I have earlier made a
How-To for setting up SecurityKiss VPN on OpenSUSE, but it was GUI based. The GUI way of setting up VPN is fairly same for all providers and there are plenty of tutorials available online.
As users of CentOS 7.5 will know, there is a way to add VPN from the Gnome top menu/Settings. However it supports only L2TP over IPSEC from the GUI. My attempts to import an openvpn configuration file failed repeatedly. If you have found a way too add openVPN connections from GUI on CentOS, please let me know. [Also, no IPSEC vs OpenVPN discussions please]
So, if you have a VPN subscription, (mine is Cyberghost and SecurityKiss), you should have your configuration bundle in your account. Look in your VPN provider's site or contact the customer support.
Here's Cyberghost's to get you started. VPN providers support multiple protocols, some open-sourced, some proprietary. But I have used the openvpn protocol.
The configuration bundle consists of these -
a. An openvpn configuration file, generally ends with '.ovpn' suffix.
b. A Certificate issued by a CA, named ca.crt
c. A certificate to identify the client, named client.crt
d. A private key for the Client, named client.key
The VPN provider should also provide your own username and password to authenticate. This is not the norm everywhere. I have looked through the .ovpn configuration file of both providers and the following directive was found in Cyberghost -
The SecurityKiss config file did not have such a directive and it did not ask for a username/password.
Your OS should have NetworkManager & openvpn installed. Verify with the following -
Code:
yum list installed NetworkManager* openvpn* <--- for CentOS
zypper search --installed-only NetworkManager* openvpn* <--- for OpenSUSE
To create a openvpn tunnel from CLI -
Code:
$ sudo openvpn --config /Path/to/*.ovpn --ca /Path/toca.crt --key /Path/toclient.key --cert /Path/toclient.crt
Based on you VPN provider, you may be challenged to authenticate with a username & passowrd. If all goes well, you should see a new connection called
tun0 such as this -
On
OpenSUSE
Code:
acer-SUSE:~ # ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 00:26:2d:81:68:fb brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether c4:17:fe:c2:51:2f brd ff:ff:ff:ff:ff:ff
inet 192.168.0.7/24 brd 192.168.0.255 scope global noprefixroute dynamic wlan0
valid_lft 82700sec preferred_lft 82700sec
inet6 fe80::4c64:adf4:3b01:348b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
6: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.248.204.42 peer 10.248.204.41/32 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::2a73:6c18:1275:2d6b/64 scope link flags 800
valid_lft forever preferred_lft forever
acer-SUSE:~ # nmcli con show
NAME UUID TYPE DEVICE
GETOWNCONNECTION df639b35-d90b-4751-9a3a-7f8ca72124e0 wifi wlan0
tun0 600db5e5-5794-4277-8d15-0bd605cc5ce6 tun tun0
Wired connection 1 63989c5f-66f7-3921-ba39-908fab527967 ethernet --
On
CentOS 7
Code:
[root@AB-Cent7OS ~]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 1c:1b:0d:c1:07:72 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.12/24 brd 192.168.0.255 scope global noprefixroute dynamic enp0s31f6
valid_lft 83343sec preferred_lft 83343sec
inet6 fe80::33fc:891e:8f86:bded/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: wlp3s1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 18:d6:c7:c6:74:af brd ff:ff:ff:ff:ff:ff
inet 192.168.0.8/24 brd 192.168.0.255 scope global noprefixroute dynamic wlp3s1
valid_lft 83280sec preferred_lft 83280sec
inet6 fe80::9372:a78b:2029:97b6/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:d2:49:78 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:d2:49:78 brd ff:ff:ff:ff:ff:ff
9: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.11.0.242 peer 10.11.0.241/32 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::f030:84a4:1fc9:eb04/64 scope link flags 800
valid_lft forever preferred_lft forever
[root@AB-Cent7OS ~]# nmcli con show
NAME UUID TYPE DEVICE
GETOWNCONNECTION 16f9b28e-aa30-4f51-ad0d-1197869e2c92 wifi wlp3s1
enp0s31f6 6782d3c1-e1be-4102-90f5-024fe97cbb66 ethernet enp0s31f6
tun0 0f319f56-a2b8-402c-a166-6265c22e565d tun tun0
virbr0 48a6894f-6559-4f51-9566-3c179660247a bridge virbr0
GETOWNCONNECTION_2EX 0285d876-aa41-4a89-90af-865b279431e2 wifi --
GJN 21881e86-df5d-491a-a354-93fe7e8c7b03 wifi --
Getownconnection a5907de3-abaa-4ebd-977d-4c086189bb1a wifi --
Getownconnection_2EX caf68d34-ab27-497b-aa93-6ec34d49bcbd wifi --
TP-LINK_ADF6 f6f6121e-4546-4b79-9e6b-154fb6bc02f3 wifi --
edimax.setup 33e63af6-27a1-4e65-be46-f4baed89f459 wifi --
Check out your geolocation on whatismyip(dot)com.
To stop the connection, press 'ctrl+c' on your terminal.
Note 1 - Verified on OpenSUSE Leap 15 & CentOS 7.5
Note 2 - Not endorsing any of the VPN providers that I have mentioned. I am just a happy customer.
Note 3 - It should be possible to make a script that feeds the username & password to the prompt of openvpn. If I get around to make one, I'll update the post.
Note 4 - This works on my machine, your mileage may vary.
Note 5 - It's okay to edit the .ovpn file and put a different IP (of the same provider). Just take care of the protocol used (tcp/udp).
Note 6 - DigitalOcean has a great
tutorial if you want to set-up your own Openvpn server.