How to unzip a zip file from the Terminal?

Question

Huckle

Asked: 2012-02-17 10:27:09 +0800 CST2012-02-17 10:27:09 +0800 CST 2012-02-17 10:27:09 +0800 CST

Set up a VPN, route samba over it

772

I get 3 IP addresses from my ISP, so after my modem I have a switch with three things. Two are servers, one is a router. All my personal computers are behind the router. My old server used to have two ethernet ports, so I would put one on the switch and one on the router so that I could keep server traffic off the router and still be able to have samba shares for media.

My new lower-power server only has one LAN. I will eventually get a USB ethernet plug for it, but until then I'd like to still have my samba shares. I thought to myself, there must be some way to achieve this via VPN.

So what I'd like to do is this, set up a VPN server on the server, allow clients behind the router to connect to it. That seemed simple enough, except that all the guides I've seen assume you can allocate addresses on the server's LAN. Since my server's LAN is the public internet I can't really do that. Is there any way I can make up some 'imaginary' LAN that exists only in the mind of the server and put my VPN clients on that?

To clarify, if the server is 68.232.SSS.SSS and if the router is 68.232.RRR.RRR and if computers behind the router are 10.0.0.1-255 then can I make VPN clients use addresses like 192.168.0.VPN?

  OOoOoOOOooOOo
OoO  Public  OoOOo-----Server eth0 (Real)    68.232.SSS.SSS
OoO  Internet OoO             eth1 (Virtual) 192.168.0.1
 OoOoOOoOOoOOOo
     |
     \--Router eth0 (WAN) 68.232.RRR.RRR
         |     eth1 (LAN) 10.0.0.1
         |
         \-----Client eth1 (Virtual) 192.168.0.2  
                      eth0 (Real)    10.0.0.2

3 Answers

Voted

Michael Tsang · Answer 1 · 2012-03-21T05:39:54+08:00

install openvpn on your server and your client

generate the certificates as in the official HOWTO:

root@server:/etc/openvpn/easy-rsa# cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/easy-rsa
root@server:/etc/openvpn/easy-rsa# cd /etc/openvpn/easy-rsa

Edit /etc/openvpn/easy-rsa/vars and fill in the appropiate values

root@server:/etc/openvpn/easy-rsa# . ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
root@server:/etc/openvpn/easy-rsa# ./clean-all
root@server:/etc/openvpn/easy-rsa# ./build-ca
Generating a 1024 bit RSA private key
......................++++++
........++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [HK]:
State or Province Name (full name) [New Territories]:
Locality Name (eg, city) [Tuen Mun]:
Organization Name (eg, company) [Home]:
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [OpenVPN-CA]:
Name [OpenVPN-CA]:
Email Address [[email protected]]:
root@server:/etc/openvpn/easy-rsa# ./build-key-server server
Generating a 1024 bit RSA private key
...............++++++
..........++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [HK]:
State or Province Name (full name) [New Territories]:
Locality Name (eg, city) [Tuen Mun]:
Organization Name (eg, company) [Home]:
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [server]:
Name [OpenVPN-CA]:
Email Address [[email protected]]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'HK'
stateOrProvinceName   :PRINTABLE:'New Territories'
localityName          :PRINTABLE:'Tuen Mun'
organizationName      :PRINTABLE:'Home'
organizationalUnitName:PRINTABLE:'changeme'
commonName            :PRINTABLE:'server'
name                  :PRINTABLE:'OpenVPN-CA'
emailAddress          :IA5STRING:'[email protected]'
Certificate is to be certified until Mar 18 13:18:09 2022 GMT (3650 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
root@server:/etc/openvpn/easy-rsa# ./build-key client
Generating a 1024 bit RSA private key
..........++++++
...................................................++++++
writing new private key to 'client.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [HK]:
State or Province Name (full name) [New Territories]:
Locality Name (eg, city) [Tuen Mun]:
Organization Name (eg, company) [Home]:
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [client]:
Name [OpenVPN-CA]:
Email Address [[email protected]]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'HK'
stateOrProvinceName   :PRINTABLE:'New Territories'
localityName          :PRINTABLE:'Tuen Mun'
organizationName      :PRINTABLE:'Home'
organizationalUnitName:PRINTABLE:'changeme'
commonName            :PRINTABLE:'client'
name                  :PRINTABLE:'OpenVPN-CA'
emailAddress          :IA5STRING:'[email protected]'
Certificate is to be certified until Mar 18 13:20:00 2022 GMT (3650 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
root@server:/etc/openvpn/easy-rsa# ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
............................................................................+..................+...........+...........................+..............+..............................................................+......................................................................................................+......................................................................................+..............................................................................+..................+.................+..................................................................+.........................................+...........+..........................................................................................+..............................................+....................................+...................+....+..+................+.+.........+..............................................................+....................................................................................................................+...........+.....................................................................................................................................+.........................................................+...........................................................+.......................................................................................................................................................................................................................................+..............+..............................................................................................................................................+............................+..........................................+....................................................................................................................................++*++*++*

