This post is a follow up for OpenVPN: Server Setup on Linux. We will install and configure an OpenVPN client on another Debian Linux machine and will connect to the OpenVPN server that was created earlier.
Install OpenVPN Client
On Debian, the OpenVPN client is the same executable as the server. Therefore we have to install the OpenVPN package on the client machine:
# apt-get update && apt-get install openvpn
OpenVPN Client Configuration
Create a new directory to store logs:
# mkdir /var/log/openvpn
Copy the default client.conf sample configuration file to /etc/openvpn/:
# cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn
We have already copied the client keys for Sandy and the certificate of the CA which was created during the OpenVPN server configuration, and placed them under /etc/openvpn:
# ls -1 /etc/openvpn/ ca.crt client.conf sandy.crt sandy.key
What is left to do is to modify the configuration file to point it to the OpenVPN server. Open and edit the client’s configuration file so it looks similar to the following:
# cat /etc/openvpn/client.conf #specify that we are a client client #using the same settings as we have on the server dev tun proto udp #the hostname/IP and port of the server remote openvpn.example.com 11194 #keep trying indefinitely to resolve the host name of the OpenVPN server resolv-retry infinite #most clients don't need to bind to a specific local port number nobind #downgrade privileges after initialisation (non-Windows only) user nobody group nogroup #try to preserve some state across restarts persist-key persist-tun #full paths to keys and certificates ca /etc/openvpn/ca.crt cert /etc/openvpn/sandy.crt key /etc/openvpn/sandy.key ns-cert-type server #cryptographic cipher, must be the same on the server config file as well cipher AES-256-CBC #the same compression setting as we have on the server comp-lzo #log files log /var/log/openvpn/openvpn.log log-append /var/log/openvpn/openvpn.log #log verbosity verb 3
Start OpenVPN Client
When finished modifying the configuration file, we can start the OpenVPN client service:
# service openvpn start [ ok ] Starting virtual private network daemon: client.
Troubleshooting
Check to make sure that the OpenVPN tun interface is up:
# ifconfig tun
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.26.0.6 P-t-P:10.26.0.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:5948 errors:0 dropped:0 overruns:0 frame:0
TX packets:5948 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:499632 (487.9 KiB) TX bytes:499632 (487.9 KiB)
Check if we can ping the OpenVPN server (ping is allowed on the server):
# ping -c 3 10.26.0.1 PING 10.26.0.1 (10.26.0.1) 56(84) bytes of data. 64 bytes from 10.26.0.1: icmp_req=1 ttl=64 time=0.165 ms 64 bytes from 10.26.0.1: icmp_req=2 ttl=64 time=0.103 ms 64 bytes from 10.26.0.1: icmp_req=3 ttl=64 time=0.116 ms --- 10.26.0.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1999ms rtt min/avg/max/mdev = 0.103/0.128/0.165/0.026 ms
Routing table:
# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 10.1.XY.1 0.0.0.0 UG 0 0 0 eth0 10.1.XY.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.26.0.1 10.26.0.5 255.255.255.255 UGH 0 0 0 tun0 10.26.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0