matomo

Install OpenVPN for IPFire

1. Login to the IPfires interface

Click Remote access in the menu System.

Acitivate SSH as well as Allow password based authentication. Then click Save

Activate SSH for IPFire

2. Log in via SSH

Login via the SSH for your IPFire-installation. Then run the following commands:

cd /var/ipfire/ovpn mkdir ovpn cd ovpn

3. Download configuration files

Edit ovpn.conf and change:

up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf

to

#up /etc/openvpn/update-resolv-conf #down /etc/openvpn/update-resolv-conf

Change auth-user-pass parameter to:

auth-user-pass /var/ipfire/ovpn/ovpn_login

Change ovpn-ca.crt to:

ca /var/ipfire/ovpn/ovpn-ca.crt

Change tls-auth ovpn-tls.key 1 to:

tls-auth /var/ipfire/ovpn/ovpn-tls.key 1

Save the file.

Create a file that you name ovpn_login. Enter the following into the file:

username password

Replace username with your username for OVPN and password with your password for OVPN.

Save the file.

4. Check the connection

Now we should create a file that keeps track of the connection to OVPN. Creata a file and name it tunnelmonitor.sh and enter the following:

#!/bin/bash # this script tests a tunnel-connection and restarts the tunnel when down T=10.140.0.1 config="/var/ipfire/ovpn/ovpn/ovpn.conf" ifconfig | grep tun0 > /dev/null t=$? if [ "$t" != 0 ]; then echo "no tunnel-device available" logger -t TUNTEST "no tunnel-device available" modprobe tun openvpn --config $config --daemon logger -t TUNTEST "tunnel started" fi echo "pinging now" logger -t TUNTEST "pinging now" ping -c 1 $T > /dev/null if [ "$?" != 0 ]; then killall openvpn && sleep 10 openvpn --config $config --daemon echo "tunnel restarted" logger -t TUNTEST "tunnel restarted" else echo "tunnel OK" logger -t TUNTEST "tunnel OK" fi exit 0

Save the file and then run:

chmod u+x tunnelmonitor.sh

5. Edit iptables

Edit /etc/sysconfig/firewall.local and add the following code under ##add your 'start' rules here

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o tun0 -j MASQUERADE

Edit the network configuration so your IP and subnet matches your LAN.

Edit script in IPFire

6. Add job to crontab

Run the following command:

fcrontab -e

Press INS in order to add rows. Type the following row in the end:

*/10 * * * * /var/ipfire/ovpn/ovpn/tunnelmonitor.sh >/dev/null 2>&1

Press ESC and type :wq to save and close fcrontab.

7. Finished

Now IPFire is configured to work with OVPN. You can connect to OVPN by typing:

/var/ipfire/ovpn/ovpn/tunnelmonitor.sh