Solved

where and how to put keys and crts in openVPN Fedora 14

Posted on 2011-03-12
12
797 Views
Last Modified: 2012-05-11
Greetings,

I am running Fedora 14 on a Dell E5410 laptop.  OpenVPN is installed and I"m trying to configure it for a connection BUT since I'm clueless about finding my way around Fedora, I can't.

Problem 1) I have my key files and config file sitting on my desktop.  Problem is I have no idea how to copy them to the appropriate folders or even where those folders are.  

Problem 2) Once the files are in their proper place, I need to understand how to set up the connection ... good news is, I should have all the information necessary to do this.

I cannot emphasis enough that Linux is an entirely new world to me so assume I know nothing ... except that I know how to enter the shell prompt in root so if someone could tell me the commands to place these files where they need to go.

Thanks!
0
Comment
Question by:max7
  • 6
  • 5
12 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 35117284
Are you configuring it for establishing a connection to an external server or is your fedora will be the openvpn server.

http://openvpn.net/index.php/open-source/documentation/howto.html
0
 
LVL 1

Author Comment

by:max7
ID: 35117397
I am trying to connect to a remote server so I would be the client ... I have scoured the internet for a clear tutorial on how to setup the client but I have found nothing that fits the bill for someone at my level.

On top of that, when I try to drop files inside the openvpn folder, it says I do not have permission because (I guess) I am logged in as a regular user and not as root.   I tried to log out and log back in as root but I can't see way to do that.  I see no user "root" offered at the login prompt.

Furthermore, SELinux is getting in on the act; it seems to prevent openvpn from reading one of my certs.  I find a command line that put SELinux in passive mode which allowed the VPN to try and connect but it eventually timed out.

The whole situation is a convoluted, frustrating mess.
0
 
LVL 77

Expert Comment

by:arnold
ID: 35117462
On the server they need to generate and provide you the privae/public keys while keeping the public key and adding it in the cert directory.
You would have to reference the key and the certificate within the client configuration.
You would also need to have the CA certificate from the server to which you will be connecting to avoid errors due to trust issues.
usually once you login, you would run sudo bash to get a shell with elevated rights.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 1

Author Comment

by:max7
ID: 35117484
>>>On the server they need to generate and provide you the privae/public keys while keeping the public key and adding it in the cert directory.

Originally, I was setup on a windows 7 machine and they sent me keys and certs then.  Would the keys and certs they sent me when I was windows work for linux or must they generate completely new keys and certs?
0
 
LVL 77

Expert Comment

by:arnold
ID: 35118177
Yes they might not if the computer name changed.
But you can try.
0
 
LVL 1

Author Comment

by:max7
ID: 35119164
ok ... so the question is: how do I do this?

>>>You would have to reference the key and the certificate within the client configuration.

How?  For instance, what are the commands I would type in a terminal so the necessary files are in the proper folders?

>>>usually once you login, you would run sudo bash to get a shell with elevated rights.

I have no idea what this is or how the command looks

If you can point me to a decent tutorial on the web that would be fantastic, but all that I have seen are written a) mostly for server side and b) assuming you know linux command line i.e. it does not speak to a novice.
0
 
LVL 77

Expert Comment

by:arnold
ID: 35121953
you would need to edit the files which are likely in /etc/openvpn
Here the issue depends on which editor is best for you:
vi emacs etc
rpm -qa | grep -i vpn
rpm -ql <packageNameForOpenVPN>
The above line will list where all the files from the package are.
You would need to look where the file for the client configuration is.
0
 
LVL 77

Expert Comment

by:arnold
ID: 35121975
http://zhaoke.com/blog/436.html
You can use the example provided at http://www.zeroshell.net/eng/openvpn-client/ to configure your own.
0
 
LVL 8

Assisted Solution

by:jimmyray7
jimmyray7 earned 100 total points
ID: 35151306
Have you tried just copying the config and certificate files to /etc/openvpn and connecting?   Since you're a client that should be all you need to do.
0
 
LVL 1

Author Comment

by:max7
ID: 35154033
>>>Have you tried just copying the config and certificate files to /etc/openvpn and connecting?

I tried this but Linux tells me my user does not have permission to move the files to this folder ... how would get around this?
0
 
LVL 77

Accepted Solution

by:
arnold earned 400 total points
ID: 35157049
sudo is the means by which you can elevate your rights.
sudo bash
once you provide your password, you should have root rights on the system.
0
 
LVL 1

Author Closing Comment

by:max7
ID: 35162473
Thanks for the help ... Linux isn't the easiest OS to jump into I guess.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question