Geek Freely: openvpn

    Featured Post

    The whole point in this post is to run your own VPN service, and allow you to connect remote devices to your home network.

    To start off yo…

    Showing posts with label openvpn.

    Showing posts with label openvpn.

    The whole point in this post is to run your own VPN service, and allow you to connect remote devices to your home network.

    To start off you need to choose a server that is going to be always available, or at least you should try to do that. Next thing is to install OpenVPN on the server and configure it, this can be done in no time at all with the help of the following site:

    The first command you are going to need to do is as follows:

    This downloads and executes the installation script, I had to run this as sudo, so:

    This script will take you through a variety of questions where you are prompted for entry, in most cases the default option will be appropriate and filled – however if you are running behind a firewall (which you probably will be, I’d like to point out a couple of gotchas).

    The IP address of the local machine should indeed be the local IP, there are other sites that suggest this should be the WAN IP of the server, that’s fine if the server has direct access to the internet – which mine does not, since it is behind the firewall I choose the local IP so it configures the correct interface to be monitoring.

    Next major question is configuring your external IP if you are behind a NAT, honestly you should be using a FQDN and not an IP – check out my previous post on dynu.com options []

    Once you are finished answering the questions you are ready to make client profiles, run the installer again and you will be prompted a variety of options, you are going to want to add a user:

    1) Add a new user

    2) Revoke an existing user

    3) Remove OpenVPN

    4) Exit

    Now that you have OpenVPN server installed in Ubuntu, and a client profile created for your device – all you have to do is setup any port forwarding required to the OpenVPN server.

    So in my case I setup a rule to forward all 1178 (1194 if you followed the default options) UDP VPN requests from my external IP address to the local IP address of the server running OpenVPN. This was done at my cable modem/router.

    That’s it, you’re done. Let me know if you have any questions or comments below – feel free to donate/tip the creator of the script on the following site:

    So as you may have read in earlier posts – I did a complete reinstall of my NAS4Free server and setup all services running on it. Here in this post I will describe the steps required to install OpenVPN on your NAS4Free server, and configure it to start automatically on bootup.

    First let’s determine an appropriate location to install the temporary files for installation:

    setenv PKG_TMPDIR /mnt/Data/tmp/

    Next let’s install all the required components: curl, expect:

    pkg install openvpn

    pkg install curl

    pkg install expect

    Typing the following command will update yourr shell session with the new commands available based on the installed packages:

    rehash

    Move openvpn file so it does not get executed every time thesystem is started, otherwise your boot process will stop and you will be prompted for a username/password.  NAS4Free executes all the files inside “rc.d” folder on startup.

    mkdir /usr/local/etc/openvpn

    mv /usr/local/etc/rc.d/openvpn /usr/local/etc/openvpn/

    Edit startup settings and add OpenVPN support:

    nano /etc/rc.conf

    Add the following:

    openvpn_enable=YES”

    And ONE of the following, this is based on your VPN provider (check the opvn file contents to determine which to use):

    openvpn_if=”tun”

    openvpn_if=”dev”

    Now retrieve the relevant information from your VPN provider: certificates, location, configuration files etc. Rename the certificate (*.crt) and chosen location (*ovpn) to openvpn.crt and openvpn.conf, and copy *.pem file.

    Install certificates (.crt) and location (.ovpn) files:

    mkdir /usr/local/etc/openvpn

    mv openvpn* /usr/local/etc/openvpn/

    mv *.pem /usr/local/etc/openvpn/

    Make sure the certificate authority configuration line (ca) is set to openvpn.crt by editing the following file:

    nano /usr/local/etc/openvpn/openvpn.conf

    Now it’s time to test OpenVPN and make sure you have an appropriate IP.

    /usr/local/etc/openvpn/openvpn start /usr/local/etc/openvpn/

    curl icanhazip.com

    The curl command should return your NAS’ new WAN IP, and this should be different to your regular WAN IP – as it should be now based on the location file you provided.

    Now we need to configure OpenVP to start and connect on startup, so let’s create an auto-sign-on script, and make it executable:

    nano /usr/local/etc/openvpn/autosignon

    chmod +x autosignon

    Paste the following, and edit username and password to match your details, for your VPN provider:

    #!/usr/local/bin/expect -f

    set force_conservative 0

    spawn /usr/local/etc/openvpn/openvpn start /usr/local/etc/openvpn/openvpn.conf

    match_max 100000

    expect -exact “Enter Auth Username:”

    send “YOUR USERNAME”

    send “\r”

    expect -exact “Enter Auth Password:”

    send “YOUR PASSWORD”

    send “\r”

    expect eof

    Add the following command script PreInit (System|Advanced|Command Scripts) via your NAS4Free web interface:

    /usr/local/etc/openvpn/autosignon

    Reboot your machine and you should be automatically connected to your VPN service.

