Convenient launch of the OpenVPN tunnel on a laptop
The last couple of months I’ve been traveling in India and I have to connect to the Internet anywhere — in an Internet cafe, through someone’s passwordless WiFi, through GPRS. Anticipating this, before leaving home I decided to set up a VPN for myself to my server. The choice fell on OpenVPN. Of course, I wanted to start the VPN not through the command line, but conveniently, with one or two clicks of the mouse. Ubuntu 8.10 was on the laptop, and without thinking
I decided to use OpenVPN in the mode of working with static keys (pre-shared key), because it has an important advantage:
And the mentioned plug-in simply stupidly launches OpenVPN with the parameters that are rigidly prescribed in the code, without letting you specify the necessary ones. At first I began to write a patch, but then I realized that it is easier to throw out and find an alternative solution.
After some searches, the tuntun applet for Gnome was discovered , which works with OpenVPN in a completely different way using the latter's control interface.
So, first I installed OpenVPN on my laptop, then I wrote this config:
And he wrote two scripts. The first one
The second
Next, the simplest thing remains: run OpenVPN on the server and laptop, add the tuntun applet to the gnome panel in the standard way, it will look like this (marked with the mouse pointer):

Then add VPN to tuntun settings (right mouse button -> Preferences -> Add):

and the result is something like this:

Starting VPN - left-click on the applet, then select the required VPN from the list:

Repeated click on the desired VPN in the list disconnects.
I will not write about setting up OpenVPN on the other side, because this is beyond the scope of this article.
Who liked it, please help with karma - then I will transfer the article to a thematic blog.
network-manager-openvpn
twice , I installed the package , hoping for simple integration with the network manager. It turned out that this plugin is unusable. I decided to use OpenVPN in the mode of working with static keys (pre-shared key), because it has an important advantage:
… it is a handshake-free protocol without any distinguishing signature or feature (such as a header or protocol handshake sequence) that would mark the ciphertext packets as being generated by OpenVPN. Anyone eavesdropping on the wire would see nothing but random-looking data.
Or, speaking in Russian, the encrypted data looks like a random set of bytes and it is impossible to determine what it is.And the mentioned plug-in simply stupidly launches OpenVPN with the parameters that are rigidly prescribed in the code, without letting you specify the necessary ones. At first I began to write a patch, but then I realized that it is easier to throw out and find an alternative solution.
After some searches, the tuntun applet for Gnome was discovered , which works with OpenVPN in a completely different way using the latter's control interface.
So, first I installed OpenVPN on my laptop, then I wrote this config:
dev ovpn
dev-type tun
remote 10.10.10.10 5555 udp
nobind
secret /etc/openvpn/vpn.key 1
cipher AES-256-CBC
mlock
link-mtu 500
#mtu-test
mode p2p
ifconfig 192.168.1.2 192.168.1.1
route-up /etc/openvpn/vpn.routeup.sh
comp-lzo
up-delay
down /etc/openvpn/vpn.down.sh
down-pre
persist-key
persist-tun
ping 30
daemon
verb 1
management 127.0.0.1 4444
management-hold
management-signal
And he wrote two scripts. The first one
/etc/openvpn/vpn.routeup.sh
, sets the correct routing when raising the tunnel and enters the local DNS in resolv.conf
:#!/bin/sh
vpn="10.10.10.10"
ns="127.0.0.1"
routedown="/etc/openvpn/$dev.routedown.sh"
[ -z "$dev" ] && { echo "should be run by openvpn" >&2; exit 1; }
origgw=`ip route get $vpn |grep ' via ' |sed -re 's/^.*via +([^ ]+).*$/\1/'`
origdev=`ip route get $vpn |grep ' dev ' |sed -re 's/^.*dev +([^ ]+).*$/\1/'`
[ -z "$origdev" ] && { echo "no route to VPN server, something wrong" >&2; exit 1; }
sed -i -e "1 s/^/nameserver $ns # added for OpenVPN\n/" /etc/resolv.conf
if [ -z "$origgw" ]; then
ip route replace $vpn dev $origdev
else
ip route replace $vpn via $origgw dev $origdev
fi
ip route replace default dev $dev
# Assume route to VPN is equal to default route.
if [ -z "$origgw" ]; then
echo "ip route replace default dev $origdev" >$routedown
else
echo "ip route replace default via $origgw dev $origdev" >$routedown
fi
echo "ip route del $vpn" >>$routedown
echo "sed -i -e '/# added for OpenVPN/ d' /etc/resolv.conf" >>$routedown
The second
/etc/openvpn/vpn.down.sh
,, returns routing and DNS to its original state:#!/bin/sh
routedown="/etc/openvpn/$dev.routedown.sh"
if [ -f $routedown ]; then
. $routedown
rm -f $routedown
fi
Next, the simplest thing remains: run OpenVPN on the server and laptop, add the tuntun applet to the gnome panel in the standard way, it will look like this (marked with the mouse pointer):

Then add VPN to tuntun settings (right mouse button -> Preferences -> Add):

and the result is something like this:

Starting VPN - left-click on the applet, then select the required VPN from the list:

Repeated click on the desired VPN in the list disconnects.
I will not write about setting up OpenVPN on the other side, because this is beyond the scope of this article.
Who liked it, please help with karma - then I will transfer the article to a thematic blog.