Tiny Core Linux
Tiny Core Base => Micro Core => Topic started by: nvrnight on August 01, 2012, 05:58:40 PM
-
Hi Everyone,
I've finally gotten through the adventure of setting up OpenVPN on TinyCore. There were a few convoluted steps here and there that I had to figure out and to save anyone else the trouble I will put everything I did here in this thread.
Anyway, I did a fresh install of Core using the GUI off the TinyCorePlus iso.
Installation instructions can be found here: http://distro.ibiblio.org/tinycorelinux/install.html
I setup an FTP server so I can retrieve the client certificates off the machine. (Thanks to robc for his help http://forum.tinycorelinux.net/index.php/topic,8952.msg48655.html#msg48655)
tce-load -wi vsftpd
edit the FTP config file
sudo vi /usr/local/etc/vsftpd.confanonymous_enable=NO
uncomment local_enable=YES and write_enable=YES
sudo vsftpd &
At this point you should be able to connect to your ftp server with an FTP client such a Filezilla using your local account credentials on TinyCore
Now we will start setting up OpenVPN...
Install OpenVPN
tce-load -wi openvpn
Download and unpack openvpn's source from their site to get the Easy-RSA tools to make certificate setup easy.
wget http://swupdate.openvpn.org/community/releases/openvpn-2.2.2.tar.gz
tar -zxf openvpn-2.2.2.tar.gz
mv openvpn-2.2.2/easy-rsa easy-rsa
rm -rf openvpn-2.2.2
rm -f openvpn-2.2.2.tar.gz
cd easy-rsa/2.0
edit whichopensslcnf, there is a bug not allowing it to see the correct version of openssl.cnf, this edit will fix that
vi whichopensslcnfchange cnf="$1/openssl.cnf" to cnf="$1/openssl-1.0.0.cnf"
remove all lines inside the following if statement
edit vars, we will change the default values for the certificate information so we don't have to type in new values every time we create a certificate.
vi vars
these are the values that need to be changed(at the end of the vars file), the rest can be left alone
KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, KEY_EMAIL, KEY_CN, KEY_NAME, KEY_OU
Now we can start building our certificates
source ./vars
./clean-all
Create the CA Certificate
./build-caFill in the information it asks for(enter for default values)
This file is needed for openVPN, not sure what it actually does, see their site for details.
./build-dh
Create the Server Certificate
./build-key-server --server nameOfYourServerFill in the information it asks for(enter for default values) and enter y for the confirmations to create the server certificate
Create the client certificate(do this step for each computer connecting to the vpn, each name must be unique)
./build-key nameOfYourConnectingComputerFill in the information is asks for(enter for default values) and enter y for the confirmations to create the client certificate
All the keys we just created are stored in the keys folder, let's go back to our home directory
cd ~/
We need to create a server.conf file(more info at http://openvpn.net/index.php/open-source/documentation/howto.html#examples)
vi server.conf
Add the following lines to the file(your server cert and key may be named differently):
port 1194
proto udp
dev tun
ca /home/tc/easy-rsa/2.0/keys/ca.crt
cert /home/tc/easy-rsa/2.0/keys/server.crt
key /home/tc/easy-rsa/2.0/keys/server.key
dh /home/tc/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
Now run openvpn server.conf and you should get the message "Initiatialization Sequence Completed"
I'm connecting to the server via a windows machine, but the process is still the same after you have OpenVPN installed on the client computer
Install an FTP client and download the ca.crt, client.crt, client.key files from your TinyCore keys folder and put them in a folder.
You'll need to create a client.conf file, I used the following lines(be sure to change the remote IP to the IP of your TinyCore machine and make the certs point to the files you downloaded off your TinyCore computer)
client
dev tun
proto udp
remote 10.10.1.193 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca C:\\Users\\myuser\\Desktop\\ovpn\\ca.crt
cert C:\\Users\\myuser\\Desktop\\ovpn\\client1.crt
key C:\\Users\\myuser\\Desktop\\ovpn\\client1.key
ns-cert-type server
comp-lzo
verb 3
Now run the following comment to start your VPN client
openvpn client.conf
You should get the message "Initialization Sequence Completed" letting you know you have successfully connected to your OpenVPN server.
Hope this helps. :)
-
openvpn is already on the repo
-
What is the package name?
-
Hi nvrnight
It's called openvpn.tcz
-
For that matter, so is openssl ;)
-
Heheh, I had issues finding it on the package manager. That's when I discovered it was a problem with my Atheros network card. I switched to using a different machine and was able to download the OpenVPN package. Now I just need to figure out how to use it, it doesn't seem to have a web interface like the .deb package off OpenVPN's site has. I'm guessing I just need to jump through some more hoops. Thanks for the help so far guys.
-
You can find documentation at http://openvpn.net/index.php/open-source.html .
-
Thanks for the information guys, hopefully this thread will help someone else out in the future. :)
-
Thanks for the information guys, hopefully this thread will help someone else out in the future. :)
Adding [SOLVED] to Subject of first post would be a good idea ;)
-
Thanks for the information guys, hopefully this thread will help someone else out in the future. :)
Adding [SOLVED] to Subject of first post would be a good idea ;)
Done
-
Hi
I can't find openvpn.tcz in repo. what repo you means?
could you give me link or something?
-
http://repo.tinycorelinux.net/4.x/x86/tcz/openvpn.tcz.info
-
yes i have this repo but in mirrors wrote only "http://repo.tinycorelinux.net" without this tail. But anyway, when i choose this mirror and try to search "openvpn" i can't find.
what i doing wrong?
P.S. i work with this OS 2nd day)))
Thanks for the quick reply
-
Hi LevaZzz
Which version of Tinycore are you running? 4.x or 5.x?
-
downloaded from http://tinycorelinux.net/downloads.html "CorePlus" 2 days ago
5.0.2 i suppose
-
Hi LevaZzz
You are running 5.x. Openvpn.tcz has not yet been added to the 5.x repository.
-
maybe i could install Openvpn.tcz by myself? But how i can't understand.
-
Hi LevaZzz
If you want to try it, open the Apps utility and install:
iproute2.tcz
lzo.tcz
openssl-1.0.0.tcz
Then:
cd /etc/sysconfig/tcedir/optional
wget http://www.tinycorelinux.net/4.x/x86/tcz/openvpn.tcz
wget http://www.tinycorelinux.net/4.x/x86/tcz/openvpn.tcz.dep
wget http://www.tinycorelinux.net/4.x/x86/tcz/libpkcs11-helper.tcz
wget http://www.tinycorelinux.net/4.x/x86/tcz/libpkcs11-helper.tcz.depOpen openvpn.tcz.dep and change lzo2.tcz to lzo.tcz:
editor openvpn.tcz.depSave the file and then execute:
tce-load openvpn.tczAssuming I haven't left out any steps and openvpn is compatible you should be able to run it.
If you find it runs correctly under 5.x please report it here:
http://forum.tinycorelinux.net/index.php/topic,15906.msg95105.html#msg95105
-
Hi LevaZzz
If you find it runs correctly under 5.x please report it here:
http://forum.tinycorelinux.net/index.php/topic,15906.msg95105.html#msg95105
And don't forget to mention any extra steps required to get it to work, like modifying the dependency file.
-
ok, will try
-
I've verified that this works and have updated the verified working list.
-
Hi Uncle Warthog
Thanks for testing and reporting.
-
Gratitude for sharing this information. Glad that the issue has been solved. I too have to buy a VPN service that supports android and windows as I want to use it with the PC and phone. Could you share the tech reviews about such VPN service?