OpenVPN with Pre-shared Key

From Thomas-Krenn-Wiki
Jump to navigation Jump to search

OpenVPN is a software for setting up Virtual Private Networks (VPN) via encrypted TLS-connection. This article shows how to set up a simple VPN under Ubuntu 12.04 LTS with a static key (Pre-shared Key).

Installation of OpenVPN

OpenVPN is installed on the command line with the following command: 

sudo apt-get install openvpn

Setup

The following setup enables a VPN-connection from a VPN client to a VPN server. The configuration is stored in a file in the /etc/openvpn directory. The key (static.key) is generated with the following command:openvpn --genkey --secret static.key

The Default Port of OpenVPN is 1194/UDP. OpenVPN recommends UDP as transport protocol. If any problems occur, the comment symbol "#" can be removed from the server and client configuration in the configuration below. As a result, the communication is made via TCP.

VPN server

/etc/openvpn/vpn-server.conf: 

dev tun
ifconfig 10.9.0.1 10.9.0.2
secret static.key
#proto tcp-server
keepalive 10 120

VPN client

/etc/openvpn/client.conf: 

remote 203.0.113.5
dev tun
ifconfig 10.9.0.2 10.9.0.1
secret static.key
route 192.168.255.0 255.255.255.0
#proto tcp-client
keepalive 10 120

Example for application of 2-node cluster

The following example shows how to establish two connections from a VPN client to two nodes of a HA Cluster with Linux Containers based on Heartbeat, Pacemaker, DRBD and LXC. The additional routes enable the access on the IPMI interface via both VPNs. The following graphic shows the network development schematically:

Node1

/etc/openvpn/vpn-server.conf: 

dev tun
ifconfig 10.8.0.1 10.8.0.2
secret static.key
#proto tcp-server
keepalive 10 120

Node2

/etc/openvpn/vpn-server.conf: 

dev tun
ifconfig 10.9.0.1 10.9.0.2
secret static.key
#proto tcp-server
keepalive 10 120

Client with access on both nodes

/etc/openvpn/node1.conf: 

remote 203.0.113.4
dev tun
ifconfig 10.8.0.2 10.8.0.1
secret static.key
route 192.168.255.5 255.255.255.255
#proto tcp-client
keepalive 10 120

/etc/openvpn/node2.conf: 

remote 203.0.113.5
dev tun
ifconfig 10.9.0.2 10.9.0.1
secret static.key
route 192.168.255.4 255.255.255.255
#proto tcp-client
keepalive 10 120

More information

Author: Werner Fischer

Werner Fischer, working in the Knowledge Transfer team at Thomas-Krenn, completed his studies of Computer and Media Security at FH Hagenberg in Austria. He is a regular speaker at many conferences like LinuxTag, OSMC, OSDC, LinuxCon, and author for various IT magazines. In his spare time he enjoys playing the piano and training for a good result at the annual Linz marathon relay.


Translator: Alina Ranzinger

Alina has been working at Thomas-Krenn.AG since 2024. After her training as multilingual business assistant, she got her job as assistant of the Product Management and is responsible for the translation of texts and for the organisation of the department.


Related articles

ATA exception Emask
Show article
VDO - Virtual Data Optimizer
Show article
Vim file management of remote hosts with netrw
Show article