E-Bärs Xopedia

User Tools

Site Tools

Trace:
os:linux:tumbleweed:openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
os:linux:tumbleweed:openvpn [2024/07/08 17:48] – created ebaeros:linux:tumbleweed:openvpn [2024/07/08 21:25] (current) ebaer
Line 2: Line 2:
  
 <code bash> <code bash>
-Open a shell, become root and create the VPN secret key:+zypper in easy-rsa 
 +nano /etc/easy-rsa/vars
  
-openvpn --genkey secret /etc/openvpn/secret.key 
-COPY 
-Copy the secret key to your client: 
  
-scp /etc/openvpn/secret.key root@IP_OF_CLIENT:/etc/openvpn/ 
-COPY 
-Create the file /etc/openvpn/server.conf with the following content: 
  
-dev tun +openssl dhparam -out /etc/openvpn/dh2048.pem 2048
-ifconfig IP_OF_SERVER IP_OF_CLIENT +
-secret secret.key +
-COPY +
-Set up a tun device configuration by creating a file called /etc/sysconfig/network/ifcfg-tun0 with the following content:+
  
-STARTMODE='manual' 
-BOOTPROTO='static' 
-TUNNEL='tun' 
-TUNNEL_SET_OWNER='nobody' 
-TUNNEL_SET_GROUP='nobody' 
-LINK_REQUIRED=no 
-PRE_UP_SCRIPT='systemd:openvpn@server' 
-PRE_DOWN_SCRIPT='systemd:openvpn@service' 
-COPY 
-The notation openvpn@server points to the OpenVPN server configuration file located at /etc/openvpn/server.conf. For more information, see /usr/share/doc/packages/openvpn/README.SUSE. 
  
-If you use a firewall, start YaST and open UDP port 1194 (Security and Users › Firewall › Allowed Services).+#Open incoming connections to the server, if you haven't already done it with yast 
 +firewall-cmd --zone=public --add-service openvpn 
  
-Start the OpenVPN server service by setting the tun device to up:+#Add tun0 to trusted zone. Device name may vary depending on how many VPNs and other services like VMs you're running 
 +firewall-cmd --zone=trusted --add-interface tun0 
  
-sudo wicked ifup tun0 +#Enable masquerading 
-COPY +firewall-cmd --zone=trusted --add-masquerade 
-You should see the confirmation:+
  
-tun0            up+#Swap the eth0 for your device or ip that traffic goes out of that you need NAT'd. 
 +firewall-cmd --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
  
 +#once you're happy it's working, save with
 +firewall-cmd --runtime-to-permanent
 </code> </code>
os/linux/tumbleweed/openvpn.1720453738.txt.gz · Last modified: 2024/07/08 17:48 by ebaer
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki