How do you set up OpenVPN?

How do you set up OpenVPN?

Postby wilcal » Oct 4th, '17, 18:55

I would like to ask the members to define here the process they use to use the OpenVPN service on Mageia. Install:

openvpn, networkmanager-openvpn, plasma-applet-nm-openvpn

are all three needed?

MCC -> Network & Internet -> Configure VPN connection -> OpenVPN -> (enter) New Name

Type: x509 Public Key Infrastructure or ?????
PKCS #12: ???? how is this obtained, where is it put?
Certificate Authority (CA): ???? how is this obtained, where is it put?
Certificate: ???? how is this obtained, where is it put?
Key: ???? how is this obtained, where is it put?

Share in as simple a terms the process to set this all up.

Thanks
"DISK BOOT FAILURE - INSERT SYSTEM DISK AND PRESS ENTER"
is my friend
wilcal
 
Posts: 567
Joined: Jun 20th, '11, 02:01
Location: San Diego CA

Re: How do you set up OpenVPN?

Postby wilcal » Oct 4th, '17, 18:57

Assume someone has already gone to:

https://openvpn.net/

and set up an account.
"DISK BOOT FAILURE - INSERT SYSTEM DISK AND PRESS ENTER"
is my friend
wilcal
 
Posts: 567
Joined: Jun 20th, '11, 02:01
Location: San Diego CA

Re: How do you set up OpenVPN?

Postby wintpe » Oct 5th, '17, 14:54

personalty i would stay away from network manager, but everyone knows i hate it and so im biased.

make your own mind up, its netapplet or network manager.

as for setting up openvpn, there are many many many threads that i have commented on, on this subject.

I personaly go to the MCC and simply add a dummy openvpn, by adding a name and then filling all the boxes with rubbish.

this will create a file and entry point in /etc/sysconfig/network-scripts/vpn.d/openvpn named by the name you gave.

populate that file with the sites openvpn settings, look at all the other examples ive given.

heres mine for torguard

Code: Select all
client
dev tun
proto udp
remote nl.torguardvpnaccess.com 1912
resolv-retry infinite
nobind
persist-key
persist-tun
tls-auth /home/peter/OpenVPN-UDP/ta.key 1
auth SHA256
cipher AES-128-CBC
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
fast-io
# Uncomment these directives if you have speed issues
;sndbuf 393216
;rcvbuf 393216
;push "sndbuf 393216"
;push "rcvbuf 393216"
ca /home/peter/OpenVPN-UDP/ca.crt


go into the firewall and disable firewall (choose everything)

then logout and login and whatever network managing tool you use should show that vpn in its vpn dialog, choose it, and if a password was required enter it.

now open a terminal switch user to root, make sure that tun0 has been created , by using the command ifconfig -a

and that it has an ipaddress.

now enable the firewall and when it askes include tun0

thats it all done.

use something like whats my ipaddress search on google and check that your ipaddress is now the vpn providers .

it should not be any of the addresses in ifconfig -a's output.

and lastly consider dns leakage.

make sure you use for dns a provider that is accessable down the vpn, rather than your ISP's dns.

how do you tell.

traceroute 8.8.8.8 for example.

does it bypass the vpn and go sideways through your isp, or does it go via the vpn.

regards peter
Redhat 6 Certified Engineer (RHCE)
Sometimes my posts will sound short, or snappy, however its realy not my intention to offend, so accept my apologies in advance.
wintpe
 
Posts: 1204
Joined: May 22nd, '11, 17:08
Location: Rayleigh,, Essex , UK

Re: How do you set up OpenVPN?

Postby Micromet » Sep 9th, '18, 15:06

Why is it so hard to install VPN in Mageia 6?

Having failed, over several wasted hours, to do this within Mageia 6 (using openVPN and CyberGhost as my provider) by following wintpe instructions with all its script inputs, deletions, even inputting rubbish as he says, I arrived at the point of "failed connection". Having found an online walk-through of the process using Linux Mint 19, I installed Mint in VirtualBox, and despite knowing very little about the Ubuntu way of doing things - within 20 minutes - following the online instructions - I had a running VPN setup.

VPN, with all the security problems around the world, will become increasingly important. So why is installing this in Mageia so difficult, echoing Linux software installation problems of 30 years ago? This is something that requires an easier and more robust solution. Do we need to impress this on Mageia developers ?
Micromet
 
Posts: 50
Joined: Dec 6th, '14, 19:00

Re: How do you set up OpenVPN?

Postby wilcal » Sep 9th, '18, 15:16

Point well taken. Thanks.
"DISK BOOT FAILURE - INSERT SYSTEM DISK AND PRESS ENTER"
is my friend
wilcal
 
Posts: 567
Joined: Jun 20th, '11, 02:01
Location: San Diego CA

Re: How do you set up OpenVPN?

Postby wintpe » Sep 10th, '18, 14:00

I dont actually think this is hard to setup in mageia 6

if it does not work there maybe a reason and however easy the developers make the installation process,

it will still be difficult for you when it does not work if you dont understand whats going on.

i was helping a guy from australia to install expressvpn (which i paid the 100 pounds for a sub to try it) and it simply does not work with mageia or redhat/centos full stop, unless your willing to use there custom made setup script which does horrible things like set your resolv.conf immutable so your off vpn settings wont work.

so using there money back guarrentee got my money back and stuck with torguard which is half the price and simply works.

problem is these vpn providers do non standard things to make them fast that need their propriety setup, and that just wont work with the standard openvpn setup.

mageia provides a simple tool to create a vpn entry thats basic, but my method allows you to up that to a more tailored approach.

