Openvpn
Contents
QuickStart
You have two servers that you want to connect. For this tutorial, we will assume that one is called earth and the other is called mars. earth will become your VPN server, mars your VPN client You need two virtual ip addresses for them, in this example, we will take 10.0.0.1 and 10.0.0.2.
On server earth
- Download openVPN from http://openvpn.net
- unpack, compile, link and install openvpn:
tar xvfz openvpn*.tar.gz cd openvpn-*/ ./configure && make && make install
If you run into problems, see the article on building software from source.
- generate a key for encryption
openvpn --genkey --secret mykey.key
- create a server.conf
cat >server.conf << EOF dev tun ifconfig 10.0.0.1 10.0.0.2 secret mykey.key EOF
- copy your encryption file to your client:
scp mykey.key root@earth:
openvpn server.conf &
- verify it is running:
netstat -putan | grep 1194 udp 0 0 0.0.0.0:1194 0.0.0.0:* 11767/openvpn
On server mars
- Download openVPN from http://openvpn.net
- unpack, compile, link and install openvpn:
tar xvfz openvpn*.tar.gz cd openvpn-*/ ./configure && make && make install
If you run into problems, see the article building software from source
- create a client config file:
cat >client.conf << EOF remote earth dev tun ifconfig 10.0.0.2 10.0.0.1 secret mykey.key EOF
- start openVPN:
openvpn client.conf &
- verify it worked:
$ ifconfig tun0 tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.0.0.2 P-t-P:10.0.0.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) $ ping -c 1 10.0.0.1 PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.518 ms --- 10.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.518/0.518/0.518/0.000 ms $ ping -c 1 10.0.0.2 PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.040 ms --- 10.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.040/0.040/0.040/0.000 ms
transmission test
On earth, open a socket on port 8000:
netcat -l -p 8000
On mars, send over a "hello world":
netcat 10.0.0.1 8000 hello world
Verify the console on earth now shows
hello world
TroubleShooting
Kernel-unsupported (RHEL 3)
If you are using RHEL 3, install the kernel-unsupported package. It is required for tun support.
Load the tun driver:
modprobe tun
Enable IP Forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward
All TAP-Win32 adapters on this system are currently in use
You may get the error message All TAP-Win32 adapters on this system are currently in use when attempting to use OpenVPN on Win32.
It appears that this error occurs when OpenVPN cannot open a TAP-Win32 adapter to use when attempting to set up a VPN connection.
This can happen for a number of reasons, but the top reasons are:
- The TAP-Win32 'adapter' is marked as disabled. This can be checked by going into the "Network Connections" folder and seeing if the TAP-Win32 'adapter' is disabled. If it is, right-click and select "Enable". Then try OpenVPN again. If this answers your question, please send me a quick note.
- The user does not have administrative privileges on the machine. OpenVPN needs administrative privileges to be able to manipulate a TAP-Win32 'adapter'.
- There is no TAP-Win32 'adapter' installed. Run addtap.bat in the OpenVPN directory. (This is a special case of the following problem.)
- There are insufficient TAP-Win32 'adapters' installed. This can happen if you are running more than one OpenVPN connection at the same time, but without sufficient instances of the TAP-Win32 adapter to be able to service the number of simultaneous VPN connections requested. Run addtap.bat in the OpenVPN directory.
See also
- http://openvpn.se/ - providing an openVPN gui for Windows.
- openvpn.net's tutorial