Difference between revisions of "VPN client"

(Created page with "Category:Linux =Introduction= See VPN#Introduction =Client= ==Client files== The client requires: * Authority of certification ca.cert * Client private key...")
 
Line 5: Line 5:
 
=Introduction=
 
=Introduction=
  
See [[VPN#Introduction]]
+
See [[VPN|VPN introduction]]
 
 
  
  

Revision as of 17:19, 8 August 2014



Introduction

See VPN introduction


Client

Client files

The client requires:

  • Authority of certification ca.cert
  • Client private key client.key
  • Client certificate client.crt

Then, you can setup client configuration.


Client configuration

Copy / paste the following configuration - just adjust your path according to your OS and file system:

#################################################
# OpenVPN 2.0 client config                     #
# --------------------------------------------- #
# version 1.0 - April 2011 - Guillaume Diaz
# version 1.2 - June 2013 - Guillaume Diaz
#                           conf update + chroot
#################################################


# OpenVPN configuration
##########################
# Client mode
client
# VPN mode
dev tun
# Protocol
proto udp
# Remote server
remote dev.daxiongmao.eu 8080
# Do not bind to a specific local port number
nobind
# Keep trying indefinitely to resolve the hostname of the OpenVPN server.
resolv-retry infinite
# Compression of data exchange
comp-lzo



# SECURITY
########################
# SSL/TLS root certificate (ca)
# The server and all clients will use the same ca file.
ca "C:\\Apps\\OpenVPN\\config\\ca.crt"
# Client certificate and private key
cert "C:\\Apps\\OpenVPN\\config\\xinxiongmao.crt"
key "C:\\Apps\\OpenVPN\\config\\xinxiongmao.key"


# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody
# Try to preserve some state across restarts.
persist-key
persist-tun

# Encryption of data exchange
cipher AES-128-CBC
# Integrity check
auth MD5
# Control server certificate
ns-cert-type server 


##-- Logs --##
# Set log file verbosity.
verb 4
# Wireless networks often produce a lot of duplicate packets.  
# Set this flag to silence duplicate packet warnings.
mute-replay-warnings
# Silence repeating messages
mute 10


Notes:

You have to edit the configuration file.

  • Adjust paths on lines 30-38
  • On Windows you must you the double slash \\
  • On Linux don’t forget to uncomment the following lines for better security:
# Downgrade privileges after initialization (non-Windows only)
user nobody
group nobody
  • Linux: depending on your distribution you might need to adjust user / group default name.


Software

Linux

Installation

apt-get install openssl openssh-server openvpn


Security

See Firewall VPN



Windows

On windows, many clients are available. The best one for Windows 7 and 8 is: « OpenVPN Connect Client Download for Windows » https://openvpn.net/index.php?option=com_content&id=357

Note: The file must be around 15 Mb.


MacOSX

The best VPN client is “tunnelblick” http://code.google.com/p/tunnelblick

  • Configuration files are in ~/librairies/openvpn
  • That’s the libraries [“bibliothèque”] folder of the current user