Thursday, July 7, 2011

Simple VPN installation on debian lenny

This is an simple way to install openvpn for two computer, one is the vpn-server, the other is the client.

Server:

First i install openvpn with aptitude:
aptitude install openvpn

After this i generate a secrec key with:
openvpn --genkey --secret static.key
it should be stored in /etc/openvpn direcotry.

now i modified the /etc/openvpn/server.conf that it looks like this:
dev tun
ifconfig 192.168.0.1 10.8.0.1
secret /etc/openvpn/static.key
push "route 192.168.0.0 255.255.255.0"
port 1234
comp-lzo


I decieded for an other port because security reasons.
Now i must enable ip_forwarding with:
echo 1 > /proc/sys/net/ipv4/ip_forward


The kernel routing table looks like this:
Ziel Router Genmask Flags Metric Ref Use Iface
192.168.1.2 10.8.0.1 255.255.255.255 UGH 0 0 0 tun0
10.8.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.0.0 192.168.0.1 255.255.255.0 UG 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0


Here 192.168.1.2 is the ip-adress from the client behind the vpn and 192.168.0.1 the ip of the vpn-server.

Client:

Here we install openvpn with:
aptitude install openvpn

The the /etc/openvpn/openvpn.conf
remote 1.2.3.4 1234
dev tun
ifconfig 10.8.0.1 192.168.0.1
secret /etc/openvpn/static.key

The ip adress 1.2.3.4 is the fix-internetadress of the vpn server,
this one you must know.
1234 is the port where openvpn is listening.
You must transfer the static.key on a secure way to the client pc and store it
in /etc/openvpn directory

The kernel-routing table should look like this:
Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
192.168.0.1 0 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

No comments:

Post a Comment