Advanced Networking: OpenVPN: Difference between revisions
No edit summary |
No edit summary |
||
| Line 34: | Line 34: | ||
192.168.0.111 is the address for the Telem-GW6 and 192.168.0.4 is the address for the OpenVPN server. Note this setup is insecure as it is not using any encryption and that on production systems you need to configure intermittent routers or firewalls. | 192.168.0.111 is the address for the Telem-GW6 and 192.168.0.4 is the address for the OpenVPN server. Note this setup is insecure as it is not using any encryption and that on production systems you need to configure intermittent routers or firewalls. | ||
== Enable OpenVPN at Telem-GW6 Startup == | |||
In order for the OpenVPN to start at system boot you need startup script that invokes OpenVPN with your configuration. Example startup script looks like this: | |||
<syntaxhighlight lang="bash"> | |||
#!/bin/sh | |||
start() { | |||
echo -n "OpenVPN:start ... " | |||
/usr/local/bin/openvpn/StartOpenVPNClient.sh /usr/local/bin/openvpn/client1/client.conf &> /dev/null & | |||
echo "done" | |||
} | |||
stop() { | |||
echo -n "OpenVPN:stop ... " | |||
busybox killall StartOpenVPNClient.sh | |||
busybox killall openvpn | |||
echo "done" | |||
} | |||
restart() { | |||
stop | |||
start | |||
} | |||
case "$1" in | |||
start) | |||
start | |||
;; | |||
stop) | |||
stop | |||
;; | |||
restart|reload) | |||
restart | |||
;; | |||
*) | |||
echo $"Usage: $0 {start|stop|restart}" | |||
exit 1 | |||
esac | |||
exit $? | |||
</syntaxhighlight> | |||
Note this startup script needs to be place to /etc/init.d, we use wrapper for OpenVPN called StartOpenVPNClient.sh and that files are stored to /usr/local/bin/openvpn. Wrapper for OpenVPN looks like this: | |||
<syntaxhighlight lang="bash"> | |||
#!/bin/sh | |||
echo Start OpenVPN Client | |||
while true | |||
do | |||
/usr/sbin/openvpn --config $1 | |||
sleep 10 | |||
done | |||
</syntaxhighlight> | |||
It takes one argument which is the location for the configuration file. | |||
== OpenVPN Telem-GW6 Installer Uninstaller == | |||
Revision as of 07:39, 28 March 2012
Introduction
This is a small tutorial to OpenVPN [1] and it's usage in Telem-GW6. A complete example is beyond the scope of this tutorial. However the idea is that after reading it you should be able to deploy it using Telem-GW6 or any other Martem product that has OpenVPN. Complete manuals and tutorials can be found from OpenVPN website. For instance [2] is manual for version 2.1. It is assumed that reader understands basic Unix commands as Telem-GW6 is Linux Busybox system. Introduction to Telem-GW6 and other networking related stuff can be found from here [3].
Changing Default User Accounts
Befaure configuring OpenVPN you should change default user accounts. Small howto can be found from here [4].
OpenVPN Configuration
For this example we will be using this simple OpenVPN configuration for the telem-GW6:
--proto tcp-client --port 8002 --remote 192.168.0.4 --dev tun0 --ifconfig 192.168.100.2 192.168.100.1 --log /usr/local/bin/openvpn/client1/openvpn.log --verb 3
At OpenVPN server you need to invoke openvpn like this:
openvpn --verb 3 --proto tcp-server --port 8002 --remote 192.168.0.111 --dev tun0 --ifconfig 192.168.100.1 192.168.100.2
192.168.0.111 is the address for the Telem-GW6 and 192.168.0.4 is the address for the OpenVPN server. Note this setup is insecure as it is not using any encryption and that on production systems you need to configure intermittent routers or firewalls.
Enable OpenVPN at Telem-GW6 Startup
In order for the OpenVPN to start at system boot you need startup script that invokes OpenVPN with your configuration. Example startup script looks like this:
#!/bin/sh
start() {
echo -n "OpenVPN:start ... "
/usr/local/bin/openvpn/StartOpenVPNClient.sh /usr/local/bin/openvpn/client1/client.conf &> /dev/null &
echo "done"
}
stop() {
echo -n "OpenVPN:stop ... "
busybox killall StartOpenVPNClient.sh
busybox killall openvpn
echo "done"
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
restart
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 1
esac
exit $?
Note this startup script needs to be place to /etc/init.d, we use wrapper for OpenVPN called StartOpenVPNClient.sh and that files are stored to /usr/local/bin/openvpn. Wrapper for OpenVPN looks like this:
#!/bin/sh
echo Start OpenVPN Client
while true
do
/usr/sbin/openvpn --config $1
sleep 10
done
It takes one argument which is the location for the configuration file.