Professional Documents
Culture Documents
OpenVPN
OpenVPN is a virtual private network (VPN) system that implements techniques to create secure
point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It
implements both client and server applications.
OpenVPN allows peers to authenticate each other using pre-shared secret keys, certificates or
username/password. When used in a multi client - server configuration, it allows the server to release an
authentication certificate for every client, using signatures and certificate authority.
Dev tun , Dev tap
TAP is basically at Ethernet level (layer 2) and acts like a switch whereas TUN works at network level (layer
3) and routes packets on the VPN. TAP is bridging whereas TUN is routing.
client
dev tap
proto udp
remote 10.99.99.21 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
route 0.0.0.0 0.0.0.0 10.22.22.1
verb 3
Create OpenVPN client file on MON1
■ Create file client.ovpn
○ # cd /etc/openvpn/client
○ # cat client.conf > client.ovpn && echo "<cert>" >> client.ovpn && cat nf.crt >>
client.ovpn && echo "</cert>" >> client.ovpn && echo "<key>" >> client.ovpn && cat
nf.key >> client.ovpn && echo "</key>" >> client.ovpn && echo "<ca>" >> client.ovpn &&
cat ca.crt >> client.ovpn && echo "</ca>" >> client.ovpn
■ Copy / SCP file client.ovpn to NF
OpenVPN Client on NF using NetworkManager
1. Install OpenVPN
○ # apt install openvpn
2. Install Network Manager to use .ovpn file
○ # apt install network-manager network-manager-openvpn
3. Configure NetworkManager
○ # vim /etc/NetworkManager/NetworkManager.conf
[ifupdown]
managed=true
<LDAP>
URL ldap://ldap.itnsa.id
BindDN cn=admin,dc=itnsa,dc=id
Password admin
Timeout 15
TLSEnable no
FollowReferrals no
</LDAP>
<Authorization>
BaseDN "ou=People,dc=itnsa,dc=id"
SearchFilter "(uid=%u)"
RequireGroup false
</Authorization>
OpenVPN Server on MON1 using LDAP Auth
3. Enable plugin auth ldap on server.conf
○ # echo "plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth-ldap.conf" >>
/etc/openvpn/server.conf
○ # systemctl restart openvpn@server
OpenVPN client on NF Auth LDAP using NetworkManager
1. Edit file client nmconnection
○ # vim /etc/NetworkManager/system-connections/client.nmconnection
user-name=vpn
password-flags=0
[vpn-secrets]
password=Skills39
auth-user-pass /etc/openvpn/login.txt
3. Connect to Server
○ # systemctl start openvpn@client
Reference
https://en.wikipedia.org/wiki/OpenVPN
https://community.openvpn.net/openvpn/wiki/BridgingAndRouting