OpenVPN

From ArchWiki

Jump to: navigation, search

Contents

Install

Install openvpn:

 pacman -S openvpn

Also you may install ldap authentication module from AUR.

Prepare OpenSSL data

 cd /usr/share/openvpn/easy-rsa
 source ./vars
 ./build-ca
 ./build-key-server <server-name>

Setting up server

Using PAM and passwords to authenticate

port 1194
proto udp
dev tap
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 192.168.56.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;learn-address ./script
client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0
comp-lzo
;max-clients 100
;user nobody
;group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-cert-not-required
username-as-common-name
plugin /usr/lib/openvpn/openvpn-auth-pam.so login

Setting up client

Password authentication

client
dev tap
proto udp
remote <address> 1194
resolv-retry infinite
nobind
persist-tun
comp-lzo
verb 3
auth-user-pass passwd
ca ca.crt

passwd file (referenced by auth-user-pass) must contain two lines:

  • first line - username
  • second - password
Personal tools