LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Blogs > arniekat
User Name
Password

Notices


Rate this Entry

Slackware-14.1-Hacks-OpenVPN

Posted 05-25-2014 at 08:45 PM by arniekat

VPNBook is a free VPN Service (Virtual Private Network) which is used to securely route all your Internet Traffic through an encrypted tunnel to keep you safe from prying eyes and hackers. Any information you enter in a browser is encrypted before being sent out to VPNBook's OpenVPN Servers, which then goes out to the Internet from there.

Go to http://whatismyipaddress.com/ to see your current IP Address. You can also google "my ip"
Your IP Address Is: <Local_Address>

Download one of the files from VPNBook http://www.vpnbook.com/

Server #1: Download Euro1 Server OpenVPN Certificate Bundle
Server #2: Download Euro2 Server OpenVPN Certificate Bundle
Server #3: Download UK Server OpenVPN Certificate Bundle (UK VPN - web surfing only; no p2p)
Server #4: Download US Server OpenVPN Certificate Bundle (US VPN - web surfing only; no p2p) VPNBook.com-OpenVPN-US1.zip
All bundles include UDP53, UDP 25000, TCP 80, TCP 443 profiles

For this example, I will use VPNBook.com-OpenVPN-US1.zip. Unzip this file and you will find four files:

vpnbook-us1-tcp80.ovpn
vpnbook-us1-tcp443.ovpn
vpnbook-us1-udp53.ovpn
vpnbook-us1-udp25000.ovpn

Copy these VPNBook OpenVPN Configuration Files to /etc/openvpn/

# ls /etc/openvpn
-rw-r--r-- 1 root root 299 Oct 12 2013 README.TXT
drwxr-x--- 2 root nobody 4096 Oct 12 2013 certs/
drwxr-x--- 2 root nobody 4096 Oct 12 2013 keys/
-rw-r--r-- 1 root root 6942 Jun 11 2007 openvpn.conf.sample
-rw-r--r-- 1 root root 4022 May 25 15:51 vpnbook-us1-tcp443.ovpn
-rw-r--r-- 1 root root 4020 May 25 15:51 vpnbook-us1-tcp80.ovpn
-rw-r--r-- 1 root root 4026 May 25 15:51 vpnbook-us1-udp25000.ovpn
-rw-r--r-- 1 root root 4022 May 25 15:51 vpnbook-us1-udp53.ovpn

Note - Your firewall needs to allow access to the port of the configuration file you are using (i.e. 53, 80, 443, or 25000). If you stick to tcp80 and tcp443, those are the most common ports for Web Traffic and all firewalls allow these ports, otherwise you would not be able to browse the Web. Note that VPNBook changes their password regularly so you have to check their website for the new password or subscribe to password updates via Twitter.

Open a root terminal to run the following command to check that OpenVPN works correctly (you will need to enter the Username and Password manually):

# openvpn --config /etc/openvpn/vpnbook-us1-tcp443.ovpn
Sun May 25 12:45:32 2014 OpenVPN 2.3.2 x86_64-slackware-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Oct 12 2013
Enter Auth Username:vpnbook
Enter Auth Password:stebRa4e
Sun May 25 12:46:00 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun May 25 12:46:00 2014 NOTE: --fast-io is disabled since we are not using UDP
Sun May 25 12:46:00 2014 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sun May 25 12:46:00 2014 Attempting to establish TCP connection with [AF_INET]198.7.62.204:443 [nonblock]
Sun May 25 12:46:01 2014 TCP connection established with [AF_INET]198.7.62.204:443
Sun May 25 12:46:01 2014 TCPv4_CLIENT link local: [undef]
Sun May 25 12:46:01 2014 TCPv4_CLIENT link remote: [AF_INET]198.7.62.204:443
Sun May 25 12:46:01 2014 TLS: Initial packet from [AF_INET]198.7.62.204:443, sid=0cf30853 fd90a8fe
Sun May 25 12:46:01 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun May 25 12:46:03 2014 VERIFY OK: depth=1, C=CH, ST=Zurich, L=Zurich, O=vpnbook.com, OU=IT, CN=vpnbook.com, name=vpnbook.com, emailAddress=admin@vpnbook.com
Sun May 25 12:46:03 2014 VERIFY OK: depth=0, C=CH, ST=Zurich, L=Zurich, O=vpnbook.com, OU=IT, CN=vpnbook.com, name=vpnbook.com, emailAddress=admin@vpnbook.com
Sun May 25 12:46:04 2014 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun May 25 12:46:04 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun May 25 12:46:04 2014 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun May 25 12:46:04 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun May 25 12:46:04 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun May 25 12:46:04 2014 [vpnbook.com] Peer Connection Initiated with [AF_INET]198.7.62.204:443
Sun May 25 12:46:06 2014 SENT CONTROL [vpnbook.com]: 'PUSH_REQUEST' (status=1)
Sun May 25 12:46:06 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.9.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.9.1.14 10.9.1.13'
Sun May 25 12:46:06 2014 OPTIONS IMPORT: timers and/or timeouts modified
Sun May 25 12:46:06 2014 OPTIONS IMPORT: --ifconfig/up options modified
Sun May 25 12:46:06 2014 OPTIONS IMPORT: route options modified
Sun May 25 12:46:06 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun May 25 12:46:06 2014 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=wlan0 HWADDR=a0:f3:c1:32:43:84
Sun May 25 12:46:06 2014 TUN/TAP device tun1 opened
Sun May 25 12:46:06 2014 TUN/TAP TX queue length set to 100
Sun May 25 12:46:06 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun May 25 12:46:06 2014 /usr/sbin/ip link set dev tun1 up mtu 1500
Sun May 25 12:46:06 2014 /usr/sbin/ip addr add dev tun1 local 10.9.1.14 peer 10.9.1.13
Sun May 25 12:46:08 2014 /usr/sbin/ip route add 198.7.62.204/32 via 192.168.1.254
Sun May 25 12:46:08 2014 /usr/sbin/ip route add 0.0.0.0/1 via 10.9.1.13
Sun May 25 12:46:08 2014 /usr/sbin/ip route add 128.0.0.0/1 via 10.9.1.13
Sun May 25 12:46:08 2014 /usr/sbin/ip route add 10.9.0.1/32 via 10.9.1.13
Sun May 25 12:46:08 2014 Initialization Sequence Completed

