Linux, OpenVPN

OpenVPN: P2P connect on linux

Leave a comment

Hi,

this post describes how to setup an adhoc openvpn connection between two linux hosts.

First install openvpn on both systems

root@debdev ~ # apt-get install openvpn

On one of them create a secret file. This is used for en- and decrypt the traffic between the hosts

root@debdev ~ # openvpn --genkey --secret ~/temp-p2p-network.key --keysize 2048

Copy the key temp-p2p-network.key to root’s home directory on both systems. One acts as server the second as client

On the server create a config file /root/p2p.ovpn

dev tun
port 51999
ifconfig 172.31.200.1 172.31.200.2
secret temp-p2p-network.key
# Compress traffic
comp-lzo
# These settings ensure that OpenVPN reconnects when the partner changes his IP Address
keepalive 10 60
cipher AES-256-CBC
ping-timer-rem
auth-nocache
persist-tun
persist-key

and start the openvpn server

root@debdev ~ # openvpn --config /root/p2p.ovpn

Or start the server with all necessary parameters from command line

root@debdev ~ # openvpn --proto udp --dev tun --topology p2p --ifconfig 172.31.200.1 172.31.200.2 --secret temp-p2p-network.key --comp-lzo --keepalive 10 60  --cipher AES-256-CBC --ping-timer-rem

On the “Client” the same. Start with all parameters from command line. You have to adjust the servers IP address at –remote 

root@debdev ~ # openvpn --remote 123.123.123.123 51999 udp --dev tun --topology p2p --ifconfig 172.31.200.2 172.31.200.1 --secret temp-p2p-network.key --comp-lzo --keepalive 10 60 --cipher AES-256-CBC --ping-timer-rem

Or with config file

remote 123.123.123.123
port 51999
dev tun
ifconfig 172.31.200.2 172.31.200.1
secret temp-p2p-network.key
# Compress traffic
comp-lzo
# These settings ensure that OpenVPN reconnects when the partner changes his IP Address
keepalive 10 60
cipher AES-256-CBC
auth-nocache
ping-timer-rem

root@debdev ~ # openvpn --config /root/p2p.ovpn
Thu Mar 11 21:08:50 2020 Peer Connection Initiated with [AF_INET]123.123.123.123:51999
Thu Mar 11 21:08:50 2020 Initialization Sequence Completed

Check

michael@debdev ~ # ping 172.31.200.1
64 bytes from 172.31.200.1: icmp_seq=2953 ttl=64 time=58.2 ms

Michael

Leave a Reply