Category Archives: vpn

openvpn

1.

TUN/TAP Driver Configuration:

* Linux 2.4 or higher (with integrated TUN/TAP driver):

(1)  make device node:         mknod /dev/net/tun c 10 200
(2a) add to /etc/modules.conf: alias char-major-10-200 tun
(2b) load driver:              modprobe tun
(3)  enable routing:           echo 1 > /proc/sys/net/ipv4/ip_forward

Note that either of steps (2a) or (2b) is sufficient.  While (2a)
only needs to be done once per install, (2b) needs to be done once
per reboot.  If you install from RPM (see above) and use the
openvpn.init script, these steps are taken care of for you.

2. creating keys
cd /usr/local/share/doc/openvpn/easy-rsa/
change ‘vars’ file
./clean-all
./build-ca
./build-key-server server
./build-key client
./build-dh
openvpn --genkey --secret ta.key

keys for server: ca.crt, dh1024.pem, server.crt, server.key, ta.key;
keys for client: ca.crt, dh1024.pem, client.crt, client.key, ta.key

3. server

port 1194
tls-server
proto udp
dev tun
daemon
tls-auth /etc/openvpn/keys/ta.key 0
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
;push "redirect-gateway"
duplicate-cn
keepalive 10 120
verb 3
cipher DES-EDE3-CBC
comp-lzo
max-clients 10
user nobody
group nobody
persist-key
persist-tun
log-append /var/log/openvpn.log

3. client

client
tls-client
proto udp
remote [ip] 1194
dev tun
nobind
persist-key
persist-tun
tls-auth ta.key 1
dh dh1024.pem
ca ca.crt
cert client.crt
key client.key
cipher DES-EDE3-CBC
comp-lzo
verb 3
mute 20

useful links:
openvpn distributive: http://openvpn.net/index.php/downloads.html
openvpn GUI: http://openvpn.se/download.html
http://www.samag.ru/art/08.2004/08.2004_01.pdf – соединение офисов через VPN
http://forum.ixbt.com/topic.cgi?id=14:40906

mpd5

in rc.conf add:
mpd_flags=”-b -s mpd5″

to log all communications with mpd add a logging entry into /etc/syslog.conf:
!mpd5
*.* /var/log/mpd5.log
then:
touch /var/log/mpd5.log
/etc/rc.d/syslogd restart