![]() The VPN supports multiple users, so the whole family can use the connection at the same time. Once connected, I have access to resources that exist on the home LAN. Next, import the client config into Network Manager via settings, go to network, VPN, “+”, “Import from file” and select the saved `.ovpn` file copied from the Pi. TRANSFER PRITUNL TO ANOTHER SERVER INSTALLOn my laptop I use Ubuntu 18.04, which doesn’t ship with OpenVPN support out of the box, so I had to install it with sudo apt install network-manager-openvpn-gnome and then restart Network Manager with sudo systemctl restart NetworkManager. Alternatively within the SSH session to the Pi one could ‘cat’ the credentials file and then paste the output to a file on the destination laptop. I didn’t go that far, but while at home, I simply copied the file over the LAN directly to my laptop. I heard some will use a USB stick to transfer the configuration file and then destroy the stick, in case it’s lost and a rogue 3rd party gains access to the credentials. As such it should be handled carefully, and not leaked to other systems. The ‘.ovpn’ file created above will enable access to the VPN from other devices. Snap disconnect easy-openvpn:home Copy Configuration Carefully The snap no longer needs access to `home’ interface. This will create a file in the home directory called popey_laptop_vpn_config.ovpn. Sudo easy-openvpn.add-client popey_laptop > popey_laptop_vpn_config.ovpn In the event of any device loss, I can revoke the client access certificate to prevent malicious access. In addition, I could also export one config file for my phone and one for each device used by a family member. As a test, I exported a configuration file for my laptop. Connect the snap to the ‘home’ interfaceĪ configuration file is needed on all client devices connecting to OpenVPN server.This prevents us being able to write a configuration file out to the home directory. The next step step is necessary because, by default, the easy-openvpn snap is strictly confined to prevent the application having access to resources it doesn’t need. Once configured, the VPN server can be started. For me, it took about half an hour on a Raspberry Pi 2. The process of creating the keys can take quite a while. Enter a ‘Common Name’ – a plain text name given to the VPN.Enter a PEM pass phrase and make a note of it.Generate cryptographic keys to encrypt communication.Create a configuration setup for OpenVPN.Enable IPV4 forwarding – to enable network traffic between interfaces.I’ve covered this in more detail over in a GitHub Gist, but most of it was simply copying and pasting a few commands.Ĭonfiguring the VPN was pretty straightforward, once I understood the main steps. Core is built to be secure and always up to date. To that end, I chose to install Ubuntu Core which automatically installs updates, so requires minimal maintenance. I don’t want to have to do too much in the way of management. Since I had a Pi in a case doing nothing, I figured this would be a great way to put it to good use. Procure Private PiĪfter a little research, I discovered easy-openvpn in the Snap Store, a simple Virtual Private Network (VPN) solution that can run on a low-end machine such as a Raspberry Pi. I also wanted a solution that would work easily on my mobile devices, and those of the rest of my family. TRANSFER PRITUNL TO ANOTHER SERVER MANUALHowever, doing that is somewhat manual and not user-friendly. Previously, I would setup SSH with port forwarding to a machine on my home LAN to establish a single, secure connection, which is great for connecting from my laptop. Which can pose a problem if I’m away from home and want to access those files. This includes self-hosting important shared files, photos and media at home. As part of a personal drive to be less dependent on 3rd party Internet services, I’ve moved some things in house, under my own control. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |