OpenVPN setup

edited February 4 in Networking
To check client's service status on the rig when you upload config and it's not working
systemctl status openvpn@client
journalctl -u openvpn@client -e --no-pager -n 100

Just to give you a valid example of my working config
/etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert myservername.crt
key myservername.key
dh dh2048.pem
topology subnet
server 10.4.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log         openvpn.log
verb 3


And the most important client.conf. It should go with certificates files.
client
dev tun
proto udp
remote mysupermegaserver.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
comp-lzo
verb 3


Please note that in config certificates should be named as in the example:
ca ca.crt
cert client.crt
key client.key
You can upload files with any names, but then will be renamed to ca.crt, client.crt, client.key. In this way you will have 1 config for all rigs.

---

Also you can embed your certificates into one file, to client.conf so you file will look like this
client
dev tun
proto udp
remote mysupermegaserver.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
comp-lzo
verb 3

#No need for file names, comment or delete them
#ca ca.crt
#cert client.crt
#key client.key


<ca>
-----BEGIN CERTIFICATE-----
***Paste CA Cert Text Here***
 
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
***Paste Your Cert Text Here***
 
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
***Paste Your Cert Private Key Here***
 
-----END PRIVATE KEY-----
</key>


---

Also if you want TLS Auth then you can embed that key in this way
key-direction 1

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
...tls key...
-----END OpenVPN Static key V1-----
</tls-auth>
Tagged:

Comments

  • -- reserved --
  • Hello, first of all thank you for your work.
    Could you explain detailed how to remote control a rig?
    I'm using one in a different network, so I need to remote access when I reboot.
Sign In or Register to comment.