LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General > LinuxQuestions.org Member Success Stories
User Name
Password
LinuxQuestions.org Member Success Stories Just spent four hours configuring your favorite program? Just figured out a Linux problem that has been stumping you for months?
Post your Linux Success Stories here.

Notices


Reply
  Search this Thread
Old 06-23-2018, 06:59 AM   #1
Honest Abe
Member
 
Registered: May 2018
Distribution: CentOS 7, OpenSUSE 15
Posts: 119
Blog Entries: 1

Rep: Reputation: 53
VPN on OpenSUSE & CentOS


I have earlier made a How-To for setting up SecurityKiss VPN on OpenSUSE, but it was GUI based. The GUI way of setting up VPN is fairly same for all providers and there are plenty of tutorials available online.

As users of CentOS 7.5 will know, there is a way to add VPN from the Gnome top menu/Settings. However it supports only L2TP over IPSEC from the GUI. My attempts to import an openvpn configuration file failed repeatedly. If you have found a way too add openVPN connections from GUI on CentOS, please let me know. [Also, no IPSEC vs OpenVPN discussions please]

So, if you have a VPN subscription, (mine is Cyberghost and SecurityKiss), you should have your configuration bundle in your account. Look in your VPN provider's site or contact the customer support. Here's Cyberghost's to get you started. VPN providers support multiple protocols, some open-sourced, some proprietary. But I have used the openvpn protocol.

The configuration bundle consists of these -
a. An openvpn configuration file, generally ends with '.ovpn' suffix.
b. A Certificate issued by a CA, named ca.crt
c. A certificate to identify the client, named client.crt
d. A private key for the Client, named client.key

The VPN provider should also provide your own username and password to authenticate. This is not the norm everywhere. I have looked through the .ovpn configuration file of both providers and the following directive was found in Cyberghost -

Code:
auth-user-pass
The SecurityKiss config file did not have such a directive and it did not ask for a username/password.

Your OS should have NetworkManager & openvpn installed. Verify with the following -
Code:
yum list installed NetworkManager* openvpn*               <--- for CentOS
zypper search --installed-only NetworkManager* openvpn*   <--- for OpenSUSE
To create a openvpn tunnel from CLI -
Code:
$ sudo openvpn --config /Path/to/*.ovpn  --ca /Path/toca.crt --key /Path/toclient.key --cert /Path/toclient.crt
Based on you VPN provider, you may be challenged to authenticate with a username & passowrd. If all goes well, you should see a new connection called tun0 such as this -

