The following example creates a point-to-point VPN tunnel. It
demonstrates how to create a VPN tunnel between one client and a server.
It is assumed that your VPN server will use private IP addresses like
10.23.8.1 and your client
the IP address 10.23.8.2.
You can modify these private IP addresses to your needs but make sure you
select addresses which do not conflict with other IP addresses.
![[Warning]](admon/warning.png) | Use It Only For Testing |
|---|---|
This scenario is only useful for testing and is considered as an example to get familiar with VPN. Do not use this as a real world scenario to connect as it can compromise your security and the safety of your IT infrastructure! | |
To configure a VPN server, do the following:
Install the package
openvpnon the machine that will later become your VPN server.Open a shell, become
rootand create the VPN secret key:openvpn --genkey --secret /etc/openvpn/secret.key
Copy the secret key to your client:
scp /etc/openvpn/secret.key root@10.23.8.2:/etc/openvpn/
Create the file
/etc/openvpn/server.confwith the following content:dev tun ifconfig 10.23.8.1 10.23.8.2 secret secret.key
Start the YaST firewall module and open UDP port 1194.
Start the OpenVPN service as
root:rcopenvpn start
To configure the VPN client, do the following:
Install the package
openvpnon your client VPN machine.Create
/etc/openvpn/server.confwith the following content:remote IP_OF_SERVER dev tun ifconfig 10.23.8.2 10.23.8.1 secret secret.key
Replace the placeholder
IP_OF_SERVERin the first line with either the domain name, or the public IP address of your server.Start the OpenVPN service as
root:rcopenvpn start
After the OpenVPN is successfully started, test if the tun device is available. You can do so with the following command:
ifconfig tun0
To verify the VPN connection, use ping on both client and server to see if you can reach each other. Ping server from client:
ping 10.23.8.1
Ping client from server:
ping 10.23.8.2