This is a read-only archive!

OpenVPN in Gentoo in 15 minutes

Situation: You have two computers at different locations. One of them is behind a very restrictive firewall that doesn't permit any incoming connections, and may be running Windows (ugh). The other is running Gentoo and is more permissive.

Problem: You want to play a game on these two computers, like ZSNES, which requires both machines to accept a connection on some port. ZSNES ideally uses UDP protocol for this. Or, you want to play some game that requires connections on multiple ports. For these or some other reason, an SSH tunnel isn't practical. So you must defeat the firewall.

Concerns: There are only two computers involved and no chance of more than two ever being involved. You don't care about encryption; if someone wants to snoop your Final Fantasy 6 traffic, so be it. You want to get something up and running in 15 minutes. You want something that is fast and easy to use from that point forward. You need something that works in Windows.

Solution: OpenVPN works really well for this. If you don't care about encryption and such, this "static" HOWTO is very effective at getting something working quickly. Gentoo can also help a lot in this regard, via some nice wiki entries on Gentoo-Wiki.

Anyways, this is how I did it:

  1. Make sure Universal TUN/TAP device driver support is enabled in your kernel for any Linux machines involved. (If you don't already have this included in your kernel, I guess there goes your 15 minutes right there. Oops!)

  2. Have the client install OpenVPN on their computer. (For Windows, download here.)

  3. On the server machine, run:

    emerge openvpn
    cd /etc/openvpn
    openvpn --genkey --secret static.key
    
  4. Edit /etc/openvpn/openvpn.conf and put this in it:

    dev tun
    ifconfig 10.8.0.1 10.8.0.2
    secret static.key
    
  5. Edit client.ovpn and put this in it (filling in your proper server IP address or domain):

    remote SERVER.IP.ADDRESS
    dev tun
    ifconfig 10.8.0.2 10.8.0.1
    secret static.key
    
  6. Send client.ovpn and static.key to the client by whatever means necessary. You should also keep a copy of static.key in /etc/openvpn on the server. You can get rid of client.ovpn on the server machine.

  7. Start up the server:

    /etc/init.d/openvpn start
    

That's it, you should now be able to fire up any program and point to 10.8.0.2 to access the client from the server, or 10.8.0.1 to access the server from the client, any port, TCP or UDP protocol.

If you really care about encryption or security, there are much better ways of doing this using real public/private key sharing. It may be worth taking the extra half hour or so to set up OpenVPN the right way depending on your needs.

September 08, 2007 @ 1:58 AM PDT
Cateogory: Linux

1 Comment

Spat
Quoth Spat on September 26, 2007 @ 8:21 PM PDT

This is a really nice copy of the openvpn site however perhaps you can tell us how to do the same thing but than with a game that relies on broadcasting. There seems no info on how to set that up as simple as possible. (have been trying to get that to work for a few weeks now and I'm not a noob just lack info and on irc they don't seem to know either)