From ArchWiki
Revision as of 09:08, 21 January 2012 by Therealplato (talk | contribs) (Created page because OpenVPN was crufty)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Configuring OpenVPN to connect as a client to an AirVPN server

OpenVPN is quite detailed as it describes configuration for both servers and clients. If you're interested in simply getting openvpn to work with credentials provided by a third-party VPN service, do this:

Install openvpn with pacman:

 # pacman -S openvpn

Airvpn will generates a config for you, if you have an account and are logged in. You can choose a server, port, and proxy settings, and download a zip file with certificates and settings. I downloaded it from their page "Access without a client" on 01.20.2012.

You should now have an archive containing 4 files:

 air.ovpn ca.crt  user.crt  user.key

Note that user.key is your secret key. Don't share it or let it be compromised.

Open air.ovpn and note the lines

ca "ca.crt"
user "user.crt"
key  "user.key"

Move all four files to /etc/openvpn, set permissions, delete the zip. IF you want to put them somewhere else, set their new absolute paths in air.ovpn; it won't find them by default as shown above

 # mv air.ovpn ca.crt  user.crt  user.key /etc/openvpn
 # chmod 400 air.ovpn ca.crt  user.crt  user.key
 # shred --remove ~/

Point openvpn at the config file as superuser:

# openvpn --config /etc/openvpn/air.ovpn

You should get a couple dozen verbose connection logs, hopefully ending in something like

Sat Jan 21 02:16:47 2012 Initialization Sequence Completed

Background openvpn if you'd like:

   [1]+  Stopped          sudo openvpn --config /etc/openvpn/air.ovpn
 sudo openvpn --config /etc/openvpn/air.ovpn &

This won't start automatically as shown. I'm not sure how to do it right, perhaps putting a small script in /etc/rc.conf.d/ would be appropriate.

Sample configs are included in /usr/share/openvpn/examples/


If you have a custom kernel, note that OpenVPN requires TUN/TAP modules enabled as described in OpenVPN. They should already work on default kernels.

I was setting this up on a virtual Arch system running in Virtualbox on a Windows 7 host machine. While testing I already had my Windows client tunnelling all traffic through my Windows AirVPN client. Trying to initialize a second tunnel from within the VM failed with an authentication failure, until I turned off the Windows client.

If the files are chmod 400, you must execute openvpn as superuser or it will fail with "Error opening configuration file."