    Set the temporary directory for the packages, as well as the site to fetch packages from (if you are installing onto a 32 bit system change “amd64″ to “i386″):

    setenv PKG_TMPDIR /mnt/Data/Extensions/tmp/

    setenv PACKAGESITE “http://ftp6.us.freebsd.org/pub/FreeBSD-Archive/ports/amd64/packages-9.0-release/Latest/”

    Install OpenVPN:

    pkg_add -rv openvpn

    Move openvpn file so it does not get executed every time when system is being started, otherwise your boot process will get stopped and you will be asked for a username/password.  NAS4Free executes all the files inside “rc.d” folder on startup.

    mv /usr/local/etc/rc.d/openvpn /usr/local/etc/openvpn/

    Install Certificates and .ovpn files.

    mkdir /usr/local/etc/openvpn

    Download your certificates *.crt as well as *.ovpn , rename them to *.crt->openvpn.crt and *.ovpn->openvpn.conf copy them using WinSCP to /usr/local/etc/openvpn/

    Once copied edit the openvpn.conf and you should see something like that:

    client

    dev tun

    proto udp

    remote 11.170.97.173 443 # – Your server IP and OpenVPN Port

    resolv-retry infinite

    nobind

    tun-mtu 1500

    tun-mtu-extra 32

    mssfix 1450

    persist-key

    persist-tun

    ca openvpn.crt

    auth-user-pass

    comp-lzo

    verb 3

    Add the following line to openvpn.conf, so passwords aren’t stored in memory:

    auth-nocache  Don’t use auth-nocache, as renegotiation after timeout will fail.

    Just make sure after “ca” there is openvpn.crt, also check the 2nd line if you have got dev tun or dev tap

    Test OpenVPN connection:

    /usr/local/etc/openvpn/openvpn onestart /usr/local/etc/openvpn/openvpn.conf

    Download the following torrent to make sure your legal torrents are downloaded privately:

    Edit rc.conf to enable OpenVPN.  Open up your NAS’ web interface and head to System > Advanced > rc.conf and add the following variables:P

    openvpn_enable with a value of YES

    openvpn_if with a value of tun or tap depending on the contents of openvpn.conf

    Now we need to make it autostart, so back to SSH:

    pkg_add -r expect

    nano /usr/local/etc/openvpn/autosignon

    In the file just insert:

    #!/usr/local/bin/expect -f

    set force_conservative 0

    spawn /usr/local/etc/openvpn/openvpn start /usr/local/etc/openvpn/openvpn.conf

    match_max 100000

    expect -exact “Enter Auth Username:”

    send — “YOUR USERNAME!\r”

    expect -exact “Enter Auth Password:”

    send — “YOUR PASSWORD!\r”

    expect eof

    Save your changes and make that script executable by running the following command:

    chmod +x autosignon

    AUTOSTART OPENVPN

    In NAS4Free webGUI, navigate to: “System|Advanced|Command scripts” and insert the following start-up command (PreInit):

    /usr/local/etc/openvpn/autosignon

    CONFIGURE FIREWALL

    So this is a bit hit or miss for me, I almost feel like I am having to restart my NAS4Free box before I see the changes from the firewall applied.

    My VPN provider doesn’t have a list anymore for which IPs they assign, so I just have to kinda guess.

    The purpose of the firewall is to provide detection if the event of the VPN service going down, and by protection we mean – no external connection.

    If you wish to test your NAS4Free box IP directly from command line, install curl.

    pkg_add -rv curl

    Then enter the following:

    curl ifconfig.me

    But you can also check your torrent client directly too!

    9/15/2014 Update:  CHange torrent IP tracking address.

    I just bought myself the WNR3500L from Netgear, because it ca be flashed with custom firmware – which is great.  My old buffalo router could do the same, and I used Tomato.

    I decided, new router, new firmware… not such a stunning idea.  My immediate issues with DD-WRT over Tomato:

    Other than these inconveniences I like it, I will update this as I find the time and move forward.  I am sure DD-WRT will become more user friendly, but I expected more from it – especially the way everyone rave about it.  For now I would tell ppl who are looking into these firmwares to go with Tomato.

    Subscribe to:

    Labels

    Blog Archive

    Links

    Leave a Reply

    Your email address will not be published.