OpenVPN

From ArchWiki
Revision as of 12:48, 3 October 2009 by Sergej (Talk | contribs) (Created page with '==Install== Install openvpn: pacman -S openvpn Also you may install http://aur.archlinux.org/packages.php?ID=30584 ldap authentication module from AUR. ==Prepare OpenSSL d…')

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Install

Install openvpn:

 pacman -S openvpn

Also you may install [ldap authentication module] from AUR.

Prepare OpenSSL data

 cd /usr/share/openvpn/easy-rsa
 source ./vars
 ./build-ca
 ./build-key-server <server-name>

Setting up server

Using PAM and passwords to authenticate

port 1194
proto udp
dev tap
ca /etc/openvpn/ca.crt
cert /etc/openvpn/lx.crt
key /etc/openvpn/lx.key
dh /etc/openvpn/dh1024.pem
server 192.168.56.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;learn-address ./script
client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0
comp-lzo
;max-clients 100
;user nobody
;group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-cert-not-required
username-as-common-name
plugin /usr/lib/openvpn/openvpn-auth-pam.so login

Setting up client

Password authentication

client
dev tap
proto udp
remote <address> 1194
resolv-retry infinite
nobind
persist-tun
comp-lzo
verb 3
auth-user-pass passwd
ca ca.crt

passwd file (referenced by auth-user-pass) must contain two lines:

  • first line - username
  • second - password