Difference between revisions of "OpenVPN"
From Blue-IT.org Wiki
(→VPN client on ubuntu server) |
|||
Line 21: | Line 21: | ||
* a ".ovpn" configuration file and rename it to ".conf" | * a ".ovpn" configuration file and rename it to ".conf" | ||
− | * all necessary credentials | + | ** chmod 600 (rw only for root) |
− | * place everything in the '''/etc/openvpn''' | + | * all necessary credentials that refer to ".p12", ".crt", ".key" -files within the ".ovpn"-file |
+ | ** have to be in the '''/etc/openvpn''' directory and | ||
+ | ** chmod 400 (read only for root!) | ||
+ | * place everything in the '''/etc/openvpn''' directory | ||
* edit the '''/etc/default/openvpn''' configuration file. | * edit the '''/etc/default/openvpn''' configuration file. | ||
** Put the name of the ".conf"-file in the AUTOSTART variable. | ** Put the name of the ".conf"-file in the AUTOSTART variable. | ||
** OR simply make AUTOSTART="all" | ** OR simply make AUTOSTART="all" |
Revision as of 09:07, 8 February 2015
Contents
Introduction
After successfully played around with an Cisco ASA 5505 Firewall we liked to expand our VPN experience. I personally was a little disappointed about the solutions, Cisco offered to us. First of all, I was very disappointed finding out, that - for IPSec VPN - there doesn't exist an native 64bit client for my linux machine. Second the license fees for SSL VPN are barely legal. Third the license and configuration djungle Cisco offers is not what I like.
To make a long story short: pFsense has everything we needed, was configured in a snap and in combination with a Soekris hardware ist a really robust, fast and easy to maintain appliance. ooking back spending hours and hours configuring the ASA, dangling around with license issues and limitationsone of the software this was one of the best decisions this year!
pFSense
There are a lot of HowTo's and Tutorials how to get OpenVPN running with pfSense in version 2.x. I don't like to add another 2 cents here.
OpenVPN auto reconnect script
Despite the very stable connection overall - if you are on the road and the internet connection is lost, the network manager of Ubuntu does not reconnect when internet is available again. On ubuntuforum I found a python script which uses the native network manager settings to reconnect a broken vpn:
VPN client on ubuntu server
Client mode
All you need is:
- a ".ovpn" configuration file and rename it to ".conf"
- chmod 600 (rw only for root)
- all necessary credentials that refer to ".p12", ".crt", ".key" -files within the ".ovpn"-file
- have to be in the /etc/openvpn directory and
- chmod 400 (read only for root!)
- place everything in the /etc/openvpn directory
- edit the /etc/default/openvpn configuration file.
- Put the name of the ".conf"-file in the AUTOSTART variable.
- OR simply make AUTOSTART="all"