Easy launch of the OpenVPN tunnel on a laptop
For the last couple of months I have been traveling in India and I have to connect to the Internet anywhere - in an Internet cafe, through someone's besparolny WiFi, via GPRS. Anticipating this, before leaving home, I decided to set up a VPN for myself up to my server. The choice fell on OpenVPN. Of course, I wanted to start a VPN not through the command line, but conveniently, with one or two mouse clicks. Ubuntu 8.10 was on the laptop, and without thinking twice, I installed the
I decided to use OpenVPN in the pre-shared key mode because it has an important advantage:
And the mentioned plugin just stupidly launches OpenVPN with the parameters hard-coded in the code, without letting you specify the necessary ones. At first I began to write a patch, but then I realized that it was easier to throw out and find an alternative solution.
')
After some searches, a tuntun applet for Gnome was discovered, which works with OpenVPN in a completely different way, using the management interface of the latter.
So, at first I set up OpenVPN on my laptop, then I wrote this config file:
And wrote two scripts. The first,
The second,
Next, the simplest thing is to run OpenVPN on the server and laptop, add a tuntun applet to the gnome panel in a standard way, it will look like this (marked with a mouse pointer):
Then add VPN to tuntun settings (right mouse button → Preferences → Add):
and the result is something like this:
Launch VPN - left mouse button on the applet, then select VPN from the list:
A second click on the desired VPN in the list disconnects.
I will not write about setting up OpenVPN on the other side, since this is beyond the scope of this article.
Who likes, please help with karma - then I will transfer the article to a thematic blog.
network-manager-openvpn package, hoping for simple integration with the network manager. It turned out that this plugin is not suitable for use.I decided to use OpenVPN in the pre-shared key mode because it has an important advantage:
… it is a handshake-free protocol without any distinguishing signature or feature (such as a header or protocol handshake sequence) that would mark the ciphertext packets as being generated by OpenVPN. Anyone eavesdropping on the wire would see nothing but random-looking data. … it is a handshake-free protocol without any distinguishing signature or feature (such as a header or protocol handshake sequence) that would mark the ciphertext packets as being generated by OpenVPN. Anyone eavesdropping on the wire would see nothing but random-looking data. Or, in Russian, encrypted data looks like a random set of bytes and it is impossible to determine what it is.And the mentioned plugin just stupidly launches OpenVPN with the parameters hard-coded in the code, without letting you specify the necessary ones. At first I began to write a patch, but then I realized that it was easier to throw out and find an alternative solution.
')
After some searches, a tuntun applet for Gnome was discovered, which works with OpenVPN in a completely different way, using the management interface of the latter.
So, at first I set up OpenVPN on my laptop, then I wrote this config file:
dev ovpn
dev-type tun
remote 10.10.10.10 5555 udp
nobind
secret /etc/openvpn/vpn.key 1
cipher AES-256-CBC
mlock
link-mtu 500
#mtu-test
mode p2p
ifconfig 192.168.1.2 192.168.1.1
route-up /etc/openvpn/vpn.routeup.sh
comp-lzo
up-delay
down /etc/openvpn/vpn.down.sh
down-pre
persist-key
persist-tun
ping 30
daemon
verb 1
management 127.0.0.1 4444
management-hold
management-signalAnd wrote two scripts. The first,
/etc/openvpn/vpn.routeup.sh , sets the correct routing when the tunnel is raised and writes the local DNS to resolv.conf :#!/bin/sh
vpn="10.10.10.10"
ns="127.0.0.1"
routedown="/etc/openvpn/$dev.routedown.sh"
[ -z "$dev" ] && { echo "should be run by openvpn" >&2; exit 1; }
origgw=`ip route get $vpn |grep ' via ' |sed -re 's/^.*via +([^ ]+).*$/\1/'`
origdev=`ip route get $vpn |grep ' dev ' |sed -re 's/^.*dev +([^ ]+).*$/\1/'`
[ -z "$origdev" ] && { echo "no route to VPN server, something wrong" >&2; exit 1; }
sed -i -e "1 s/^/nameserver $ns # added for OpenVPN\n/" /etc/resolv.conf
if [ -z "$origgw" ]; then
ip route replace $vpn dev $origdev
else
ip route replace $vpn via $origgw dev $origdev
fi
ip route replace default dev $dev
# Assume route to VPN is equal to default route.
if [ -z "$origgw" ]; then
echo "ip route replace default dev $origdev" >$routedown
else
echo "ip route replace default via $origgw dev $origdev" >$routedown
fi
echo "ip route del $vpn" >>$routedown
echo "sed -i -e '/# added for OpenVPN/ d' /etc/resolv.conf" >>$routedown
The second,
/etc/openvpn/vpn.down.sh , returns the routing and DNS to its original state:#!/bin/sh
routedown="/etc/openvpn/$dev.routedown.sh"
if [ -f $routedown ]; then
. $routedown
rm -f $routedown
fi
Next, the simplest thing is to run OpenVPN on the server and laptop, add a tuntun applet to the gnome panel in a standard way, it will look like this (marked with a mouse pointer):
Then add VPN to tuntun settings (right mouse button → Preferences → Add):
and the result is something like this:
Launch VPN - left mouse button on the applet, then select VPN from the list:
A second click on the desired VPN in the list disconnects.
I will not write about setting up OpenVPN on the other side, since this is beyond the scope of this article.
Who likes, please help with karma - then I will transfer the article to a thematic blog.
Source: https://habr.com/ru/post/73915/
All Articles