I use it for my mobile/mageia laptop/tablet to home and torguard vpn with no problems.

try to understand whats going on , and it might be easier to see why its not working.

that could be anything form:
1. you have missed a step, or misread an instruction
2. standard openvpn not implemented by the service
3: firewall rules/restrictions preventing vpn access
4: network/routing issues in your workstation

so with that ill try and describe again what is needed for openvpn to work, without config specifics. we will use the tun method.

when you open a browser and point it at a web address , the first thing that happens is getent hostname (returns ipaddress), always check that's working first.

next a tcp connection is established via your default route (eth0 for example) to the target ip address , and this may go through multiple gateways to get there.
The data you see is passed back along the route to your browser, and rendered.

when using a vpn tun0 becomes the default route for all traffic other than local.

so your routing table will get updated with an entry for tun0, once the vpn is up.

tun0 is a device so has to be added as a passable device into your firewall rules.

tun0 is a route just like eth0, and can pass multiple concurrent tcp/udp connections.

tun0 is just the end point to an openvpn connection to a target server outside your network, and is very much the same as ssh'ing into that server outside your network. when openvpn starts given a protocol, usually udp and a target ip address it will make a connection with the destination server, and like ssh it can use publickey/privatekey (ssh keys) or like a ssl connection in a web browser to a password protected site it can use certificates.

your browser has those loaded into it, ssh you have to set them up, but for openvpn you must provide a path to them in your config file. The vpn provider will provide you with these, as a downloadable bundle.

if tun0 gets created and the openvpn process stays up then you have most likely succeeded in establishing the link with the target server.

if not something is stopping that connection to the server from being established, so work out why.

try traceroute ipaddresssuppliedbyvpnprovider

if tun0 is up but you cant pass data down it, then it could be a firewall issue in your kernel on your workstation, try disabling it.

try to use traceroute to see where the packets are heading to check that your routing is correct.

traceroute http://www.microsoft.com

should show it going via tun0 through your vpn providers infrastructure and out the other end.

if its going via eth0 or you main nic then routing is not being correctly setup on your workstation, check the routing table with netstat -rn.

also check your dns in resolv.conf and traceroute that.

see what route that takes, if its via your main nic (eth0 for example) then choose another dns server that traceroute goes via the tun0 port.

I hope im helping, the main aim here is to make you self sufficient so dont get frustrated and blame mageia, when it has little to do with mageia why this does not work for you. This is not supposed to be a lecture, but this question comes up so often perhaps it needs a better explanation.

by the way incase its not obvious ill spell it out. to diagnose things in unix (for those who are not 30 year veterans) you need to be root in a terminal , and commands may need to be installed if they are not available in your setup.

regards peter
Redhat 6 Certified Engineer (RHCE)
Sometimes my posts will sound short, or snappy, however its realy not my intention to offend, so accept my apologies in advance.
wintpe
 
Posts: 1204
Joined: May 22nd, '11, 17:08
Location: Rayleigh,, Essex , UK

Re: How do you set up OpenVPN?

Postby Micromet » Sep 10th, '18, 15:44

Thanks Peter but the main stumbling block was that unlike Mint, the Mageia Network Center doesn't seem to have the ability to add a Network Connection of the required type. The Network Center just shows my Wired (Ethernet) connection and advanced options for that connection.
Mint allows a whole range of network connections including Hardware (e.g. Ethernet, Wi-Fi, WiMAX), Virtual(e.g. Bridge, VLAN) and a range of VPN connections (e.g. Cisco Compatible VPN,OpenVPN) which includes the pertinent one i.e. the ability to "Import a saved VPN configuration" that I had created in CyberGhost. At the end of the process I can see from my Mint Network settings that I have a VPN connection up and running.
The problem with Mageia is that I can't even get this far - there is no evident VPN connection - so no point in checking the connection.

Perhaps I should just copy the entries in the Cyberghost created openvpn.ovpn file into the Mageia openvpn file that you suggested be filled initially with rubbish and see where that gets me.
Micromet
 
Posts: 50
Joined: Dec 6th, '14, 19:00

Re: How do you set up OpenVPN?

Postby wintpe » Sep 11th, '18, 09:52

no an ovpn file is not the same as a openvpn.conf file

its a combination of the certificates and the config all in one.

maybe thats something that it could do in the future.

but not a reason to complain about its lack of functionality. It works your just not willing to learn how.

if your using network manager to manage your network (which i dont ) you can use

nmcli connection import type openvpn file /path/to/your.ovpn

to import an ovpn file, which is what mint is actually probably offering you.

but your vpn provider should also offer you the tar bundle of the ca cert and key file separately with the recommended openvpn.conf file for each of their

access points.

torguard does this because they are techies and find it easier to support people who know what they are doing, and their support is excellent.

you can separate a ovpn file into the separate bits if you know what your doing, it is simply a concat of the ca key and cert and config.

so please dont complain about mageia, if mint is more fitting to your way of working, use mint.

regards peter
Redhat 6 Certified Engineer (RHCE)
Sometimes my posts will sound short, or snappy, however its realy not my intention to offend, so accept my apologies in advance.
wintpe
 
Posts: 1204
Joined: May 22nd, '11, 17:08
Location: Rayleigh,, Essex , UK


Return to Networking

Who is online

Users browsing this forum: No registered users and 1 guest