Michael Keuter inquired how to configure AstLinux to act as a OpenVPN client, rather than an OpenVPN server.
Working with Michael, I wanted to document the process in this brief HOWTO. Intro) AstLinux's standard implementation of OpenVPN is to act as a server, where clients are often mobile PC's using OS X, Linux or Windows. But, what if an AstLinux box needs to act as an OpenVPN client to connect to another AstLinux box acting as the OpenVPN server? Step 1) Download the client credentials from the server box's OpenVPN sub-tab, and securely transfer the resulting zip file to the client box and "unzip" the credentials in the /mnt/kd/openvpn directory. Step 2) The standard OVPN_* variables will be superseded if a /mnt/kd/ openvpn/openvpn.conf files exists. AstLinux OpenVPN Client Configuration: http://lonnie.abelbeck.com/astlinux/openvpn.conf.txt Replace the "remote" IP address line with your OpenVPN server IP address, and make sure the paths to the credentials match the locations from the previous step. Step 3) Using the Network tab -> User System variables {Edit User Variables}, define the following variables... ## Set OVPN_SERVER variable same as your server OVPN_SERVER="10.8.0.0 255.255.255.0" OVPN_DEV="tun1" NONAT="tun1" Step 4) Reboot the client System to apply the changes. The client AstLinux box should be able to access the server AstLinux box. The server's Firewall sub-tab will probably want the following option checked. _X_ Allow OpenVPN tunnel to the [1st LAN Interface] Advanced Tweak: What if you want the client's LAN to be a routable part of the client- server OpenVPN network? Step 1) As with the server, on the client's Firewall sub-tab check the following option. _X_ Allow OpenVPN tunnel to the [1st LAN Interface] Step 2) On the server's OpenVPN sub-tab set... Raw Command: client-config-dir /mnt/kd/openvpn/ccd Raw Command: route 192.168.111.0 255.255.255.0 (assuming 192.168.111.0/24 is the client's 1st LAN Interface) Step 3) In the server's /mnt/kd/openvpn directory, create a "ccd" directory. Then create a text file in ccd with a name matching the CommonName of your client credentials. In that file, add the line iroute 192.168.111.0 255.255.255.0 Step 4) Restart OpenVPN on both the client and server boxes. While not quite point-and-click, an AstLinux system can operate as an OpenVPN client. If this is a popular request, this client configuration could be included via the web interface. Lonnie ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
