__ __ __
.-----.--.--.----.| |.--.--.--| |.-----.--| | .-----.----.-----.
| -__|_ _| __|| || | | _ || -__| _ |__| _ | _| _ |
|_____|__.__|____||__||_____|_____||_____|_____|__|_____|__| |___ |
by daemonx - member of excluded-team |_____|
VIRTUAL PRIVATE NETWORK INSTALLATION
[..1] What is a Virtual Private Network
[..2] OpenVPN- Installing a Client
[..3] Creating a rudimentary VPN
[..4] Check the Virtual Private Network
[..5] Configure the VPN
[..6] Frequently Asked Questions
- 1. What is a Virtual Private Network -
a virtual private network, also called vpn, is a private network, that
uses another network to send/receive data. vpn are using standard
often insecure protocols. users of a vpn could share data like in a local
area network. the single users don't have to be concretely connected.
a connection of the network is done by a tunnel between client and server.
if you want to read more generally stuff about virtual private networks,
use google (; i'm sure u will find a lot of stuff about vpn's.
- 2. OpenVPN- Installing a Client -
So now i will give you a little how-to installing openvpn for some networks
and some information about virtual private networks.
- Solaris >> # pkgadd -d /path/to/the/package.pkg
- FreeBSD >> # cd /usr/ports/security/openvpn && make install clean
- OpenBSD >> # pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/3.7/packages/i386/openvpn-1.6.0.tgz
- NetBSD >> # cd /usr/pkgsrc/*/openvnp && make install clean clean-depends
- MacOS X >> http://mac.softpedia.com/get/Network-Admin/OpenVPN-GUI.shtml
- Linux >> http://openvpn.net/release/openvpn-2.0.tar.gz, configure make install
- WinXP/2k >> http://openvpn.net/release/openvpn-2.0-install.exe, and *click click*
to build the tunnel, openvpn uses the virtual tun* or tap* of the operating system.
openvpn is using ssl and needs openssl-libraries (http://www.openssl.org/) for the
encryption, authentification and certification. a really good tipp i got by a friend
of me, is to install the libs for the lzo-compression. the usage of the lzo-libs is
better for your connection. very important is also that, if ure using mac os x or
solaris, u have to install tun/tap runtimes.
MacOS X: http://chrisp.de/en/projects/tunnel.html
- 3. Creating a rudimentary VPN -
Okay ladies open a terminal an follow the instructions:
Computer 1: b0x1
Computer 2: b0x2
# openvpn --remote b0x2 --dev tun0 --ifconfig 10.0.0.9 10.0.0.5
# openvpn --remote b0x1 --ifconfig 10.0.0.5 10.0.0.9
- 4. Check the Virtual Private Network -
So lets check out if the tunnel is open:
# ifconfig tun0
tun0: flags:51<UP ... /* if something like this appears
inet 10.0.0.9 --> 10.0.0.5 netmask ... /* everything is okay
# ping -c 5 10.0.0.5 /* so you will see if the ping is transmitted
- 5. Configure the VPN -
at first you have to create a ssl-certificate, after you have done all the
ssl stuff, it is time to write a config file for the vpn:
To activate the compression, you have to add the option comp-lzo
at the end of the config files of both vpn's. Now you have to create the
the opnevpn.up on both computers of the vp network.
/sbin/route/add -net 10.0.0.0 gw $5 netmask 255.255.0.0
this arrange that b0x1 could reach the end of the tunnel (b0x2)
arp -s $5 00:00:d1:1f:3f:f1 peramnent pub
this arrange that b0x2 answer for arp questions of b0x1,
if we don't have this script, b0x1 couldn't reach b0x2.
So now we will finish with creating the openvpn.down file on the
second box (b0x2):
arp -d b0x1
this command delete the arp table entry. and no we will see
if the virtual private network will function...
# openvpn --config /etc/openvpn/openvpn.conf --daemon
so thats it. I hope you got an interesting and maybe helpfull entry
in virtual private networks, if you have questions, problems or refers
please mail me or visit me in the euirc.
- 6. Frequently Asked Questions -
<x01> hey daemon, got an error while installing openvpn, with the lzo libs
<x01> LZO library and not found.
<daemonx> install lzo again:
<daemonx> $ ./configure --with-lzo-headers=/usr/local/include --with-lzo-lib=/usr/local/lib
question: got an error with the config file, with the dh1024.pem
solution: bash-2.05b$ openssl dhparam -out dh1024.pem 1024
- 7. Greets -
ProXy, DNA, Takt, l0om, nixon, flexus, Sirius, XNet, c-shell
and the rest of the excluded- team (:
~openvpn.conf for b0x2~
# cd /etc/openvpn
# vi openvpn.conf
ifconfig 10.0.0.5 10.0.0.9
~openvpn.conf for b0x1~
# cd /etc/openvpn
# vi openvpn.conf
ifconfig 10.0.0.9 10.0.0.5
- do you really believe in terrorists? -