Stas Grishin's picture

Location: see attached file

Intended for: TKL Core

Description: Installs openvpn (+bridge-utils) and the webmin openvpn module to TKL Core, allowing easier configuration and management of openvpn servers and certificates.

Forum: 
Tags: 
Alon Swartz's picture

I just took a look at the patch, nicely done! I would like to test it but to do so it would be great if you could supply a use-case type tutorial (client configuration howto, server configuration, connect commands, etc.).

Regarding the webmin openvpn package, can you provide a link to the source you used. How did you build the package? I'd like to add it to the webmin package in the TurnKey package repo.

BTW, when using sed to change paths, I find it more readable to use a different delimiter and then you don't need to escape slashes:
sed -i "s/cmd=\/opt/cmd=\/usr\/share/" $OVPN_CONFIG
sed -i "s|cmd=/opt|cmd=/usr/share|" $OVPN_CONFIG
Stas Grishin's picture

Thanks for the advice about sed syntax Alon, it makes the conf file a bit more readable.

I am also attaching a step-by-step tutorial on how to setup a routed openvpn server.

Bonus: I am attaching a all-in-one installation script I used when creating the openvpn machine. I documented the exact commands I used. I later used this script to create the tklpatch, simplifying various parts to fit the tklpatch model.

I will create a new topic to post information about how I made the webmin package. The all-in-one script is a good example as well.

 

Oh, there appears to be a bug in the forum code which messes up the uploads when I try to re-upload a newer version of tkl-openvpn.tar.gz. For now just right-click, save as, rename.

Liraz Siri's picture

Your work on this patch will be the basis for an excellent addition to the appliance library in the next release batch. I'm very excited because this is the first new appliance developed using tklpatch by a community developer. Up until now the bottleneck has been the limited resources Alon and I can devote to TurnKey. We can only work on so many features and appliances at a given time.

But with the help of contributors from the community the sky is the limit! This is why I love open source. We'll be sure to give you credit for this when we make the announcement.

Stas Grishin's picture

I just logged in and noticed the karma bonus and this message. Thanks so much. I knew I was one of the first outside developers but didn't realize I was the first with a release. I am working on a few more random patches.

Thanks to the TKL team for making an excellent linux-based VM appliance platform.

Alon Swartz's picture

I have created a new section in the development wiki for TKLPatches, and have added this patch to the list. Feel free to update the patch page as you see fit.
Carlos's picture

Can I use this patch on the LAMP appliance?

Liraz Siri's picture

I can't think of any reason it wouldn't work but the only way to know for sure is to try it.

Hi Guys

Is a non-beta OpenVPN appliance available yet? Looking forward to it!!

It's so helpful that you thought of many things (like instructions) that us newbies really need.

Could the appliance include best-practice instructions for security lock-down of production servers? I'm concerned someone would hack the VPN server and gain access to the entire cloud.

Jeremy Davis's picture

But I imagine it will be one of the appliances in "Part 2" of the current v11.0RC release.

IMO unfortunately documentation is one area where TKL could do with some serious improvement. Stas has provided some documentation of this above in the tklopenvpn-howto.txt which should be helpful; beyond that you're out of luck other than having a google and crossing your fingers.

Sef's picture

Why is everybody talking about PC-to-PC (Level 2 Bridging)? I want level 3 bridging (TAP Tunneling) aka LAN/Ethernet bridging. Can anyone create instructions for this one? Thanks!


Jeremy Davis's picture

But you could possibly still use the patch. It may require some updating but could be a starting point. Have a read about TKLPatch in the docs.

As for the RSA stuff I have no idea TBH, so I'm no help there...

Ric Moore's picture

...for your installed to metal OS, would this enable  VPn for me safely enough?? I'm using the most recent proxmox 2.2-31  Or, is there a better way to do this running Debian Sqeeze?

Thanks, Ric


Alon Swartz's picture

The appliance page is here. Don't forget to take a look at the usage documentation (link at the bottom of the appliance page).

Add new comment