openvpn linux client
TRANSCRIPT
-
7/29/2019 Openvpn Linux Client
1/3
Configuring Linux Clients
First, copy the appropriate key sets from the server to the /etc/openvpn directory
on each of the clients. If the client machines arent locally available, then make the
transfers via a secure means, such as SFTP. For example, for client 1 copy the
following files:
client1.crt
client1.key
ca.crt
Note: The same ca.crt file gets copied to each client. Be sure that you dont
copy the ca.key file to any clients, or else server security will be compromised.
On each client, copy the client.conf file from the /usr/share/doc/openvpn-2.0.9/sample-config-files/ directory to the /etc/openvpn directory. Open the file
for editing. Scroll down until you find the line:
remote my-server-1 1194
Change the my-server-1 part to the actual IP address of your OpenVPN
server. For example, if the IP address of your servers eth0 interface is
216.33.19.3, then the line will become:
remote 216.33.19.3 1194
Next, scroll down until you find the lines:
ca ca.crt
cert client.crt
key client.keyChange these lines to match the client-key files that you transferred from the
server. For client 1, these would become:
-
7/29/2019 Openvpn Linux Client
2/3
ca ca.crt
cert client1.crt
key client1.key
Uncomment the line,
;ns-cert-type server
by removing the preceding semi-colon.
Uncomment the
;cipher x
line, and change the x to match the cryptographic method that you set up in the
server configuration. For example, if you chose the Blowfish method in the
server configuration, then change this line to:
cipher BF-CBC
Save the file and exit the text editor. To test, start up OpenVPN on the server, and
then start OpenVPN on the client.
Note: Even on the clients, manually starting OpenVPN from the command-line
requires root privileges. So, for testing, you will either have to have the
appropriate settings made so that you can use sudo, or youll have to have the
root password for the respective client machines.
The command to start the client is:
cd /etc/openvpn
openvpn client.conf
On the client, open a second command-line terminal window, and ping the private
address of the OpenVPN server. In our example, the command would be ping
-
7/29/2019 Openvpn Linux Client
3/3
10.1.1.1. If the ping is successful, youve achieved coolness. If it isnt, you may
have to reconfigure the clients firewall to allow proper connectivity.
As on the server, youll find that init script have been installed in the appropriate
run-level directories. So, OpenVPN will start automatically, and will
automatically connect to the OpenVPN server, whenever you reboot the computer.