Difference between revisions of "Building a VPN tunnel from scratch"
Jump to navigation
Jump to search
(Created page with "{{{!}} class="wikitable" style="float: right; width: 322px;" border="2" {{!}}+ Proven on: {{!}}- < --="" debian="" --> {{!}} style="text-align: center; width: 60px;" {{!}} [[File:Logo Debian.png{{!}}60px{{!}}link=https://www.debian.org/{{!}}center{{!}}middle{{!}}frameless]] {{!}} style="text-align: center; width: 40px;" {{!}} 13 (trixie) {{!}} <br> {{!}}} {{{!}} class="wikitable" style="border-collapse: collapse; width: 33%; left;" {{!}}- style="text-align: center;...") |
|||
| (7 intermediate revisions by the same user not shown) | |||
| Line 19: | Line 19: | ||
{{!}}} | {{!}}} | ||
<span style="color: rgb(186, 55, 42);" >'''NOTE:'''</span> If you are working on an LXC, [[PVE_LXC_Containers#Using_a_VPN_%28OpenVPN_or_TailScale%29_on_an_LXC{{!}}see this]]. | |||
= Install openvpn = | |||
* <code>sudo apt install openvpn</code> | |||
= On-demand tunnel = | |||
In the following 2 sections: | |||
* '''10.9.8.1''' & '''10.9.8.2''' are arbitrary private IPs | |||
* '''SERVER_IP''' is the NORMAL IP address or name of the machine acting as the server | |||
These commands can be run in the background to create the tunnel when needed. | |||
== On-demand server == | |||
* <code>sudo openvpn --dev tun1 --ifconfig '''10.9.8.1''' '''10.9.8.2'''</code> | |||
in a second terminal: | |||
* <code>ip a</code> | |||
& you should see a <code>tun1</code> entry like: | |||
9: tun1: <pointopoint,multicast,noarp,up,lower_up> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500 | |||
link/none | |||
inet 10.9.8.1 peer 10.9.8.2/32 scope global tun1 | |||
valid_lft forever preferred_lft forever | |||
inet6 fe80::dc71:3707:693c:5017/64 scope link stable-privacy | |||
valid_lft forever preferred_lft forever | |||
== On-demand client == | |||
* <code>sudo openvpn --remote '''SERVER_IP''' --dev tun1 --ifconfig '''10.9.8.2''' '''10.9.8.1'''</code> | |||
in a second terminal: | |||
* <code>ip a</code> | |||
& you should see a <code>tun1</code> entry like: | |||
3: tun1: <pointopoint,multicast,noarp,up,lower_up> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500 | |||
link/none | |||
inet 10.9.8.2 peer 10.9.8.1/32 scope global tun1 | |||
valid_lft forever preferred_lft forever | |||
inet6 fe80::4c39:d598:21b8:2b41/64 scope link stable-privacy | |||
valid_lft forever preferred_lft forever</pointopoint,multicast,noarp,up,lower_up> | |||
= Persistant (on-boot) tunnel = | |||
<span style="color: rgb(128, 0, 128);" data-mce-style="color: #800080;"><big>'''WERKIN ON IT'''</big></span> | |||
== Configure as a server == | |||
== Configure as a client == | |||
= Tips & Notes = | |||
== When running openvpn as a service == | |||
I've discovered that <code>service openvpn restart</code> seems to actually act exactly the same as <code>service openvpn stop</code>. This seems wrong... | |||
In order to RESTART openvpn, it is a 2 step process. | |||
* <code>service openvpn stop</code> | |||
* <code>service openvpn start</code> | |||
Latest revision as of 16:10, 19 September 2025
 |
13 (trixie) |
|
| As always... | |
|---|---|
|
Start with: |
|
NOTE: If you are working on an LXC, see this.
Install openvpn
sudo apt install openvpn
On-demand tunnel
In the following 2 sections:
- 10.9.8.1 & 10.9.8.2 are arbitrary private IPs
- SERVER_IP is the NORMAL IP address or name of the machine acting as the server
These commands can be run in the background to create the tunnel when needed.
On-demand server
sudo openvpn --dev tun1 --ifconfig 10.9.8.1 10.9.8.2
in a second terminal:
ip a
& you should see a tun1 entry like:
9: tun1: <pointopoint,multicast,noarp,up,lower_up> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.9.8.1 peer 10.9.8.2/32 scope global tun1
valid_lft forever preferred_lft forever
inet6 fe80::dc71:3707:693c:5017/64 scope link stable-privacy
valid_lft forever preferred_lft forever
On-demand client
sudo openvpn --remote SERVER_IP --dev tun1 --ifconfig 10.9.8.2 10.9.8.1
in a second terminal:
ip a
& you should see a tun1 entry like:
3: tun1: <pointopoint,multicast,noarp,up,lower_up> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.9.8.2 peer 10.9.8.1/32 scope global tun1
valid_lft forever preferred_lft forever
inet6 fe80::4c39:d598:21b8:2b41/64 scope link stable-privacy
valid_lft forever preferred_lft forever</pointopoint,multicast,noarp,up,lower_up>
Persistant (on-boot) tunnel
WERKIN ON IT
Configure as a server
Configure as a client
Tips & Notes
When running openvpn as a service
I've discovered that service openvpn restart seems to actually act exactly the same as service openvpn stop. This seems wrong...
In order to RESTART openvpn, it is a 2 step process.
service openvpn stopservice openvpn start