Главная » Linux

Openvpn ��������� ������� linux

Содержание
  1. Connecting to Access Server with Linux
  2. Client software choice
  3. Linux Packages Discussed
  4. OpenVPN 3 Linux Client
  5. OpenVPN open source OpenVPN CLI program
  6. Ubuntu network management program
  7. OpenVPN 3 Client for Linux
  8. Background
  9. Installation as Connector for OpenVPN Cloud
  10. Installation for Debian and Ubuntu
  11. Installation for Fedora, Red Hat Enterprise Linux, CentOS, or Scientific Linux
  12. Using .ovpn Profile
  13. Mandatory Commands
  14. Optional Commands
  15. Managing a Running Session
  16. Changing the OpenVPN Profile of an Autoloading VPN Session

Connecting to Access Server with Linux

Client software choice

Connecting to OpenVPN Access Server from Linux requires a client program. It will capture the traffic you wish to send through the OpenVPN tunnel, encrypting it and passing it to the OpenVPN server. And of course, the reverse, to decrypt the return traffic.

Linux Packages Discussed

OpenVPN Access Server openvpn-as
OpenVPN 3 Linux Client openvpn3
OpenVPN open source openvpn

OpenVPN 3 Linux Client

The OpenVPN 3 Linux project is a new client built on top of the OpenVPN 3 Core Library. This client is the official OpenVPN Linux Client program. You can find an overview of the features, frequently asked questions, and instructions on installing the openvpn3 package on our OpenVPN 3 for Linux site.

After following the instructions there to install the client, you’ll need a connection profile. This is a file generated by your OpenVPN Access Server installation for your specific user account. It contains the required certificates and connection settings. Go to the Client web interface of your Access Server (the main address, not the /admin portion). Log in with your user credentials. You will be shown a list of files available to download. Pick the user-locked profile or the auto-login profile, and you will be sent a client.ovpn file. Save this file to your Linux operating system.

Once you’ve moved the file to your Linux system, you can import it.

You can start a new VPN session:

You can manage a running VPN session:

And so on. More details can be found here: OpenVPN3Linux.

OpenVPN open source OpenVPN CLI program

The open source project client program can also connect to the Access Server. The package is available in most distributions and is known simply as openvpn. It supports the option to connect to multiple OpenVPN servers simultaneously, and it comes with a service component that can automatically and silently start any auto-login profiles it finds in the /etc/openvpn folder, even before a user has logged in. This service component can be set to automatically start at boot time with the tools available in your Linux distribution if supported. On Ubuntu and Debian, when you install the openvpn package, it is automatically configured to start at boot time.

To install the OpenVPN client on Linux, it is possible in many cases to just use the version that is in the software repository for the Linux distribution itself. If you run into any connectivity problems when using outdated software, it may be due to a possible lack of support for higher TLS versions in older versions of OpenVPN. Follow the instructions found on the open source openvpn community wiki if you wish to install the OpenVPN client on your Linux system.

After installing, you will need a connection profile. This is a file generated by your OpenVPN Access Server installation for your specific user account. It contains the required certificates and connection settings. Go to the Client web interface of your Access Server (the main address, not the /admin portion). Log in with your user credentials. You will be shown a list of files available to you for download. Pick the user-locked profile or the auto-login profile, and you will be sent a client.ovpn file. Save this file to your Linux operating system somewhere. OpenVPN Access Server supports server-locked, user-locked, and auto-login profiles, but the OpenVPN command line client is only able to connect with user-locked or auto-login connection profiles.

We are assuming you are going to start the connection through either the command line as a root user, or via the service daemon. If you want unprivileged users to be able to make a connection, take a look at the community wiki for more information on how to implement that. Here we are going to focus on the simplest implementation; run the connection as root user directly, or via the service daemon.

Читайте также:  Linux выполнение нескольких команд по очереди

Start a connection with an auto-login profile manually:

Start a connection with a user-locked profile manually:

If you use Google Authenticator or another extra factor authentication, add the auth-retry parameter:

To start an auto-login connection via the service daemon, place client.ovpn in /etc/openvpn/ and rename the file. It must end with .conf as file extension. Ensure the service daemon is enabled to run after a reboot, and then simply reboot the system. The auto-login type profile will be picked up automatically and the connection will start itself. You can verify this by checking the output of the ifconfig command; you should see a tun0 network adapter in the list.

One major feature that is missing with the command line client is the ability to automatically implement DNS servers that are pushed by the VPN server. It is possible, but it requires you to install a DNS management program such as resolvconf or openresolv, and it may or may not clash with existing network management software in your OS. The idea here, however, is that you use a script that runs when the connection goes up, and when it goes down, that uses resolvconf or openresolv to implement the DNS servers for you. The reason why this client is not able to manage it completely by itself is mainly because in an operating system like Windows, Macintosh, Android, or iOS, there is already an established single method of handling DNS management. It is therefore easy for us to create a software client for those operating systems that already knows how to handle DNS. But Linux is available in so many variations and also supports different programs and methods of implementing DNS servers, and so it was only reasonable to leave built-in DNS support out of the OpenVPN program and instead to provide, where possible, a script that handles DNS implementation. Such a script could even be written by yourself to do whatever tasks are necessary to implement the DNS servers in your unique situation.

