OpenVPN

OpenVPN (Open Virtual Private Network) is software that enables the creation of secure point-to-point or site-to-site connections.

Emerge
Install the OpenVPN package:

Also consider installing.

Server side
If this is the first time setting up an openvpn server, we will need to create a PKI (Public Key Infrastructure) from scratch.

Write a server-side openvpn configuration.

Start openvpn server, run

Client side
Copy the necessary key files to client, via a secure way (such as SSH), including


 * ca.crt
 * client1.csr (in this example)
 * client1.crt (in this example)
 * client1.key (in this example)
 * ta.key (if using tls-auth)

Write a client-side openvpn configuration file:

To automatically provide username and password, or just username with the password still prompted, add the following option, where auth is the file name containing 1 line with a username, or 2 lines with a username and password.

To start client, run

systemd
If all goes well, this would give you a working OpenVPN server and client connection.

Monitoring
While the service is running, there are ways to monitor it.

Syslog
Assuming that syslog is enabled, OpenVPN's output is available, along with other services, on syslog.

Additionally, you can send signal to have it displaying status.

Gentoo specifics
The init script allows multiple tunnels. Decide on a name for the tunnel - eg EXAMPLE

Using OpenRC
Now create your config as /etc/openvpn/EXAMPLE.conf

Using systemd
Due to dependencies server and client operations are separated into two units.

Create your server config as /etc/openvpn/server/EXAMPLE.conf

Create your client config as /etc/openvpn/client/EXAMPLE.conf

You can then create more tunnels by replacing EXAMPLE with more names. Each one has its own configuration and can be stopped and started individually. The default is simply to use openvpn.conf and not symlink the service. You can of course use both methods.

/etc/resolv.conf doesn't get updated
Ensure that the option up and down on the configuration file points to the right path for the script.

Also, dhcpcd is known to overwrite pre-existing file when service is ran (e.g. either automatically called by other script, or manually called thru ).

In most cases, the conflict between different network programs can be resolved by installing. The configuration would work out-of-box. Most networking scripts (including Gentoo's OpenVPN up & down script; along with dhcpcd) would regard its presence.

If disabling dhcpcd's resolv.conf update is necessary (most likely not), add the line below to :

External resources

 * https://wiki.archlinux.org/index.php/OpenVPN
 * easy vpn