Professional Documents
Culture Documents
2 Configuration
Step 1: Setup OpenVPN on the gateway for both server and client
First and foremost, mount the TinyNetConfig.iso image file and run the installation
for the OpenVPN with the following commands for both client and server side.
# cd /mnt/hdc
./SetupMenu
Install OpenVPN
In order to provide a secured handshake, both client and server required to have the
same Certificate Authority (CA) key generated by OpenVPN which used for
authenticate between the client and the server are directly using the same keys.
Therefore, in order to generate the key and certificate by OpenVPN correctly, both of
client and server side are required to input the following command lines.
/usr/doc/openvpn-2.0.9/easy-rsa/
./vars
./clean-all
./build-ca
Diagram 7.2: Step 2 configuration
After completing step 2 for server, continuing on adding the following command lines
in /usr/doc/openvpn-2.0.9/easy-rsa/.
./build-key-server server
Input Common Name field as “server” then confirm the certificate with ‘y’.
./build-dh and check the dh1024.pem exists in MC mode.
Copy the all of the newly generated keys and certificates of ./keys directory to
/usr/doc/openvpn-2.0.9/sample-config-files/ in MC mode.
Similar to step 3, the client must complete step 2 and add on the following command
lines.
Copy the previously generated ca.key and ca.crt to ./keys of the client.
Go to /usr/doc/openvpn-2.0.9/easy-rsa/ and ./build-key client
Input Common Name field as “client” then confirm the certificate with ‘y’.
Copy the all of the newly generated client keys and certificates of ./keys
directory to /usr/doc/openvpn-2.0.9/sample-config-files/ in MC mode.
Diagram 7.6: Copying the key
;dev tap
dev tun
Check for the ca.crt, server.crt, server.key and dh1024.pem is properly
defined.
; server-bridge 192.168.8.8 255.255.255.0 192.168.8.128 192.168.8.254
server 10.8.0.0 255.255.255.0
;server
;client
;dev tap
dev tun
remote 192.168.76.101 1194
;remote my-server-2 1194
Check for ca.crt, client.crt and client.key are properly defined.
Open the server and input the following command lines to create and initialize the tun
for both server and client.
Mkdir /dev/net
Mknod /dev/net/tun c 10 200
/usr/doc/openvpn-2.0.9/sample-config-files/
openvpn tun-server.conf
Diagram 7.13: Step 6 server configuration
/usr/doc/openvpn-2.0.9/sample-config-files/
openvpn tun-client.conf
dev tap0
;dev tun
server-bridge 192.168.8.4 255.255.255.0 192.168.8.128 192.168.8.254
;server 10.8.0.0 255.255.255.0
Go back to normal mode and active the bridge utility under the directory of
/mnt/live/memory/modules with the following command.
activate bridge-utils-1.2-2.lzm
client
;server
dev tap
;dev tun
remote 192.168.76.101 1194
;remote my-server-2 1194
Check for ca.crt, client.crt and client.key are properly defined.
Diagram 7.17: Step 7 TAP configuration for client
Previously done by step 6, the initialization already done with the mknod /dev/net/tun
c 10 200 command. The configuration that need to be done is initialize the tap0
opened allowing it to set the persist state to ON.
/usr/doc/openvpn-2.0.9/sample-scripts
./bridge-start
/usr/doc/openvpn-2.0.9/sample-config-files/
openvpn tap-server.conf
/usr/doc/openvpn-2.0.9/sample-config-files/
openvpn tap-server.conf
Diagram 7.18: Step 8 initialization TAP for client.
Then the test for Tap configuration is done by the client through ping 192.168.8.4 for
br0.
7.3 Results
The results are shown with TUN and TAP connections are able to ping each other
through OpenVPN.