Hi Everyone,
I've finally gotten through the adventure of setting up OpenVPN on TinyCore. There were a few convoluted steps here and there that I had to figure out and to save anyone else the trouble I will put everything I did here in this thread.
Anyway, I did a fresh install of Core using the GUI off the TinyCorePlus iso.
Installation instructions can be found here:
http://distro.ibiblio.org/tinycorelinux/install.htmlI setup an FTP server so I can retrieve the client certificates off the machine. (Thanks to robc for his help
http://forum.tinycorelinux.net/index.php/topic,8952.msg48655.html#msg48655)
tce-load -wi vsftpdedit the FTP config file
sudo vi /usr/local/etc/vsftpd.confanonymous_enable=NO
uncomment local_enable=YES and write_enable=YES
sudo vsftpd &At this point you should be able to connect to your ftp server with an FTP client such a Filezilla using your local account credentials on TinyCore
Now we will start setting up OpenVPN...
Install OpenVPN
tce-load -wi openvpnDownload and unpack openvpn's source from their site to get the Easy-RSA tools to make certificate setup easy.
wget http://swupdate.openvpn.org/community/releases/openvpn-2.2.2.tar.gz
tar -zxf openvpn-2.2.2.tar.gz
mv openvpn-2.2.2/easy-rsa easy-rsa
rm -rf openvpn-2.2.2
rm -f openvpn-2.2.2.tar.gz
cd easy-rsa/2.0edit whichopensslcnf, there is a bug not allowing it to see the correct version of openssl.cnf, this edit will fix that
vi whichopensslcnfchange cnf="$1/openssl.cnf" to cnf="$1/openssl-1.0.0.cnf"
remove all lines inside the following if statement
edit vars, we will change the default values for the certificate information so we don't have to type in new values every time we create a certificate.
vi varsthese are the values that need to be changed(at the end of the vars file), the rest can be left alone
KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, KEY_EMAIL, KEY_CN, KEY_NAME, KEY_OU
Now we can start building our certificates
source ./vars
./clean-allCreate the CA Certificate
./build-caFill in the information it asks for(enter for default values)
This file is needed for openVPN, not sure what it actually does, see their site for details.
./build-dhCreate the Server Certificate
./build-key-server --server nameOfYourServerFill in the information it asks for(enter for default values) and enter y for the confirmations to create the server certificate
Create the client certificate(do this step for each computer connecting to the vpn, each name must be unique)
./build-key nameOfYourConnectingComputerFill in the information is asks for(enter for default values) and enter y for the confirmations to create the client certificate
All the keys we just created are stored in the keys folder, let's go back to our home directory
cd ~/We need to create a server.conf file(more info at
http://openvpn.net/index.php/open-source/documentation/howto.html#examples)
vi server.confAdd the following lines to the file(your server cert and key may be named differently):
port 1194
proto udp
dev tun
ca /home/tc/easy-rsa/2.0/keys/ca.crt
cert /home/tc/easy-rsa/2.0/keys/server.crt
key /home/tc/easy-rsa/2.0/keys/server.key
dh /home/tc/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3Now run openvpn server.conf and you should get the message "Initiatialization Sequence Completed"
I'm connecting to the server via a windows machine, but the process is still the same after you have OpenVPN installed on the client computer
Install an FTP client and download the ca.crt, client.crt, client.key files from your TinyCore keys folder and put them in a folder.
You'll need to create a client.conf file, I used the following lines(be sure to change the remote IP to the IP of your TinyCore machine and make the certs point to the files you downloaded off your TinyCore computer)
client
dev tun
proto udp
remote 10.10.1.193 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca C:\\Users\\myuser\\Desktop\\ovpn\\ca.crt
cert C:\\Users\\myuser\\Desktop\\ovpn\\client1.crt
key C:\\Users\\myuser\\Desktop\\ovpn\\client1.key
ns-cert-type server
comp-lzo
verb 3Now run the following comment to start your VPN client
openvpn client.confYou should get the message "Initialization Sequence Completed" letting you know you have successfully connected to your OpenVPN server.
Hope this helps.
Welcome
FAQ
Downloads
Wiki
