This is an old revision of the document!
Table of Contents
OpenVPN
OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL).
OpenVPN allows peers to authenticate each other using a pre-shared secret key, certificates, or username/password. When used in a multiclient-server configuration, it allows the server to release an authentication certificate for every client, using signature and Certificate authority. It uses the OpenSSL encryption library extensively, as well as the SSLv3/TLSv1 protocol, and contains many security and control features.
How to use OpenVPN
It's barely simple if you already got a ready-to-go config by any openvpn provider.
$ openvpn --config yourconfig.ovpn
If you don't get a config that you can use you should have a look at /etc/openvpn. Slackware got a example config with some good hints in there.
Using OpenVPN with a password file
Since I wanted to use my openvpn connection to start automatically when I put my Thinkpad into the dock I thought it would be usefull to add the 'password safe' feature. That feature is not added by default on Slackwares package. You have to add it to the slackbuild and recompile the package.
Start with grabbing the source and slackbuild from one of the Slackware mirrors.
http://mirrors.slackware.com/slackware/slackware64-14.0/source/n/openvpn/
Change the mirror for your needs, for example -current.
In the next step we will change the openvpn.Slackbuild file.
vim openvpn.Slackbuild
Now look for this block of code:
./configure \ --prefix=/usr \ --libdir=/usr/lib${LIBDIRSUFFIX} \ --sysconfdir=/etc/openvpn \ --localstatedir=/var \ --docdir=/usr/doc/openvpn-${VERSION} \ --enable-lzo \ --enable-iproute2 \ --build=$ARCH-slackware-linux
Add the marked line to it.
./configure \ --prefix=/usr \ --libdir=/usr/lib${LIBDIRSUFFIX} \ --sysconfdir=/etc/openvpn \ --localstatedir=/var \ --docdir=/usr/doc/openvpn-${VERSION} \ --enable-lzo \ --enable-iproute2 \ --enable-password-save \ #add this line! --build=$ARCH-slackware-linux
Save the file and rebuild the package with
./openvpn.Slackbuild
The new package should be in the /tmp directory.
Install it with:
upgradepkg --install-new /tmp/yourpackage.tgz
Now you are able to load your login and password from a file. The file should contain two lines of text:
username password
Safe the file. And make it only readable for the owner
chmod 700 yourfile
At last add
auth-user-pass /path/to/your/passwordfile
to your openvpn config and you should be able to login without typing your password everytime.
Sources
Wikipedia: http://en.wikipedia.org/wiki/Openvpn