Virtual private networks (VPNs) are a means for connecting to a
remote network and making it look like a local one. This means you can connect
to your work location and have full access to resources (if so configured on
the work side), such as shared printers, work files, etc.
There are a number of VPN products freely available; some are
kernel-level like openswan and can be
fairly difficult to configure. OpenVPN, available at http://openvpn.net/, doesn’t require patching
the kernel and can be extremely straightforward. Configuration is more
difficult if you want to use a lot of its features, but for a quick
client/server VPN, you can be up and running in minutes.
The first step is to install OpenVPN; this can be done either
by compiling from source or installing a package from your vendor (i.e.,
Mandriva, Debian, and others provide OpenVPN packages that are an urpmi or apt-get
Once you’ve installed OpenVPN on the two systems you want to
create a VPN between, you need to determine how to configure them to connect to
each other. The simplest method is to use a static, pre-shared key. This has certain
drawbacks, such as the lack of multiple clients to a server, but for a straight
client/server scenario it works very well. It’s also the easiest setup.
To generate the key, execute:
# openvpn --genkey --secret static.key
This file needs to be on both the client and server, so copy
it via ssh or through some other secure method like a floppy or CD.
On the server, put static.key into a directory special to
OpenVPN, such as /etc/openvpn/. In
this same directory, create a server.conf file. The /etc/openvpn/server.conf file would look like:
ifconfig 10.10.10.1 10.10.10.2
You can use any unused subnet you like instead of the
10.10.10.0 shown above.
On the client, move static.key into /etc/openvpn as well and create /etc/openvpn/client.conf
with the following:
ifconfig 10.10.10.2 10.10.10.1
with the hostname or IP address of the server. Also, ensure that UDP port 1194
is allowed to receive traffic in your firewall rules for both locations.
On the server, start openvpn
# openvpn --config /etc/openvpn/server.conf
And do the same on the client. You now should be able to ping
both machines from each other. If you’re unable to ping, likely one of the
systems isn’t properly allowing UDP port 1194 traffic. You should also be able
to connect to any services that would be permissible on the local LAN.
OpenVPN can be either easy or challenging to configure. One of
its greatest strengths is that it doesn’t require complicated patching and
compiling of the kernel, is cross-platform (there are versions for Windows, OS
X, and other operating systems) and can make for a quick and painless way to connect
one remote machine to another.
Delivered each Tuesday, TechRepublic’s free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!