Reconfigure VPN

From DFN Wiki
Revision as of 08:04, 7 March 2023 by Martin Cupak (talk | contribs) (Initial version of DFNEXT new VPN setup instructions)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

DFNEXT systems

Instructions for 099 in this case, replace with other number for other camera systems:

Login to the camera system...

...either locally using ethernet wire or WiFi or just use screen and keyboard (HDMI, screen needs to be connected before powering up the camera box).

Disable and remove the old VPN config

 cd /etc/openvpn
 systemctl stop openvpn@DFNEXT099.service
 systemctl disable openvpn@DFNEXT099.service
 systemctl mask openvpn@DFNEXT099.service
 rm -rf DFNEXT099.conf DFNEXT099.tgz keys

Transfer the DFNEXT099.zip file to /etc/openvpn on the camera (scp/winscp/sftp/rsync or so)

Unzip the configuration, password protected for security reasons

 cd /etc/openvpn
 unzip DFNEXT099.zip

... that creates file DFNEXT099.tar.gz

Install and activate the new config - on the camera system as root connected using local IP

 root@DFNEXT099:/etc/openvpn# tar -xvzf DFNEXT099.tar.gz
 client/DFNEXT099.conf
 client/keys-gfo/
 client/keys-gfo/DFNEXT099.crt
 client/keys-gfo/ca.crt
 client/keys-gfo/ta.key
 client/keys-gfo/DFNEXT099.key
 systemctl start openvpn-client@DFNEXT099.service
 systemctl enable openvpn-client@DFNEXT099.service

Verify that it is running

 root@DFNEXT099:/etc/openvpn# systemctl status openvpn-client@DFNEXT099.service
 ● openvpn-client@DFNEXT099.service - OpenVPN tunnel for DFNEXT099
   Loaded: loaded (/lib/systemd/system/openvpn-client@.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2023-01-29 03:11:35 MST; 2 weeks 3 days ago
   Docs: man:openvpn(8)
         https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
         https://community.openvpn.net/openvpn/wiki/HOWTO
 Main PID: 15223 (openvpn)
   Status: "Initialization Sequence Completed"
   CGroup: /system.slice/system-openvpn\x2dclient.slice/openvpn-client@DFNEXT099.service
           └─15223 /usr/sbin/openvpn --suppress-timestamps --nobind --config DFNEXT099.conf
 root@DFNEXT099:/etc/openvpn# ip a | grep tun
 15: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    inet 10.1.23.99/20 brd 10.1.31.255 scope global tun0
 root@DFNEXT099:/etc/openvpn# ping -c 3 dfn_vpn
 PING dfnserver_vpn (10.1.16.1) 56(84) bytes of data.
 64 bytes from dfnserver_vpn (10.1.16.1): icmp_seq=1 ttl=64 time=213 ms
 64 bytes from dfnserver_vpn (10.1.16.1): icmp_seq=2 ttl=64 time=211 ms
 64 bytes from dfnserver_vpn (10.1.16.1): icmp_seq=3 ttl=64 time=220 ms
 
 --- dfnserver_vpn ping statistics ---
 3 packets transmitted, 3 received, 0% packet loss, time 2002ms
 rtt min/avg/max/mdev = 211.841/215.206/220.417/3.755 ms