Reconfigure VPN
Revision as of 08:04, 7 March 2023 by Martin Cupak (talk | contribs) (Initial version of DFNEXT new VPN setup instructions)
Contents
- 1 DFNEXT systems
- 1.1 Login to the camera system...
- 1.2 Disable and remove the old VPN config
- 1.3 Transfer the DFNEXT099.zip file to /etc/openvpn on the camera (scp/winscp/sftp/rsync or so)
- 1.4 Unzip the configuration, password protected for security reasons
- 1.5 Install and activate the new config - on the camera system as root connected using local IP
- 1.6 Verify that it is running
DFNEXT systems
Instructions for 099 in this case, replace with other number for other camera systems:
Login to the camera system...
...either locally using ethernet wire or WiFi or just use screen and keyboard (HDMI, screen needs to be connected before powering up the camera box).
Disable and remove the old VPN config
cd /etc/openvpn
systemctl stop openvpn@DFNEXT099.service systemctl disable openvpn@DFNEXT099.service systemctl mask openvpn@DFNEXT099.service
rm -rf DFNEXT099.conf DFNEXT099.tgz keys
Transfer the DFNEXT099.zip file to /etc/openvpn on the camera (scp/winscp/sftp/rsync or so)
Unzip the configuration, password protected for security reasons
cd /etc/openvpn
unzip DFNEXT099.zip
... that creates file DFNEXT099.tar.gz
Install and activate the new config - on the camera system as root connected using local IP
root@DFNEXT099:/etc/openvpn# tar -xvzf DFNEXT099.tar.gz client/DFNEXT099.conf client/keys-gfo/ client/keys-gfo/DFNEXT099.crt client/keys-gfo/ca.crt client/keys-gfo/ta.key client/keys-gfo/DFNEXT099.key
systemctl start openvpn-client@DFNEXT099.service
systemctl enable openvpn-client@DFNEXT099.service
Verify that it is running
root@DFNEXT099:/etc/openvpn# systemctl status openvpn-client@DFNEXT099.service ● openvpn-client@DFNEXT099.service - OpenVPN tunnel for DFNEXT099 Loaded: loaded (/lib/systemd/system/openvpn-client@.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2023-01-29 03:11:35 MST; 2 weeks 3 days ago Docs: man:openvpn(8) https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage https://community.openvpn.net/openvpn/wiki/HOWTO Main PID: 15223 (openvpn) Status: "Initialization Sequence Completed" CGroup: /system.slice/system-openvpn\x2dclient.slice/openvpn-client@DFNEXT099.service └─15223 /usr/sbin/openvpn --suppress-timestamps --nobind --config DFNEXT099.conf
root@DFNEXT099:/etc/openvpn# ip a | grep tun 15: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 inet 10.1.23.99/20 brd 10.1.31.255 scope global tun0
root@DFNEXT099:/etc/openvpn# ping -c 3 dfn_vpn PING dfnserver_vpn (10.1.16.1) 56(84) bytes of data. 64 bytes from dfnserver_vpn (10.1.16.1): icmp_seq=1 ttl=64 time=213 ms 64 bytes from dfnserver_vpn (10.1.16.1): icmp_seq=2 ttl=64 time=211 ms 64 bytes from dfnserver_vpn (10.1.16.1): icmp_seq=3 ttl=64 time=220 ms --- dfnserver_vpn ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 211.841/215.206/220.417/3.755 ms