The Terminal needs to stay active. If you CTRL-C to exit the Terminal, the VPN link is also broken.

Now, open up Mozilla Firefox and go to http://whatismyipaddress.com/ to see your current IP Address.

Your IP Address Is: <Address_In_Europe>

XFCE DESKTOP APPLET

Note - If you use Wicd for your wireless network manager, gopenvpn will work right along with wicd.

http://gopenvpn.sourceforge.net/

There is a GTK Applet called gopenvpn that you can get by cloning a Git repository. Create a working directory and open a Terminal in this directory and clone the source with:

git clone git://gopenvpn.git.sourceforge.net/gitroot/gopenvpn/gopenvpn.git

Create a tar.bz2 file out of the contents and call it gopenvpn-git20120331.tar.bz2

Now, place the following SlackBuild and Slack-desc in the directory with the gopenvpn-git20120331.tar.bz2 and create a Slackware Package that you can install.

GOPENVPN.SLACKBUILD

#!/bin/sh -e

# arniekat revision date 2014/05/25

#Set initial variables:

CWD=$(pwd)
if [ "$TMP" = "" ]; then
TMP=/tmp
fi

# The version which appears in the application's filename
VERSION=git20120331

# If the version conflicts with the Slackware package standard
# The dash character ("-") is not allowed in the VERSION string
# You can set the PKG_VERSION to something else than VERSION
PKG_VERSION=git20120331 # the version which appears in the package name.

ARCH=${ARCH:-x86_64} # the architecture on which you want to build your package

# First digit is the build number, which specifies how many times it has been built.
# Second string is the short form of the authors name, typical three initials:w
BUILD=${BUILD:-2_gsb}

# The application's name
APP=gopenvpn

# The installation directory of the package (where its actual directory
# structure will be created)
PKG=$TMP/package-$APP

if [ "$ARCH" = "i486" ]; then
SLKCFLAGS="-O2 -march=i486 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then
SLKCFLAGS="-O2 -march=i686 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2 -fPIC"
LIBDIRSUFFIX="64"
fi

# Delete the leftover directories if they exist (due to a previous build)
# and (re)create the packaging directory
rm -rf $PKG
mkdir -p $TMP $PKG
rm -rf $TMP/$APP-$VERSION

# Change to the TMP directory
cd $TMP || exit 1

# Extract the application source in TMP
# Note: if your application comes as a tar.bz2, you need tar -jxvf
tar -xjvf $CWD/$APP-$VERSION.tar.bz2 || exit 1

# Change to the application source directory
cd $APP-$VERSION || exit 1

# Change ownership and permissions if necessary
# This may not be needed in some source tarballs, but it never hurts
chown -R root:root .
chmod -R u+w,go+r-w,a-s .

