Easy installation of OpenVPN access server with Fedora 23

Until recently I would use the OpenVPN package that is available in Synology’s DSM for network storage (NAS). But after upgrading to the latest DSM version 6, disappointingly few packages did work as they should. So I figured it was time to move OpenVPN over to the home server — afterall, the Synology solution had always been surprisingly slow when not connecting for a while. It could take up to a minute, and quite a few retries, to at all get connected.

Looking at alternative setups, Fedora has a dedicated page about OpenVPN. But the installation is anything but intuitive. Apparently it is needed to hack both iptables and firewall-cmd. I did not even bother to try this procedure.

Fedora openvpn messy setup

Seemingly there is something called OpenVPN Access server straight off openvpn.net, and which comes in a number of flavours. Not surprisingly I would go for the Fedora version, which comes in both 32 and 64 bit editions.

Openvpn access server linux flavors

Installation was also surprisingly straight forward using the rpm. Everything seemed to work, so it was just to head over to the web admin interface at localhost:943. I had to specify what authentication method to be used (I chose local), in addition to a few other parameters.

What was not intuitive at all, was how to route the client traffic through this VPN connection. To achieve this I had to add a specific line to the custom config section under «Advanced VPN». Specifically this was

push "redirect-gateway"

Secondly I added some security by following the recommendations from bettercrypto.org. This also would have to be added in the same config textboxes:

openvpn server config directives

 

I also just discovered that the server does not start automatically on reboot, but has to be started through the web admin interface. I have not been able to find a startup service to be performed through systemctl yet, but apparently there should be a way. Will include this when found.

Update 2016-05-19: running ./scripts/sacli start will startup the server when computer has rebooted.

Legg igjen en kommentar

Din e-postadresse vil ikke bli publisert. Obligatoriske felt er merket med *