Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Gosh-darn-it ... ain't Google a wunnerful thing ...
sundialsvcs I had seen the first post before. But it didn't make sense to me. Thankfully your second post brought it all together for me! :-D Thank you so much. One of the things that confused me was everywhere I'd always see posts referencing <server>.conf files and had no clue where to find those or how to make those. Just to let any future people looking at this post the <server>.ovpn file that a lot of VPN companies are using is the exact same as the <server>.conf file. So here's what I did.
Code:
sudo vi /etc/systemd/system/<server>.service
[Unit]
Description=OpenVPN Robust And Highly Flexible Tunneling Application On <server>
After=syslog.target network.target
[Service]
Type=forking
PIDFile=/var/run/openvpn/TrustZone.pid
ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/<server>.pid --cd <directory of your ovpn or conf file> --config <ovpn or conf filename>
[Install]
WantedBy=multi-user.target
Then just run your standard systemctl start/stop/status <server>
Where is says <server> you can really put anything in to reference your service file.
One other thing I had to do was add a username and password to the ovpn file. In the ovpn files I've seen there is a line for "auth-user-pass" after that put in the path to a file that has the username on the first line and password on the second line. Such as the following:
Code:
vi VPN.ovpn
<search for auth-user-pass>
auth-user-pass /home/user/VPN/VPN_pass.txt
<save and quit>
vi /home/user/VPN/VPN_pass.txt
username
password
<save and quit>
Also be sure to protect those files so that they cannot be easily accessed, if you use (not recommended!!) any sort of "password" (and/or "PSK") in them.
An OpenVPN connection should be protected by digital certificates, and nothing more. Those certificates, e.g. on a mobile machine, can be encrypted with a passphrase to make them harder to steal. (Note: In OpenVPN parlance, a "challenge password" isnot the same thing!) But there should be no "magic words" in any configuration file, and "passwords" should not be the protecter of OpenVPN link security.)
If you intend for the link to be started at boot, don't protect it with a passphrase. There's no security value in doing that.)
If you want to break-in to one of my boxes, there are about 5,120 random bits that you're gonna need to know exactly. (You're gonna have to know quite a few of them just to be given the opportunity to try.) The boxes talk VPN to one another, and every single link is individually and uniquely secured.
Last edited by sundialsvcs; 03-23-2016 at 01:42 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.