Difference between revisions of "VPN client"
| Line 131: | Line 131: | ||
===Windows=== | ===Windows=== | ||
| − | On windows, many clients are available. | + | On windows, many clients are available. The best one, for me, is: « OpenVPN.net Community » |
| − | The best one for | + | https://openvpn.net/index.php/open-source/downloads.html |
| − | https://openvpn.net/index.php | + | * Take the '''Installer (64-bit), Windows XP and later''' |
| + | |||
| + | |||
| + | Then, you have to copy your .OVPN configuration & certificates inside the <code>~/openvpn/config/</code> folder. | ||
| + | |||
| + | |||
| + | To use the VPN: | ||
| + | * Run the OpenVPN client as ''administrator'' ==> right click on the icon ==> ''run as administrator'' | ||
| + | * Right click on the icon close to the system clock ==> ''connect'' | ||
| + | |||
| + | |||
| + | |||
| + | <strong>!! Hint !!</strong> | ||
| + | You can create a 1 click shortcut. | ||
| + | |||
| + | * Edit the default shortcut | ||
| + | * Set '''target''' = <code>C:\apps\OpenVPN\bin\openvpn-gui.exe --connect devDaxiongmao.ovpn</code> | ||
| + | * In '''Compatibility''' tab set the ''run as administrator'' option. | ||
| + | |||
| + | |||
| + | In target the ''--connect'' option allows you to start a specific profile automatically. :-) | ||
| − | |||
Revision as of 11:45, 7 February 2015
Contents
Introduction
See VPN introduction
Client
Client files
The client requires:
- Authority of certification ca.cert
- Client private key client.key
- Client certificate client.crt
Then, you can setup client configuration.
Client configuration
Copy / paste the following configuration - just adjust your path according to your OS and file system:
#################################################
# OpenVPN 2.0 client config #
# --------------------------------------------- #
# version 1.0 - April 2011 - Guillaume Diaz
# version 1.2 - June 2013 - Guillaume Diaz
# conf update + chroot
#################################################
# OpenVPN configuration
##########################
# Client mode
client
# VPN mode
dev tun
# Protocol
proto udp
# Remote server
remote dev.daxiongmao.eu 8080
# Do not bind to a specific local port number
nobind
# Keep trying indefinitely to resolve the hostname of the OpenVPN server.
resolv-retry infinite
# Compression of data exchange
comp-lzo
# SECURITY
########################
# SSL/TLS root certificate (ca)
# The server and all clients will use the same ca file.
ca "C:\\Apps\\OpenVPN\\config\\ca.crt"
# Client certificate and private key
cert "C:\\Apps\\OpenVPN\\config\\xinxiongmao.crt"
key "C:\\Apps\\OpenVPN\\config\\xinxiongmao.key"
# Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# Encryption of data exchange
cipher AES-128-CBC
# Integrity check
auth MD5
# Control server certificate
ns-cert-type server
##-- Logs --##
# Set log file verbosity.
verb 4
# Wireless networks often produce a lot of duplicate packets.
# Set this flag to silence duplicate packet warnings.
mute-replay-warnings
# Silence repeating messages
mute 10
Notes:
You have to edit the configuration file.
- Adjust paths on lines 30-38
- On Windows you must you the double slash \\
- On Linux don’t forget to uncomment the following lines for better security:
# Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup- Linux: depending on your distribution you might need to adjust user / group default name.
Software
Linux
Installation
apt-get install openssl openssh-server openvpn
Security
See Firewall VPN
Windows
On windows, many clients are available. The best one, for me, is: « OpenVPN.net Community » https://openvpn.net/index.php/open-source/downloads.html
- Take the Installer (64-bit), Windows XP and later
Then, you have to copy your .OVPN configuration & certificates inside the ~/openvpn/config/ folder.
To use the VPN:
- Run the OpenVPN client as administrator ==> right click on the icon ==> run as administrator
- Right click on the icon close to the system clock ==> connect
!! Hint !! You can create a 1 click shortcut.
- Edit the default shortcut
- Set target =
C:\apps\OpenVPN\bin\openvpn-gui.exe --connect devDaxiongmao.ovpn - In Compatibility tab set the run as administrator option.
In target the --connect option allows you to start a specific profile automatically. :-)
MacOSX
The best VPN client is “tunnelblick” http://code.google.com/p/tunnelblick
- Configuration files are in ~/librairies/openvpn
- That’s the libraries [“bibliothèque”] folder of the current user