# Run the first command
autoreconf -vi

# Set configure options
# If your app is written in C++, you'll also need to add a line for CXXFLAGS
CFLAGS="$SLKCFLAGS" \
./configure \
--prefix=$PKG/usr \
--sysconfdir=$PKG/etc \
--localstatedir=$PKG/var \
--build=$ARCH-slackware-linux \
--host=$ARCH-slackware-linux

# compile the source, but exit if anything goes wrong
make || exit

# Install everything into the package directory, but exit if anything goes wrong
make install || exit

# Create a directory for documentation
mkdir -p $PKG/usr/doc/$APP-$VERSION

# Copy documentation to the docs directory and fix permissions
cp -a AUTHORS ChangeLog COPYING INSTALL README TODO $PKG/usr/doc/$APP-$VERSION
find $PKG/usr/doc/$APP-$VERSION -type f -exec chmod 644 {} \;

cat $CWD/$APP.SlackBuild > $PKG/usr/doc/$APP-$VERSION/$APP.SlackBuild

# Create the ./install directory and copy the slack-desc into it
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc

# Add doinst.sh to package (if it exists)
if [ -e $CWD/doinst.sh.gz ]; then
zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
fi

# Strip some libraries and binaries
( cd $PKG
find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
)

# Compress man pages if they exist
if [ -d $PKG/usr/man ]; then
( cd $PKG/usr/man
find . -type f -exec gzip -9 {} \;
for i in $(find . -type l) ; do ln -s $(readlink $i).gz $i.gz ; rm $i ; done
)
fi

# Compress info pages if they exist (and remove the dir file)
if [ -d $PKG/usr/info ]; then
gzip -9 $PKG/usr/info/*.info
rm -f $PKG/usr/info/dir
fi

# Build the package
cd $PKG
/sbin/makepkg -l y -c n $TMP/$APP-$PKG_VERSION-$ARCH-$BUILD.tgz

SLACK-DESC

# HOW TO EDIT THIS FILE:
# The "handy ruler" below makes it easier to edit a package description. Line
# up the first '|' above the ':' following the base package name, and the '|' on
# the right side marks the last column you can put a character in. You must make
# exactly 11 lines for the formatting to be correct. It's also customary to
# leave one space after the ':'.

|----handy-ruler------------------------------------------------------|
gopenvpn: Gopenvpn (Sytem Tray Icon for OpenVPN)
gopenvpn:
gopenvpn: Gopenvpn is a System Tray Icon for OpenVPN that functions alongside
gopenvpn: Wicd for a complete Network Management System.
gopenvpn:
gopenvpn:
gopenvpn:
gopenvpn:
gopenvpn:
gopenvpn: http://gopenvpn.sourceforge.net/
gopenvpn:

After you have installed the package, go the the XFce Settings and find the AutoStart Applications. Create a menu entry for GOpenVPN and the command /usr/bin/gopenvpn so it will autostart when the XFce Desktop runs.

After rebooting, you will see an applet for gopenvpn in the System Tool Tray. Right-click on it and you will see the OpenVPN profiles you placed in /etc/openvpn. It searches for any *.conf and *.ovpn files that are in that directory. Select one of them and you will be asked to Authenticate for OpenVPN. Be sure to enter your User Password, not the Root Password. After that, you will be asked to enter the VPNBook Auth Username and Password.

To keep from entering the Name and Password when you want to connect to VPNBook, do the following:

Create a text file in /etc/openvpn with any name you want, in this case vpnbook.txt

Edit the file and put only two pieces of information: The Auth Username and the Auth Password, like so:

# vi /etc/openvpn/vpnbook.txt

vpnbook
stebRa4e

Save the file and exit.

Edit the OpenVPN configuration file that you use to connect to VPNBook, in this case vpnbook-us1-tcp443.ovpn and put the name of the text file you just created after the "auth-user-pass" line. Here is a portion of that section.

persist-key
persist-tun
auth-user-pass vpnbook.txt
comp-lzo
verb 3

Save the file and exit.

NETWORKMANAGER-OPENVPN

Slackware 14.1 comes with NetworkManager-0.9.8.8. If you use NetworkManager, you can go to SlackBuilds.org and download/compile NetworkManager-openvpn-0.9.8.4 which will allow NetworkManager to also manage OpenVPN connections. Just so you know, gopenvpn worked fine with KDE 4.10.5.
Posted in Uncategorized
Views 3700 Comments 1
« Prev     Main     Next »
Total Comments 1

Comments

  1. Old Comment
    For anyone interested and running in autoreconf errors on say current/14.2.....this 'rant' could be very helpful...
    Posted 03-01-2017 at 03:52 PM by brobr brobr is offline
 

  



All times are GMT -5. The time now is 08:55 AM.

Main Menu
Advertisement
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration