7.

2 Configuration
Step 1: Setup OpenVPN on the gateway for both server and client

First and foremost, mount the TinyNetConfig.iso image file and run the installation
for the OpenVPN with the following commands for both client and server side.

 # cd /mnt/hdc
 ./SetupMenu
 Install OpenVPN

Diagram 7.1: Setup OpenVPN

Step 2: Key generation setup and handshake for OpenVPN.

In order to provide a secured handshake, both client and server required to have the
same Certificate Authority (CA) key generated by OpenVPN which used for
authenticate between the client and the server are directly using the same keys.
Therefore, in order to generate the key and certificate by OpenVPN correctly, both of
client and server side are required to input the following command lines.

 /usr/doc/openvpn-2.0.9/easy-rsa/
 ./vars
 ./clean-all
 ./build-ca
Diagram 7.2: Step 2 configuration

Step 3: Configuring the server

After completing step 2 for server, continuing on adding the following command lines
in /usr/doc/openvpn-2.0.9/easy-rsa/.

 ./build-key-server server
 Input Common Name field as “server” then confirm the certificate with ‘y’.
 ./build-dh and check the dh1024.pem exists in MC mode.
 Copy the all of the newly generated keys and certificates of ./keys directory to
/usr/doc/openvpn-2.0.9/sample-config-files/ in MC mode.

Diagram 7.3: Step 3 configuration for server

Diagram 7.5: Check and copy for CA and server.key

Step 4: Configuring the client

Similar to step 3, the client must complete step 2 and add on the following command
lines.

 Copy the previously generated ca.key and ca.crt to ./keys of the client.
 Go to /usr/doc/openvpn-2.0.9/easy-rsa/ and ./build-key client
 Input Common Name field as “client” then confirm the certificate with ‘y’.
 Copy the all of the newly generated client keys and certificates of ./keys
directory to /usr/doc/openvpn-2.0.9/sample-config-files/ in MC mode.
Diagram 7.6: Copying the key

Diagram 7.7: Step 4 configuration for client

Diagram 7.8: Step 4 configuration for client

Step 5: Tun configuration files for server and client

Go to /usr/doc/openvpn-2.0.9/sample-config-files/ and edit the ./server.conf with the

 ;dev tap
 dev tun
 Check for the ca.crt, server.crt, server.key and dh1024.pem is properly
defined.
 ; server-bridge 192.168.8.8 255.255.255.0 192.168.8.128 192.168.8.254
 server 10.8.0.0 255.255.255.0

Diagram 7.10: Step 5 editing tun config files for server

Then for the ./client.conf edit the following lines.

 ;server
  ;client
 ;dev tap
 dev tun
 remote 192.168.76.101 1194
 ;remote my-server-2 1194
 Check for ca.crt, client.crt and client.key are properly defined.

Diagram 7.11: Step 5 editing tun config files for client

Step 6: Initialization and testing for Tun

Open the server and input the following command lines to create and initialize the tun
for both server and client.

 Mkdir /dev/net
 Mknod /dev/net/tun c 10 200

Diagram 7.12: Step 6 configuration

After that on the server side, input the following commands.

 /usr/doc/openvpn-2.0.9/sample-config-files/

 openvpn tun-server.conf
Diagram 7.13: Step 6 server configuration

For the client side, input the following commands.

 /usr/doc/openvpn-2.0.9/sample-config-files/

 openvpn tun-client.conf

Diagram 7.14: Step 6 client configuration and showing initialization sequence

The tun will be tested by client ping 10.8.0.1.

Step 7: Tap configuration files for server and client

 dev tap0
 ;dev tun
 server-bridge 192.168.8.4 255.255.255.0 192.168.8.128 192.168.8.254
 ;server 10.8.0.0 255.255.255.0

Diagram 7.15: Step 7 TAP configuration for server

Go back to normal mode and active the bridge utility under the directory of
/mnt/live/memory/modules with the following command.

 activate bridge-utils-1.2-2.lzm

Diagram 7.16: Activate bridge utility command

Next move to ./client.conf, input the following command line

 client
 ;server
 dev tap
 ;dev tun
 remote 192.168.76.101 1194
 ;remote my-server-2 1194
 Check for ca.crt, client.crt and client.key are properly defined.
Diagram 7.17: Step 7 TAP configuration for client

Step 8: Initialization and testing for Tap

Previously done by step 6, the initialization already done with the mknod /dev/net/tun
c 10 200 command. The configuration that need to be done is initialize the tap0
opened allowing it to set the persist state to ON.

Server side configuration is done as follows in terminal.

 /usr/doc/openvpn-2.0.9/sample-scripts
 ./bridge-start
 /usr/doc/openvpn-2.0.9/sample-config-files/
 openvpn tap-server.conf

Diagram 7.18: Step 8 initialization TAP for server.

Client side of configuration is also done as the following in terminal.

 /usr/doc/openvpn-2.0.9/sample-config-files/
 openvpn tap-server.conf
Diagram 7.18: Step 8 initialization TAP for client.

Then the test for Tap configuration is done by the client through ping 192.168.8.4 for
br0.

7.3 Results
The results are shown with TUN and TAP connections are able to ping each other
through OpenVPN.

Diagram 7.19: Tun connection result for server side

Diagram 7.21: TAP connection result from server side

Diagram 7.22: TAP connection result from client side