Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Generate the master Certificate Authority (CA) certificate & key
In this section we will generate a master CA certificate/key, a server certificate/key, and certificates/keys for 3 separate clients.
For PKI management, we will use a set of scripts bundled with OpenVPN.
If you are using Linux, BSD, or a unix-like OS, open a shell and cd to the easy-rsa subdirectory of the OpenVPN distribution. If you installed OpenVPN from an RPM file, the easy-rsa directory can usually be found in /usr/share/doc/packages/openvpn or /usr/share/doc/openvpn-2.0 (it's best to copy this directory to another location such as /etc/openvpn, before any edits, so that future OpenVPN package upgrades won't overwrite your modifications). If you installed from a .tar.gz file, the easy-rsa directory will be in the top level directory of the expanded source tree.
I have installed using yum install openvpn but cannot find the easy-rsa directory. Any ideas?
locate easy-rsa finds nothing
Remove the `openvpn` package that is already installed. Then add the `dag` repository to yum, and then install `openvpn` again. I have tried it just now and is able to find those directories.
Remove the `openvpn` package that is already installed. Then add the `dag` repository to yum, and then install `openvpn` again. I have tried it just now and is able to find those directories.
Thanks - works now - I'll get that fixed.
For VPN to work, do I need many ports open? Because the client machine will have many different applications using many ports or are they all tunnelled on 1 port?
If 1port, then how can an outgoing 2345 from the client connect to 4000 on another server but with my machine in the middle?
By default, if I am not mistaken, it runs on port 1194. You need to accept incoming connection on that port. You being in the middle, you can port forward the request to the server.
By default, if I am not mistaken, it runs on port 1194. You need to accept incoming connection on that port. You being in the middle, you can port forward the request to the server.
Regards,
--
Prasanta
1/ But how do I know what port connections are coming in on 1194?
For example if the client uses MSN messenger connecting on port 8888, do I have to have 8888 open on my server or only 1194? When my server receives a response from the msn server, do I need 8888 open on incoming and outgoing???? I would need to open every single port for a vpn to work properly?
You need to open only port 1194. In the clients configuration file you can mention the port number. So anyone tries to connect will only hit the mentioned port.
`vars`, `clean-all` scripts does not have executable permissions and hence you are getting the error. Try doing
You need to open only port 1194. In the clients configuration file you can mention the port number. So anyone tries to connect will only hit the mentioned port.
`vars`, `clean-all` scripts does not have executable permissions and hence you are getting the error. Try doing
Code:
. ./clean-all
as you had done for `vars`.
Regards,
--
Prasanta
So, MSN running on port 1080 on the client connects to my VPN via 1194.
What happens to the connection after that point?
My server passes on the request to MSN but how does it receive a response if the port 1080 on my server is not open?
Are you planning to log into the VPN server using MSN? Normally you would have the openvpn client (including software) wherein you specify the server name along with the port.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.