Building a VPN tunnel from scratch

From Da Nerd Mage Wiki
Jump to navigation Jump to search
Proven on:
Logo Debian.png
 13 (trixie)


As always...

Start with:

  • sudo apt update
  • sudo apt upgrade

Install openvpn

  • sudo apt install openvpn

On-demand tunnel

In the following 2 sections:

  • 10.9.8.1 & 10.9.8.2 are arbitrary private IPs
  • SERVER_IP is the NORMAL IP address or name of the machine acting as the server

These commands can be run in the background to create the tunnel when needed.

On-demand server

  • sudo openvpn --dev tun1 --ifconfig 10.9.8.1 10.9.8.2

in a second terminal:

  • ip a

& you should see a tun1 entry like: 

9: tun1: <pointopoint,multicast,noarp,up,lower_up> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
   link/none 
   inet 10.9.8.1 peer 10.9.8.2/32 scope global tun1
      valid_lft forever preferred_lft forever
   inet6 fe80::dc71:3707:693c:5017/64 scope link stable-privacy 
      valid_lft forever preferred_lft forever

On-demand client

  • sudo openvpn --remote SERVER_IP --dev tun1 --ifconfig 10.9.8.2 10.9.8.1

in a second terminal:

  • ip a

& you should see a tun1 entry like: 

3: tun1: <pointopoint,multicast,noarp,up,lower_up> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
   link/none 
   inet 10.9.8.2 peer 10.9.8.1/32 scope global tun1
      valid_lft forever preferred_lft forever
   inet6 fe80::4c39:d598:21b8:2b41/64 scope link stable-privacy 
      valid_lft forever preferred_lft forever</pointopoint,multicast,noarp,up,lower_up>

Persistant (on-boot) tunnel

WERKIN ON IT

Configure as a server

Configure as a client

Retrieved from ‘https://wiki.nerdmage.ca/index.php?title=Building_a_VPN_tunnel_from_scratch&oldid=3905