Once you have installed OpenVPN, it is time to test it. Make sure the server process is started with service openvpn [re]start. You should see the TUN device with ifconfig. With my config, it shows:
Link: encap:Point-to-Point Protocol Inet addr:192.168.100.1 P-t-P 192.168.100.2.
Now, start up the client OpenVPN service. A file found at D:/Program Files/Openvpn/*.log contains debugging information. With the verb setting, you can elaborate the logging. When you start the client service, the icon in your tray shouts it is connected. Ipconfig /all in a DOSBox shows an IP address on the tap interface, for instance, 192.168.100.10
Ethernet adapter Local Area Connection 8: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Win32 Adapter V8 Physical Address. . . . . . . . . : 00-FF-CF-10-9F-A6 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.100.10 Subnet Mask . . . . . . . . . . . : 255.255.255.252 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 192.168.100.5
print route gives you some routes:
192.168.100.1 255.255.255.255 192.168.100.9 4 1 192.168.100.8 255.255.255.252 192.168.100.10 4 1 192.168.100.10 255.255.255.255 127.0.0.1 127.0.0.1 1 192.168.100.255 255.255.255.255 192.168.100.10 4
Although this all may look quite odd, it works. You now can ping 192.168.100.1; if that succeeds the tunnel is okay. On the server you can see the pings coming in with tcpdump -nlpi tun0. Also, tail -f /var/log/messages supplies some information.
The routes on the server look something like this (netstat -rn) kernel IP routing table:
Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.100.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 188.8.131.52 0.0.0.0 255.255.255.0 U 0 0 0 eth1 172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 184.108.40.206 0.0.0.0 UG 0 0 0 eth1
If all goes well, your connection should be there. If not, check the server routing table and tcpdump the TUN interfaces. You also can use the iptables debug rules.
In this article I have shown a simple setup for a OpenVPN. In real life, the setup will not be much more complex. Although the security implications of any VPN should be well thought-out, setting up OpenVPN turned out to be rather easy. If you do get into trouble, plenty of helping hands can be found on the mailing lists.
OpenVPN is a serious VPN product. It can contend with IPsec in many ways. It certainly is cheap--try buying a Cisco concentrator--easy to install and, in the open-source tradition, tinkerable.
If OpenVPN has a disadvantage, it might be latency. However, no real-life data exists yet to back up that claim.
Webinar: 8 Signs You’re Beyond Cron
On Demand NOW
Join Linux Journal and Pat Cameron, Director of Automation Technology at HelpSystems, as they discuss the eight primary advantages of moving beyond cron job scheduling. In this webinar, you’ll learn about integrating cron with an enterprise scheduler.View Now!
|My Humble Little Game Collection||May 28, 2015|
|New Linux Based OS Brings Internet of Things Closer to Reality||May 27, 2015|
|Non-Linux FOSS: All the Bitcoin, None of the Bloat||May 26, 2015|
|Dr Hjkl on the Command Line||May 21, 2015|
|Initializing and Managing Services in Linux: Past, Present and Future||May 20, 2015|
|Goodbye, Pi. Hello, C.H.I.P.||May 18, 2015|
- My Humble Little Game Collection
- New Linux Based OS Brings Internet of Things Closer to Reality
- Initializing and Managing Services in Linux: Past, Present and Future
- Using Hiera with Puppet
- Non-Linux FOSS: All the Bitcoin, None of the Bloat
- Dr Hjkl on the Command Line
- Infinite BusyBox with systemd
- Goodbye, Pi. Hello, C.H.I.P.
- Gartner Dubs DivvyCloud Cool Cloud Management Vendor
- It's Easier to Ask Forgiveness...