[cross post from linux-security]
How to use the ProXPN VPN service under Fedora with OpenVPN. (Created with Fedora 19.) All commands executed as root.
I feel it necessary to break this into two parts: The 'Keys Part' and the 'Config Part'.
First, the initial step and the...
Create a directory for the OpenVPN keys (if it doesn't exist):
Download and extract the ProXPN Mac source. We are only interested in the 'config' directory contained within.
cd /tmp && wget https://www.proxpn.com/proxpn_mac_source.tar.gz
tar -xvf proxpn_mac_source.tar.gz
Into that ProXPN MacOSX/config...
Now we'll copy the certs and key to the OpenVPN keys directory we created earlier, but use a custom name for the client.crt and client.key files (I used 'example' as the custom name in the following command):
cp ca.crt /etc/openvpn/keys/ca.crt && cp client.crt /etc/openvpn/keys/example.crt && cp client.key /etc/openvpn/keys/example.key
The key and certs are now firmly planted, and we'll move on to working out the configuration...
We'll copy the sample OpenVPN client config and place it in /etc/openvpn as 'example.conf':
cp -ai /usr/share/doc/openvpn-*/sample/sample-config-files/client.conf /etc/openvpn/example.conf
Two steps here... Open the 'proxpn.ovpn' file from the Mac 'config' directory we used above (/tmp/MacOSX/config/proxpn.ovpn). Copy the contents of 'proxpn.ovpn' into the '/etc/openvpn/example.conf' file we created in the previous step, replacing all of the sample contents of 'example.conf'.
In our newly propagated 'example.conf', uncomment line 4. Also, if you are a ProXPN subscriber, you can edit this line to reflect another server in another location such as:
- miami.proxpn.com – Miami (the only option for free users)
- uk.proxpn.com - UK
- seattle.proxpn.com – Seattle
- nl.proxpn.com – Netherlands
- sg.proxpn.com - Singapore
- or New York (considered the fastest): 126.96.36.199
(There are others, I believe, though this is enough for me.)
Edit lines 11, 12, and 13 of 'example.conf' to reflect the new path to your certs and key. In this example:
One more thing: Line 21 of example.conf reads 'auth-user-pass'... Change it to 'auth-user-pass passwd'. Save and close.
Now we create the 'passwd' file referenced in the last step.
Open the created 'passwd' file and add two lines: The first line is your ProXPN username (email address), the second line is your password. Save and close.
As an aside, I have two .conf files for ProXPN, one for New York with line 4 reading
...and one for the UK (BBC iPlayer):
remote 188.8.131.52 443
remote uk.proxpn.com 443
Now we'll create a systemd service for our example OpenVPN config (note that I am still using the 'example' nomenclature, please use something else from the beginning to suit your whim):
ln openvpn@.service email@example.com
To start the service and launch our ProXPN/OpenVPN session:
systemctl start firstname.lastname@example.org
To stop it...
systemctl stop email@example.com
To start this ProXPN/OpenVPN service on boot:
systemctl enable firstname.lastname@example.org
And that's it. Please let me know where I went wrong, where improvement lies, or if it works for you or not