copy the needed files from /etc/openvpn/easy-rsa/keys on the server to /etc/openvpn

for server: ca.crt dh1024.pem server.crt server.key

for client: ca.crt client.crt client.key
copy the appropriate sample configuration files from /usr/share/doc/openvpn/examples/sample-config-files/ to /etc/openvpn and decompress them

server: server.conf.gz

client: client.conf
The server configuration file should be workable by default
edit the "remote" entry on the client /etc/openvpn/client.conf

Input the server name / IP-address. No other changes needs to be done
Open up UDP 1194 on the server's firewall
The service is ready to start now, the server is at 10.8.0.1

I assume you only need to access the server, additional work need to be done if you want to access other internal networks.
configure samba to listen on 10.8.0.0/24

Everything should have been done, leave comment here if something goes wrong.

taneli · Answer 2 · 2012-03-21T00:03:55+08:00

Install openvpn on the server and the clients. On the server this will bring up a tun0 tunnel interface with an IP subnet of your choosing. The relevant options in the configuration file /etc/openvpn/server.conf are:

dev tun
server 192.168.1.0 255.255.255.0

Unless you want the clients to route all their traffic through the VPN, comment out any lines looking like push "route A.B.C.D W.X.Y.Z" from the configuration.

In addition to the network configuration, you have to generate certificates for the server and for the clients (both sides authenticate). How to do that is covered in OpenVPN documentation.

Finally, you have to configure the clients to be able to use this connection, so you put in their /etc/openvpn/client.conf:

remote 68.232.SSS.SSS 1194

The 1194/udp is OpenVPN standard port, which needs to be open to the world in your firewall (hence the need for certificates).

I hope this answer and the documentation and sample configuration from openvpn will get you started.

Egil · Answer 3 · 2012-03-21T01:11:00+08:00

Egil

2012-03-21T01:11:00+08:002012-03-21T01:11:00+08:00

While not a direct answer to your question, I suggest you consider mounting your server using sshfs instead. All you need is a running ssh server, instead of a complex combination of samba and a bolted-on vpn solution.

On the client, have a look at How to auto mount using sshfs? for a GUI solution or http://ubuntuforums.org/showthread.php?t=430312 for a system-wide fstab solution.

0

Set up a VPN, route samba over it

How to delete a non-empty directory in Terminal?

How to unzip a zip file from the Terminal?

How can I copy the contents of a folder to another folder in a different directory using terminal?

How do I install a .deb file via the command line?

How do I run .sh scripts?

How do I install a .tar.gz (or .tar.bz2) file?

What command do I need to unzip/extract a .tar.gz file?

How to list all installed packages

Unable to lock the administration directory (/var/lib/dpkg/) is another process using it?

Change folder permissions and ownership