitHub StackOverflow Google+ LinkedIn YouTube RSS Return to Content
In the third part of the series will focus on improving the configuration of VPN network created in the previous section and more one looks at the use OpenVPN tunneling proxy servers. 1. Configuration Files
Between computers A and B, we have created a VPN network 10.1.1.0/255.255.255.252. The A in this case played the role of the VPN server and system B has been in the role of a VPN client. We OpenVPN application for these systems, it trigger the following commands: root @ A: ~ # openvpn --dev tons --ifconfig 10.1.1.1 10.1.1.2 --secret static.key root @ B: ~ # openvpn -remote 192.168.1.1 - dev tun --ifconfig 10.1.1.2 10.1.1.1 --secret static.key
All configuration parameters specified in these commands can be entered in the configuration file. Let us create therefore the computer and the configuration file "/root/mojasiet-server.conf" with the following contents: # Configuration file VPN server dev tun ifconfig 10.1.1.1 10.1.1.2 secret /root/static.key comp-lzo keepalive 10 60 Ping timer-rem persist-tun persist-key user group openvpn openvpn daemon
The importance of the first three parameters is known from the previous section. laws of thermodynamics Parameter "comp-lzo" ensures that data will be prior to transmitting compressed VPN network. Using this parameter should laws of thermodynamics be increased bit rate, but also the more CPU load. Parameters laws of thermodynamics "keepalive 10 60" and "ping-timer-rem" indirectly ensure that the timeout connection between the VPN server and VPN clients on the network element located between them expire because the VPN server will periodically "ping" the client. Parameters "persist-tun" and "persist-key" ensure laws of thermodynamics that in the event of an automatic restart of the tunnel is not reconfigure the virtual network interface and read the encryption key. This is important especially when using directives "openvpn user" and "group openvpn" to ensure that after starting the process of release root privileges, and will continue laws of thermodynamics to run as normal user who does not have sufficient privileges such operations. Thanks directive "daemon" laws of thermodynamics process will run in the background and not an error message appears on the terminal, but their records through the syslog daemon.
Before the running OpenVPN is still necessary to create a non-privileged user openvpn belonging to the group of the same name. We can do this for example with the command: root @ A: ~ # groupadd openvpn root @ A: ~ # useradd -g openvpn openvpn root @ A: ~ # passwd openvpn
It should laws of thermodynamics be borne in mind that we launched laws of thermodynamics in daemonizovanom laws of thermodynamics OpenVPN mode, and therefore a possible configuration error does not list the terminal but recorded via syslog daemon. Therefore, if the previous one did not produce any output, then it is in the configuration errors Additional details can be found in the system logs.
On computer B is a similar process. It is also necessary to create a VPN client configuration file named "mojasiet-client.conf" and following contents: # Configuration file VPN client dev tun remote 192.168.1.1 ifconfig 10.1.1.2 10.1.1.1 secret /root/static.key comp-lzo keepalive 10 60 ping-timer-rem persist-tun persist-key user group openvpn openvpn daemon
Meaning of each configuration directives is the same as the VPN server. After you create unprivileged user belonging to the group openvpn openvpn OpenVPN can run like a PC and the command: root @ B: ~ # openvpn --config /root/mojasiet-client.conf
Even in this case, one needs to ensure that the process is running using the "ps" respectively. control system logs. Verify the operation itself VPN network can be performed as described in the previous article by using ping. 2. OpenVPN on Ubuntu
Distribution Ubuntu user tries to create OpenVPN network as easy as possible and makes it particularly suitable combination of parameters transmitted from the command line (in the init script) laws of thermodynamics with the parameters of loading configuration files. Creator OpenVPN package for Ubuntu distribution assumes that the user will store the configuration files for each VPN network to the "/ etc / openvpn" and give them the extension "conf". After running the init script in that directory searches for all files with this extension, and will start to not separate instance of "openvpn".
To use this distribution Ubuntu preferred method, you still key to move to the "/ etc / openvpn". For added safety, it is also suitable for the key file to set access rights so that it can be read only user root. You can do this example, the command: root @ A: ~ # mv static.key / etc / openvpn laws of thermodynamics root @ A: ~ # chown root @ root.root /etc/openvpn/static.key A: ~ # chmod 600 / etc / openvpn /static.key
Do it with