User Tools

Site Tools


Sidebar

Kerlink Wiki Home Page

Home

Setups

General information

Wirnet™ iBTS information

Wirnet™ iFemtoCell information

Wirnet™ iFemtoCell-evolution information

Wirnet™ iStation information

System management

Network management

LoRa Features

KerOS customization

Support and resources



www.kerlink.com

wiki:network_mana:secure_network:keros_5.x:openvpn

OpenVPN

This procedure is for KerOs 5.x only.

Overview

  1. OpenVPN server configuration
  2. OpenVPN client configuration
  3. Firewall configuration
  4. Start OpenVPN

Step by step guide

OpenVPN server configuration

Easy way exist to set up an OpenVPN server on Linux. A Script named “openvpn-install” may be used to configure OpenVPN server (for Debian, Ubuntu, Fedora, CentOS, Arch Linux, Oracle Linux, Rocky Linux and AlmaLinux) :

https://github.com/angristan/openvpn-install

OpenVPN client configuration

Generate a client from the script “openvpn-install”. It will generate a file “.ovpn” that contain the system requirements (Certificate Authority, certificates, Keys). Transfer the file “.ovpn” to the Gateway in “/etc/openvpn/” folder and rename it to “.conf” :

scp client-openvpn.ovpn root@192.168.0.x://etc/openvpn/client-openvpn.conf

Firewall configuration

Create a file call “openvpn.rules” as the example below (replace the port number with the same number port set on the open vpn server) :

*filter
-A INPUT -p udp --sport 1194 -j ACCEPT
-A OUTPUT -p udp --dport 1194 -j ACCEPT
COMMIT

Transfert the file on the Gateway in the firewall folder “/etc/firewall.d/” :

scp openvpn.rules root@192.168.0.x://etc/firewall.d/

Reset the firewall process :

/etc/init.d/firewall restart

To check the rules, launch the command: iptables -L for IPv4 rules and ip6tables -L for IPv6 rules.

Start OpenVPN

Launch the OpenVPN main configuration file on the gateway (replace with the appropriate file name):

openvpn --config /etc/openvpn/client-openvpn.conf 2>&1 | logger &

Check that OpenVPN client is well launched on your gateway:

ps | grep [o]penvpn
31342 root      4700 S    openvpn --config /user/client-openvpn.conf

Check with the ifconfig command that the vpn0 interface is now active.

Once everything is working, you can add initialization scripts to enable the VPN automatically. Don't forget to enable the firewall again if it was disabled. We recommend monitoring the VPN with Monit daemon.

wiki/network_mana/secure_network/keros_5.x/openvpn.txt · Last modified: 2023/03/28 15:48 by gja