Fortunately on Ubuntu and Debian, for example, there is the /etc/openvpn/update-resolv-conf script that comes with the openvpn package that handles DNS implementation for these operating systems. You need only to activate the use of these by following the instructions:

Open your client.ovpn file in a text editor:

At the very bottom simply add these lines:

The first line enables the use of external scripts to handle the DNS implementation tasks. The up and down lines are there to implement DNS servers pushed by the VPN server when the connection goes up, and afterwards to undo it, when the connection goes down.

Ubuntu network management program

There is also the option of connecting through the GUI using the openvpn extension for the Gnome network manager plugin. But this is currently a bit tricky to set up. There is for example the incorrect assumption that all VPNs will be able to redirect Internet traffic, and older versions might not understand the .ovpn file format, requiring you to split up the certificate embedded in it into separate file. And you would likely have to dig into the options to ensure that a default Internet traffic route going through the VPN server is not always enabled by default, especially for servers where you only give access to some internal resources, and not the entire Internet. However the advantage of using the GUI component is that you can start/stop the connection from the desktop environment on Linux.

Источник

OpenVPN 3 Client for Linux

Background

The OpenVPN 3 Linux project is a new client built on top of the OpenVPN 3 Core Library, which is also used in the various OpenVPN Connect clients and OpenVPN for Android (need to be enabled via the settings page in the app).

This client is built around a completely different architecture in regards to usage. It builds heavily on D-Bus and allows unprivileged users to start and manage their own VPN tunnels out-of-the-box. System administrators wanting more control can also control and restrict this access both by hardening the default OpenVPN 3 D-Bus policy or facilitating features in OpenVPN 3 Linux.

Читайте также:  Установка вайбер для windows

Even though the project name carries “Linux”, it doesn’t mean it is restricted to Linux only. Any platform which has D-Bus available should be capable of running this client in theory. But since D-Bus is most commonly used in Linux environments, this will naturally be the primary focus for the project.

The release notes are stored in git tags in the project git repository. They can also be viewed here: https://github.com/OpenVPN/openvpn3-linux/releases (expand the tag to see the full text)

Installation as Connector for OpenVPN Cloud

Installation of OpenVPN 3 client as a Connector for OpenVPN Cloud Host or Network has been simplified and documented here.

Installation for Debian and Ubuntu

Follow these steps in order to install OpenVPN 3 Client on Linux for Debian and Ubuntu:

Open the Terminal by pressing ctrl + alt + T

Type the following command into the Terminal: sudo apt install apt-transport-https . This is done to ensure that your apt supports the https transport. Enter the root password as prompted

Type the following command into the Terminal: sudo wget https://swupdate.openvpn.net/repos/openvpn-repo-pkg-key.pub . This will install the OpenVPN repository key used by the OpenVPN 3 Linux packages

Type the following command into the Terminal: sudo apt-key add openvpn-repo-pkg-key.pub

Type the following command into the Terminal: sudo wget -O /etc/apt/sources.list.d/openvpn3.list https://swupdate.openvpn.net/community/openvpn3/repos/openvpn3-$DISTRO.list . This will install the proper repository. Replace $DISTRO with the release name depending on your Debian/Ubuntu distribution (the table of release names for each distribution can be found below). In this case, focal is chosen since Ubuntu 20.04 is used

Type the following command into the Terminal: sudo apt update

Type the following command into the Terminal: sudo apt install openvpn3 . This will finally install the OpenVPN 3 package

Distribution Release Release name ($DISTRO)
Debian 9 stretch
Debian 10 buster
Ubuntu 16.04 xenial
Ubuntu 18.04 bionic
Ubuntu 19.10 eoan
Ubuntu 20.04 focal

Installation for Fedora, Red Hat Enterprise Linux, CentOS, or Scientific Linux

Packages for these distributions are provided via a Fedora Copr repository. Supported versions:

Distribution Release versions
Fedora 30, 31, 32
Red Hat Enterprise Linux / CentOS 7, 8

In order to install the OpenVPN 3 Client for Fedora, Red Hat Enterprise Linux, CentOS, or Scientific Linux, follow the steps below:

