OpenVPN
OpenVPN
OpenVPN is an open-source virtual private network (VPN) that creates an encrypted connection over the Internet from a device to a network. A VPN helps prevent unauthorized people from eavesdropping on the traffic and allows the user to work remotely. You can check more about VPNs here and OpenVPN here.
Vitro Crystal uses OpenVPN so that the user can connect to it remotely. To improve security, each user and device must be configured and given an access key. Only the administrator and selected personnel can create the configuration file. Here you will have the server and client VPN configuration documentation.
Client-side Installation
macOS
The easiest way to install on macOS is to use Homebrew. Just run this command on the terminal:
brew install openvpn
If you don't want to use Homebrew, you can download and install the program manually. Just follow these instructions.
Linux
To install it on Ubuntu, you can just use this command:
apt-get install openvpn
Windows
OpenVPN can be manually installed on Windows. To do that, just follow these instructions.
Server VPN
The server is the Vitro Crystal. For you to complete these steps, you will need:
- Appropriate permissions.
- Vitro Crystal running Yocto-based OS.
- A connection to the Internet.
- Access to Vitro Crystal (either by serial port, ssh, or directly with a monitor and keyboard).
Now follow these steps:
- Open this website and log in using the credentials provided by your team leader.
- Go to the user subpage by clicking User on the top.
- Click Add User. Fill the Name field and write the unique Vitro Crystal ID obtained by checking the
vitroio-mqtt
service, for example.
- Download the
.tar
file by clicking on the appropriate button next to the newly created User.
- On Vitro Crystal, check the file name and where the OpenVPN service looks for. You can do that by checking the OpenVPN service configuration:
cat /lib/systemd/system/openvpn\@.service
The file has this pattern:
[Unit]
Description=Our version of openvpn service
After=syslog.target network.target
ConditionPathExists=/opt/openvpn/vitro.conf
[Service]
PrivateTmp=true
Type=forking
PIDFile=/var/run/openvpn/%i.pid
ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /opt/openvpn/ --config %i.conf
[Install]
WantedBy=multi-user.target
In this case, the file is vitro.conf
and should be located at /opt/openvpn
.
7. Send the .tar
file you downloaded previously to Vitro Crystal. You can do it in many ways. If you have an ssh connection, you can run the following command:
scp <gw_id>.tar root@<gw_ip>:<config_dir>
In this case, <config_dir>
should be substituted by /opt/openvpn/
.
8. Unzip the .tar
file and delete it:
unzip <config_dir>/<gw_id>.tar && rm <config_dir>/<gw_id>.tar
Now there is an
.ovpn
VPN configuration file on the <config_dir> directory. You can check that by runningls <config_dir> | grep ovpn
.
- Restart the service and done! To restart it, just use this command:
systemctl restart openvpn@vitro
If the service hasn't started already, you can fix it by using:
systemctl enable openvpn@vitro; systemctl start openvpn@vitro
.
You can check if everything is already done by using ifconfig
command. OpenVPN is supposed to create another network interface, usually named tun
and a descriptor. Everything is fine if the tun
network interface is there (e.g. tun0
). You can also check if the OpenVPN is running fine by checking the Pritunl Website. This is shown in the image below.
Client VPN
Anything that connects to the Internet and has OpenVPN can connect to a server VPN (Vitro Crystal in this case). This is possible if you have the VPN configuration file. Ask the administrator or team leader for it. If you have the authorization, you can create a new User and download a configuration file on this website.
To connect to Vitro Crystal with a VPN, just follow these steps:
- Install OpenVPN:
apt install openvpn
If you followed our Installation Guide, you can skip this step!
- Obtain the VPN configuration file. If you don't have clearance to create one, please ask your team leader for one.
- Unzip the
.tar
VPN configuration file:
unzip <file_name>.tar
- Send the extracted file to
/etc/openvpn/client
(directory where OpenVPN looks for VPN configuration files):
mkdir -p /etc/openvpn/client && cp <file_name>.ovpn /etc/openvpn/client/vitro.conf
The
mkdir
command will create the directory if it doesn't exist. If you want to, you can only use thecp
command.
- Delete unnecessary files:
rm <file_name>.tar <file_name>.ovpn
- Start the OpenVPN service:
systemctl start openvpn-client@vitro
- (Optional) Start OpenVPN service to start on boot:
systemctl enable openvpn-client@vitro
- Check if everything is fine. You can use
ifconfig
command to see thetun
network interface and the Vitro Crystal IP address (if connected successfully). You can thenping
Vitro Crystal. - Done!
If you want to troubleshoot OpenVPN, check its logs:
journalctl -fu openvpn-client@vitro
.
Updated almost 3 years ago