- Как установить и подключить клиент OpenVPN в Debian
- Прежде чем мы начнем
- Шаг 1 — Установка клиента OpenVPN
- Шаг 2 — Подключитесь к серверу OpenVPN
- Шаг 3 — Проверьте соединение
- Вывод
- OpenVPN 3 Client for Linux
- Installation as Connector for CloudConnexa
- Installation for Debian and Ubuntu
- Important
- Installation for Fedora, Red Hat Enterprise Linux, CentOS, or Scientific Linux
- Note
- Using .ovpn Profile
- Mandatory Commands
- Important
- Note
- Important
- Note
Как установить и подключить клиент OpenVPN в Debian
Клиент используется для подключения к удаленному серверу openvpn. Это руководство поможет вам установить пакеты OpenVPN для клиента в системе Debian. Также подключитесь к удаленному серверу openvpn через командную строку.
Прежде чем мы начнем
Мы предполагаем, что у вас уже есть:
- Работающая система Debian с привилегированным доступом sudo.
- Сервер OpenVPN должен быть запущен в удаленной системе.
- Получите конфигурацию клиента OpenVPN от администратора удаленного хоста.
Шаг 1 — Установка клиента OpenVPN
Пакеты OpenVPN доступны в репозиториях Debian по умолчанию. Откройте терминал в своей системе Debian и обновите кеш Apt в своей системе. После этого установите пакет OpenVPN.
Откройте терминал и выполните команды для установки клиента openvpn в Debian:
sudo apt update sudo apt install openvpn -y
Шаг 2 — Подключитесь к серверу OpenVPN
Скопируйте файл конфигурации клиента openvpn на свой компьютер Debian. Вы можете использовать параметр командной строки –config для предоставления файла конфигурации. Команда прочитает все необходимые данные для создания VPN из этого файла. Выполним следующую команду для подключения к серверу openvpn:
openvpn --config client.ovpn
Вы должны увидеть следующий результат:
Thu Sep 10 12:04:18 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]69.87.218.145:1194 Thu Sep 10 12:04:18 2020 Socket Buffers: R=[212992->212992] S=[212992->212992] Thu Sep 10 12:04:18 2020 UDP link local: (not bound) Thu Sep 10 12:04:18 2020 UDP link remote: [AF_INET]69.87.218.145:1194 Thu Sep 10 12:04:18 2020 TLS: Initial packet from [AF_INET]69.87.218.145:1194, sid=6d27e1cb 524bd8cd Thu Sep 10 12:04:18 2020 VERIFY OK: depth=1, CN=Easy-RSA CA Thu Sep 10 12:04:18 2020 VERIFY OK: depth=0, CN=tecadmin-server Thu Sep 10 12:04:18 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA Thu Sep 10 12:04:18 2020 [tecadmin-server] Peer Connection Initiated with [AF_INET]69.87.218.145:1194 Thu Sep 10 12:04:19 2020 SENT CONTROL [tecadmin-server]: 'PUSH_REQUEST' (status=1) Thu Sep 10 12:04:19 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 20,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: timers and/or timeouts modified Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: --ifconfig/up options modified Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: route options modified
Шаг 3 — Проверьте соединение
После успешного установления соединения новый IP-адрес будет назначен на интерфейсе tun0 сервером OpenVPN. Вы можете проверить это с помощью следующей команды:
4: tun0: mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100 link/none inet 10.8.0.6 peer 10.8.0.5/32 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::7226:57b1:f101:313b/64 scope link stable-privacy valid_lft forever preferred_lft forever
Вы также можете проверить журнал сервера OpenVPN, чтобы проверить статус подключения:
Вы должны увидеть следующий результат:
Thu Sep 10 12:04:18 2020 45.58.34.83:37445 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA Thu Sep 10 12:04:18 2020 45.58.34.83:37445 [client] Peer Connection Initiated with [AF_INET]45.58.34.83:37445 Thu Sep 10 12:04:18 2020 client/45.58.34.83:37445 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled) Thu Sep 10 12:04:18 2020 client/45.58.34.83:37445 MULTI: Learn: 10.8.0.6 -> client/45.58.34.83:37445 Thu Sep 10 12:04:18 2020 client/45.58.34.83:37445 MULTI: primary virtual IP for client/45.58.34.83:37445: 10.8.0.6 Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 PUSH: Received control message: 'PUSH_REQUEST' Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 20,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1) Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 Data Channel: using negotiated cipher 'AES-256-GCM' Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Вывод
Ваша система Debian подключена к удаленному серверу через виртуальную частную сеть. Вы можете получить доступ к системам удаленной сети через локальную сеть.
OpenVPN 3 Client for Linux
The OpenVPN 3 Linux project is a new client built on top of the OpenVPN 3 Core Library, which is also used in the various OpenVPN Connect clients and OpenVPN for Android (need to be enabled via the settings page in the app).
