The following example creates a point-to-point VPN tunnel. It demonstrates how to create a VPN tunnel between one client and a server. It is assumed that your VPN server will use the IP address 10.23.8.1 and your client the IP address 10.23.8.2. You can modify these private IP adresses to your needs but make sure you select adresses which are not used to minimize problems with IP address or subnet conflicts.
WARNING: Use It Only For Testing
This scenario is only useful for testing and is considered as an example to get used to VPN. Do not use this as a real world scenario to connect as it can compromise your security and the safety of your IT infrastructure!
To configure a VPN server, do the following:
Install the package openvpn on the machine that will later become your VPN server.
Open a shell, become root and create the VPN secret key:
openvpn --genkey --secret /etc/openvpn/secret.key
Copy the secret key to your client:
scp /etc/openvpn/secret.key root@10.23.8.2:/etc/openvpn/
Create the file /etc/openvpn/server.conf with the following content:
dev tun ifconfig 10.23.8.1 10.23.8.2 secret secret.key
Start the YaST firewall module and UDP port 1194.
Start the OpenVPN service as root:
rcopenvpn start
To configure the VPN client, do the following:
Install the package openvpn on the machine that will later become your VPN client.
Create the file /etc/openvpn/server.conf with the following content:
remote IP_OF_SERVER dev tun ifconfig 10.23.8.2 10.23.8.1 secret secret.key
Replace the placeholder IP_OF_SERVER in the first line (remote) with either the domain name or the public IP adress of your server.
Start the OpenVPN service as root:
rcopenvpn start
After the OpenVPN is successfully started, test if the tun device is available. You can do so with the following command:
ifconfig tun0
To verify the VPN connection, use ping on both client and server to see if you can reach each other. Ping server from client:
ping 10.23.8.1
Ping client from server:
ping 10.23.8.2