  1. Open Terminal by typing terminal into the search bar
  2. If you are running Red Hat Enterprise Linux or its clones, you need to install the Fedora EPEL repository first. Here is the list of commands for each version:
    (The original article on Fedora EPEL can be found here)
    RHEL/CentOS 6: sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
    RHEL/CentOS 7: sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
    On RHEL 7 it is recommended to also enable the optional, extras, and HA repositories since EPEL packages may depend on packages from these repositories: sudo subscription-manager repos —enable «rhel-*-optional-rpms» —enable «rhel-*-extras-rpms» —enable «rhel-ha-for-rhel-*-server-rpms»
    RHEL/CentOS 8: sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
    On RHEL 8 it is required to also enable the codeready-builder-for-rhel-8-$-rpms repository since EPEL packages may depend on packages from it: sudo ARCH=$( /bin/arch ) followed by sudo subscription-manager repos —enable «codeready-builder-for-rhel-8-$-rpms»
    On CentOS 8 it is recommended to also enable the PowerTools repository since EPEL packages may depend on packages from it: sudo dnf config-manager —set-enabled PowerTools
  3. You need to install the yum copr module first by running the following command: sudo yum install yum-plugin-copr . Note: Fedora releases usually have the yum/dnf copr module preinstalled.
  4. With the Copr module available, it is time to enable the OpenVPN 3 Copr repository by running the following command: sudo yum copr enable dsommers/openvpn3
  5. Finally, the OpenVPN 3 Linux client can be installed by running the following command: sudo yum install openvpn3-client

Using .ovpn Profile

Please note that by this point you should have downloaded a .ovpn profile to your machine.

Mandatory Commands

In order to start a one-shot configuration profile, type the following command into the Terminal: openvpn3 session-start —config $. Important: a «one-shot configuration profile» means that the configuration file is parsed, loaded, and deleted from the configuration manager as soon as the VPN session has been attempted started. No configuration file is available for re-use after this approach. This is achieved by giving the configuration file to the openvpn3 session-start command directly.

In order to import a configuration file for re-use and start a VPN session, type the following command into the Terminal: openvpn3 config-import —config $ . Note: using this approach, an imported configuration file can be used several times, and access to the configuration file itself is not needed to start VPN tunnels. By default, configuration profiles imported are only available to the user who imported the configuration file. But OpenVPN 3 Linux also provides an Access Control List feature via openvpn3 config-acl to grant access to specific or all users on the system. Important: this loads the configuration profile and stores it in memory-only. That means, if the system is rebooted, the configuration profile is not preserved. If the –persistent argument is added to the command line above, the configuration profile will be saved to disk in a directory only accessible by the OpenVPN user. Whenever the Configuration Manager is started, configuration files imported with –persistent will be automatically loaded as well.

In order to start a new VPN session from an imported configuration profile, run the following command: openvpn3 session-start —config $ . Note: When a configuration profile is available via openvpn3 configs-list, it can easily be started via openvpn3 session-start using the configuration profile name (typically the filename used during the import)

Optional Commands

  1. To list all available configuration profiles, run this command: openvpn3 configs-list . Important: a configuration file typically contains generic options to be able to connect to a specific server, regardless of the device itself. OpenVPN 3 Linux also supports setting more host-specific settings on a configuration profile as well. This is handled via the `openvpn3 config-manage` interface. Any settings here will also be preserved across boots if the configuration profile was imported with the —persistent argument.
  2. Note that it is possible to use the D-Bus path to the configuration profile: openvpn3 session-start —config-path /net/openvpn/v3/configuration/. . Note: in either of these cases is it necessary to have access to the configuration profile on disk. As long as configuration profiles are available via openvpn3 configs-list , all needed to start a VPN session should be present.

Managing a Running Session

  1. Once a VPN session has started, it should be seen in the session list: openvpn3 sessions-list
  2. Using the openvpn3 session-manage there are a few things which can be done, but most typically it is the –disconnect or –restart alternatives which are most commonly used. openvpn3 session-manage —config $ —restart . This disconnects and re-connects to the server again, re-establishing the connection. The $ is the configuration name as displayed in openvpn3 sessions-list
  3. It is also possible to use the D-Bus path to the session as well: openvpn3 session-manage —session-path /net/openvpn/v3/sessions/. —disconnect . This command above will disconnect a running session. Once this operation has completed, it will be removed from the openvpn3 sessions-list overview. Important: you will be able to start a new session with this or another OpenVPN profile only after you have disconnected from the current session using the command in this step
  4. It is also possible to retrieve real-time tunnel statistics from running sessions: openvpn3 session-stats —config $ or openvpn3 session-stats —session-path /net/openvpn/v3/sessions/.
  5. And to retrieve real-time log events as they occur, run the following command: openvpn3 log —config $. This might be quite silent, as it does not provide any log events from the past. Issue an openvpn3 session-manage –restart from a different terminal, and log events will occur. You may want to boost the log-level with –log-level 6. Valid log levels are from 0 to 6, where 6 is the most verbose. Note: VPN sessions are also owned by the user which started it. But the Session Manager also provides its own Access Control List feature via openvpn3 session-acl

Changing the OpenVPN Profile of an Autoloading VPN Session

Please note that every time you start a session, it will load automatically on the system start-up. In order to change the profile of an OpenVPN Session that is autoloaded, follow the steps below:

Источник

Читайте также:  Windows просит ввести код активации
Оцените статью
© 2024 Советы по настройке компьютера