This client is built around a completely different architecture in regard to usage. It builds heavily on D-Bus and allows unprivileged Users to start and manage their own WPC tunnels out-of-the-box. System Administrators wanting more control can also control and restrict this access both by hardening the default OpenVPN 3 D-Bus policy or facilitating features in OpenVPN 3 Linux.
Even though the project name carries “Linux”, it doesn’t mean it is restricted to Linux only. Any platform which has D-Bus available should be capable of running this client in theory. But since D-Bus is most commonly used in Linux environments, this will naturally be the primary focus for the project.
The release notes are stored in git tags in the project git repository. They can also be viewed here: https://github.com/OpenVPN/openvpn3-linux/releases (expand the tag to see the full text).
Installation as Connector for CloudConnexa
Installation of CloudConnexa 3 client as a Connector for CloudConnexa Host or Network has been simplified and documented here.
Installation for Debian and Ubuntu
Follow these steps in order to install OpenVPN 3 Client on Linux for Debian and Ubuntu:
- Open the Terminal by pressing ctrl + alt + T .
- Type the following command into the Terminal: sudo wget https://swupdate.openvpn.net/repos/openvpn-repo-pkg-key.pub . This will install the OpenVPN repository key used by the OpenVPN 3 Linux packages.
- Type the following command into the Terminal: curl -fsSL https://swupdate.openvpn.net/repos/openvpn-repo-pkg-key.pub | gpg —dearmor | sudo tee /etc/apt/trusted.gpg.d/openvpn-repo-pkg-keyring.gpg . This will install the OpenVPN repository key used by the OpenVPN 3 Linux packages.
- Type the following command into the Terminal: DISTRO=$(lsb_release -c | awk ») . This will detect the OS distribution and will be automatically used in the next command.
Important
It is recommended to be cautious of the distribution and release you are running. Distribution and version should preferably be retrieved using the hostnamectl command, where the user needs to link the Operating System field with the supported distros table.
Distribution
Release name ($DISTRO)
Installation for Fedora, Red Hat Enterprise Linux, CentOS, or Scientific Linux
Packages for these distributions are provided via a Fedora Copr repository. Supported versions:
Distribution
Release versions
Red Hat Enterprise Linux / CentOS
In order to install the OpenVPN 3 Client for Fedora , Red Hat Enterprise Linux , CentOS , or Scientific Linux , follow the steps below:
- Open Terminal by typing terminal into the search bar.
- If you are running Red Hat Enterprise Linux or its clones, you need to install the Fedora EPEL repository first. Here is the list of commands for each version: (The original article on Fedora EPEL can be found here). RHEL/CentOS 6 : sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm RHEL/CentOS 7 : sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm On RHEL 7 it is recommended to also enable the optional, extras , and HA repositories since EPEL packages may depend on packages from these repositories: sudo subscription-manager repos —enable «rhel-*-optional-rpms» —enable «rhel-*-extras-rpms» —enable «rhel-ha-for-rhel-*-server-rpms RHEL/CentOS 8 : sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm On RHEL 8 it is required to also enable the codeready-builder-for-rhel-8-$-rpms repository since EPEL packages may depend on packages from it: sudo ARCH=$( /bin/arch ) followed by sudo subscription-manager repos —enable «codeready-builder-for-rhel-8-$-rpms On CentOS 8 it is recommended to also enable the PowerTools repository since EPEL packages may depend on packages from it: sudo dnf config-manager —set-enabled PowerTools
- You need to install the yum copr module first by running the following command: sudo yum install yum-plugin-copr .
Note
Using .ovpn Profile
Please note that by this point you should have downloaded a .ovpn Profile to your machine.
Mandatory Commands
- In order to start a one-shot configuration Profile, type the following command into the Terminal: openvpn3 session-start —config $ .
Important
A » one-shot configuration Profile » means that the configuration file is parsed, loaded, and deleted from the configuration manager as soon as the WPC session has been started. No configuration file is available for re-use after this approach. This is achieved by giving the configuration file to the openvpn3 session-start command directly.
Note
Using this approach, an imported configuration file can be used several times, and access to the configuration file itself is not needed to start WPC tunnels. By default, configuration profiles imported are only available to the User who imported the configuration file. But OpenVPN 3 Linux also provides an Access Control List feature via openvpn3 config-acl to grant access to specific or all Users on the system.
Important
This loads the configuration Profile and stores it in memory-only . That means, if the system is rebooted, the configuration Profile is not preserved. If the –persistent argument is added to the command line above, the configuration Profile will be saved to disk in a directory only accessible by the CloudConnexa User. Whenever the Configuration Manager is started, configuration files imported with –persistent will be automatically loaded as well.
Note
When a configuration Profile is available via openvpn3 configs-list , it can easily be started via openvpn3 session-start using the configuration Profile name (typically the filename used during the import)