On OpenSUSE
Code:
acer-SUSE:~ # ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 00:26:2d:81:68:fb brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether c4:17:fe:c2:51:2f brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.7/24 brd 192.168.0.255 scope global noprefixroute dynamic wlan0
       valid_lft 82700sec preferred_lft 82700sec
    inet6 fe80::4c64:adf4:3b01:348b/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
6: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none 
    inet 10.248.204.42 peer 10.248.204.41/32 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::2a73:6c18:1275:2d6b/64 scope link flags 800 
       valid_lft forever preferred_lft forever
acer-SUSE:~ # nmcli con show
NAME                UUID                                  TYPE      DEVICE 
GETOWNCONNECTION    df639b35-d90b-4751-9a3a-7f8ca72124e0  wifi      wlan0  
tun0                600db5e5-5794-4277-8d15-0bd605cc5ce6  tun       tun0   
Wired connection 1  63989c5f-66f7-3921-ba39-908fab527967  ethernet  --
On CentOS 7
Code:
[root@AB-Cent7OS ~]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 1c:1b:0d:c1:07:72 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.12/24 brd 192.168.0.255 scope global noprefixroute dynamic enp0s31f6
       valid_lft 83343sec preferred_lft 83343sec
    inet6 fe80::33fc:891e:8f86:bded/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: wlp3s1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 18:d6:c7:c6:74:af brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.8/24 brd 192.168.0.255 scope global noprefixroute dynamic wlp3s1
       valid_lft 83280sec preferred_lft 83280sec
    inet6 fe80::9372:a78b:2029:97b6/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:d2:49:78 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:d2:49:78 brd ff:ff:ff:ff:ff:ff
9: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none 
    inet 10.11.0.242 peer 10.11.0.241/32 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::f030:84a4:1fc9:eb04/64 scope link flags 800 
       valid_lft forever preferred_lft forever
[root@AB-Cent7OS ~]# nmcli con show
NAME                  UUID                                  TYPE      DEVICE    
GETOWNCONNECTION      16f9b28e-aa30-4f51-ad0d-1197869e2c92  wifi      wlp3s1    
enp0s31f6             6782d3c1-e1be-4102-90f5-024fe97cbb66  ethernet  enp0s31f6 
tun0                  0f319f56-a2b8-402c-a166-6265c22e565d  tun       tun0      
virbr0                48a6894f-6559-4f51-9566-3c179660247a  bridge    virbr0    
GETOWNCONNECTION_2EX  0285d876-aa41-4a89-90af-865b279431e2  wifi      --        
GJN                   21881e86-df5d-491a-a354-93fe7e8c7b03  wifi      --        
Getownconnection      a5907de3-abaa-4ebd-977d-4c086189bb1a  wifi      --        
Getownconnection_2EX  caf68d34-ab27-497b-aa93-6ec34d49bcbd  wifi      --        
TP-LINK_ADF6          f6f6121e-4546-4b79-9e6b-154fb6bc02f3  wifi      --        
edimax.setup          33e63af6-27a1-4e65-be46-f4baed89f459  wifi      --
Check out your geolocation on whatismyip(dot)com.

To stop the connection, press 'ctrl+c' on your terminal.

Note 1 - Verified on OpenSUSE Leap 15 & CentOS 7.5
Note 2 - Not endorsing any of the VPN providers that I have mentioned. I am just a happy customer.
Note 3 - It should be possible to make a script that feeds the username & password to the prompt of openvpn. If I get around to make one, I'll update the post.
Note 4 - This works on my machine, your mileage may vary.
Note 5 - It's okay to edit the .ovpn file and put a different IP (of the same provider). Just take care of the protocol used (tcp/udp).
Note 6 - DigitalOcean has a great tutorial if you want to set-up your own Openvpn server.

Last edited by Honest Abe; 06-24-2018 at 01:18 AM.
 
Old 06-24-2018, 12:02 PM   #2
Honest Abe
Member
 
Registered: May 2018
Distribution: CentOS 7, OpenSUSE 15
Posts: 119
Blog Entries: 1

Original Poster
Rep: Reputation: 53
Lightbulb

Quote:
Originally Posted by Honest Abe View Post
~
I have looked through the .ovpn configuration file of both providers and the following directive was found in Cyberghost -

Code:
auth-user-pass
~~
Note 3 - It should be possible to make a script that feeds the username & password to the prompt of openvpn. If I get around to make one, I'll update the post.
~
Found it..

Create a file and put your username & password such as -
Code:
yourusername
Topsecretpassword
Open your openvpn config file and append -

Code:
auth-user-pass /path/to/file
Source - here
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How to install & configure Jenkins on CentOS/RHEL/Fedora/openSUSE LXer Syndicated Linux News 0 09-28-2016 11:41 AM
LXer: Install & Configure Icinga2 on CentOS/RHEL/Fedora/openSUSE LXer Syndicated Linux News 0 08-25-2016 05:26 AM
IPSEC VPN in between Cisco Switch & CentOS Linux 6 nishith Linux - Security 1 08-19-2014 08:04 AM
LXer: Install CentOS 5.2 & F9 PV DomUs at OpenSuse 11 Dom0 via local HTTP Server (all LXer Syndicated Linux News 0 10-16-2008 09:30 AM
LXer: Pygrub & loading OpenSuse 11 PV DomUs at Xen 3.3 CentOS 5.2 Dom0 (all 64-bit) LXer Syndicated Linux News 0 09-22-2008 08:00 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General > LinuxQuestions.org Member Success Stories

All times are GMT -5. The time now is 10:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration