OpenVPN

(N9 HARMATTAN)
 
(3 intermediate revisions not shown)
Line 1: Line 1:
This page describes setting up openVPN  
This page describes setting up openVPN  
 +
= On N8x0 =
-
= on an [[Nokia N900|N900]] =
+
[[ToDo]]
 +
 
 +
= On [[Nokia N900|N900]] / Maemo =
== Server Setup ==
== Server Setup ==
Line 30: Line 33:
The applet will pickup any .conf files in that directory.
The applet will pickup any .conf files in that directory.
 +
= N9 HARMATTAN =
= N9 HARMATTAN =
Line 35: Line 39:
Install it from N9Qt
Install it from N9Qt
-
     domain="www.$USER.org" # adapt
+
* http://wiki.maemo.org/N9QTweak
-
     server_inet="0.0.0.0" # adapt
+
 
-
    dev="tun2"
+
 
-
     port="80"
+
== Env variables ==
-
     key="/etc/openvpn/$domain.key"
+
 
-
     server="10.9.8.254"
+
Will be used in Client and Server side
-
     client="10.9.8.1"
+
 
 +
     domain="www.$USER.tld" # must be adapted to your public DNS record
 +
     server_inet="0.0.0.0" # must be adapted to your public inet IP
 +
     port="80" # 80 is prefered to pass firewall or 443 ?
 +
     dev="tun2"  
 +
     server="10.9.8.254" # can be changed
 +
     client="10.9.8.1" # can be changed too
     conf="/etc/openvpn/$domain.conf"
     conf="/etc/openvpn/$domain.conf"
 +
    key="/etc/openvpn/$domain.key"
-
Server Side :
+
== Server Side : ==
   sudo mkdir -p /etc/openvpn
   sudo mkdir -p /etc/openvpn
Line 55: Line 66:
   secret $key
   secret $key
   EOF
   EOF
 +
 +
Launch it by hand or with service :
 +
   sudo openvpn --config "$conf" --verb 6  
   sudo openvpn --config "$conf" --verb 6  
-
Client Side :
 
-
  sudo mkdir -p /etc/openvpn
+
== Client Side : ==
-
    ssh -t $domain \
+
Copy Key and configure it :
 +
 
 +
  sudo mkdir -p /etc/openvpn
 +
  ssh -t $domain \
         'sudo cat /etc/openvpn/$domain.key' \
         'sudo cat /etc/openvpn/$domain.key' \
         | sudo dd of="/etc/openvpn/$domain.key"
         | sudo dd of="/etc/openvpn/$domain.key"
Line 75: Line 91:
   EOF
   EOF
 +
Then launch it
   $sudo /usr/sbin/openvpn --script-security 2 --config $conf --verb 6
   $sudo /usr/sbin/openvpn --script-security 2 --config $conf --verb 6
 +
 +
 +
== More ==
 +
 +
FeedBack welcome at :
 +
 +
http://talk.maemo.org/showthread.php?t=89703&highlight=OpenVPN&page=2
 +
 +
 +
[[Category:Software]]
[[Category:Software]]
[[Category:HowTo]]
[[Category:HowTo]]
-
 
[[Category:Software]]
[[Category:Software]]
[[Category:HowTo]]
[[Category:HowTo]]

Latest revision as of 09:46, 2 November 2014

This page describes setting up openVPN

Contents

[edit] On N8x0

ToDo

[edit] On N900 / Maemo

[edit] Server Setup

The server should be setup like so:

 http://openvpn.net/index.php/open-source/documentation/howto.html

udp is better than tcp if you can use it. If your client is likely to be behind firewalls then tcp is more likely to work.

Consider whether compression is useful - if you're transferring media or using ssh tunnels then it may not gain much.

If you need access to a nameserver on your LAN you'll need this in the server.conf:

push "dhcp-option DNS 10.0.0.7"            
push "dhcp-option DOMAIN dgreaves.com"

[edit] Client Setup

You'll need the openVPN client and the openVPN applet

Create a matching client setup conf and copy it together with the client certificate, key and the ca file to the /etc/openvpn/ directory on the device.

The client.conf may need:

# Allow scripts to be run
script-security 2
# and update the config when a route changes
up /etc/openvpn/maemo-update-resolvconf
plugin /opt/openvpn/lib/openvpn/openvpn-down-root.so "script_type=down /etc/openvpn/maemo-update-resolvconf"

The applet will pickup any .conf files in that directory.


[edit] N9 HARMATTAN

Install it from N9Qt


[edit] Env variables

Will be used in Client and Server side

   domain="www.$USER.tld" # must be adapted to your public DNS record
   server_inet="0.0.0.0" # must be adapted to your public inet IP
   port="80" # 80 is prefered to pass firewall or 443 ?
   dev="tun2" 
   server="10.9.8.254" # can be changed
   client="10.9.8.1"  # can be changed too
   conf="/etc/openvpn/$domain.conf"
   key="/etc/openvpn/$domain.key"

[edit] Server Side :

  sudo mkdir -p /etc/openvpn
  sudo openvpn --genkey --secret "$key"
  cat<<EOF | sudo tee "$conf"
  dev $dev
  port $port
  ifconfig $server $client
  secret $key
  EOF

Launch it by hand or with service :

  sudo openvpn --config "$conf" --verb 6 


[edit] Client Side :

Copy Key and configure it :

  sudo mkdir -p /etc/openvpn
  ssh -t $domain \
       'sudo cat /etc/openvpn/$domain.key' \
       | sudo dd of="/etc/openvpn/$domain.key"
  cat<<EOF | sudo tee "$conf"
  remote $domain
  dev $dev
  port $port
  ifconfig $client $server
  secret $key
  persist-tun
  nobind
  EOF

Then launch it

  $sudo /usr/sbin/openvpn --script-security 2 --config $conf --verb 6


[edit] More

FeedBack welcome at :

http://talk.maemo.org/showthread.php?t=89703&highlight=OpenVPN&page=2