Difference between revisions of "OpenVPN notes"
(New page: Category:Engineering This might be of interest Remove the password from an OpenVPN key. Put all user config files in ~/.openvpn. No...) |
|||
Line 13: | Line 13: | ||
== client.conf == | == client.conf == | ||
− | Note that you will have to edit client.conf to set the full path your the ca.crt, client.crt, and client.key files. Unfortunately OpenVPN does not expand ~ notation for the user home directory. Otherwise all users could have the exact same client.conf file. The only difference would be the client.key and client.crt. This seems like a stupid oversight to me that complicates the config process. Perhaps there is some other idiom to handle this problem. Find the following lines in client.conf and replace USERNAME with the username in question: | + | Note that you will have to edit ~/.openvpn/client.conf to set the full path your the ca.crt, client.crt, and client.key files. Unfortunately OpenVPN does not expand ~ notation for the user home directory. Otherwise all users could have the exact same client.conf file. The only difference would be the client.key and client.crt. This seems like a stupid oversight to me that complicates the config process. Perhaps there is some other idiom to handle this problem. Find the following lines in client.conf and replace USERNAME with the username in question: |
<pre> | <pre> | ||
Line 19: | Line 19: | ||
cert /home/USERNAME/.openvpn/client.crt | cert /home/USERNAME/.openvpn/client.crt | ||
key /home/USERNAME/.openvpn/client.key | key /home/USERNAME/.openvpn/client.key | ||
+ | </pre> | ||
+ | |||
+ | You will also want to add up and down hooks in your ~/.openvpn/client.conf for the [http://njr.sabi.net/2005/11/07/alternate-openvpn-os-x-dns-updating-script/ openvpn-dns-config.sh] script that you can drop in ~/.openvpn: | ||
+ | |||
+ | <pre> | ||
+ | up "~/.openvpn/openvpn-dns-config.sh up" | ||
+ | down "~/.openvpn/openvpn-dns-config.sh down" | ||
</pre> | </pre> | ||
Revision as of 06:41, 22 October 2008
This might be of interest Remove the password from an OpenVPN key.
Put all user config files in ~/.openvpn. Note that each user will have their own client.key and client.crt files. The client.conf file will need to be slightly updated for each user.
- client.conf
- ca.crt
- client.crt
- client.key
- openvpn-dns-config.sh
client.conf
Note that you will have to edit ~/.openvpn/client.conf to set the full path your the ca.crt, client.crt, and client.key files. Unfortunately OpenVPN does not expand ~ notation for the user home directory. Otherwise all users could have the exact same client.conf file. The only difference would be the client.key and client.crt. This seems like a stupid oversight to me that complicates the config process. Perhaps there is some other idiom to handle this problem. Find the following lines in client.conf and replace USERNAME with the username in question:
ca /home/USERNAME/.openvpn/ca.crt cert /home/USERNAME/.openvpn/client.crt key /home/USERNAME/.openvpn/client.key
You will also want to add up and down hooks in your ~/.openvpn/client.conf for the openvpn-dns-config.sh script that you can drop in ~/.openvpn:
up "~/.openvpn/openvpn-dns-config.sh up" down "~/.openvpn/openvpn-dns-config.sh down"
VPN startup and shutdown
Add these alias to your .bash_aliases file or wherever you keep them:
alias vpnup='sudo /usr/sbin/openvpn --config ~/.openvpn/client.conf --writepid ~/.openvpn/openvpn.pid --daemon' alias vpndown='sudo kill -INT `cat ~/.openvpn/openvpn.pid`'