I’ve had excellent luck setting up\u00a0a key-based authentication VPN for my home network, which is distributed across the country and consists of Linux, Mac (OS X), and QNAP nodes. \u00a0What, you ask, does “key-based authentication” refer to? \u00a0It means that I do not allow people to enter passwords. \u00a0Instead, clients must possess the proper key, which is exchanged automatically by openvpn. \u00a0 I think key-based authentication can be more secure in some cases, however I mainly wanted to do it “just because.”<\/p>\n
Generally speaking the\u00a0OpenVPN HOWTO<\/a> is excellent and\u00a0should suffice\u00a0for setting up your VPN. \u00a0Ill briefly parrot this guide here. \u00a0To set things up you:<\/p>\n On each client I scp’d over the ca, crt, key files, and made up a quick config script (based on the sample provided with openvpn). \u00a0I really only changed the following lines:<\/p>\n With that both the server and client should connect; all connected clients should have statically-assigned ips, and they should be able to talk to eachother.<\/p>\n What makes this a bit tricky is QNAP. \u00a0They only provide password-based authentication. \u00a0Thankfully you can just make a crontab to create the vpn connection, if its not up. \u00a0I made a script that looks something like:<\/p>\n A few important notes:<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" I’ve had excellent luck setting up\u00a0a key-based authentication VPN for my home network, which is distributed across the country and consists of Linux, Mac (OS X), and QNAP nodes. \u00a0What, you ask, does “key-based authentication” refer to? \u00a0It means that I do not allow people to enter passwords. \u00a0Instead, clients must possess the proper key, … Continue reading Key-based OpenVPN for OSX\/Linux\/QNAP Howto<\/span> \n
\n
\n
\n
\n
\r\nVPNLOG=\/mnt\/HDA_ROOT\/vpndir\/vpn.log\r\nif [[ `ps ax | grep openvpn | grep vpndir | grep -v grep` ]]; then\r\n echo "`date` Already running" | tee -a $VPNLOG\r\n ping -c 1 <server'sVPNIp>\r\n PINGRET=$?\r\n if [[ "0" = "$PINGRET" ]]; then\r\n echo "`date` Link is good!" | tee -a $VPNLOG\r\n exit 0\r\n else\r\n echo "`date` Link is down (ping gave $PINGRET) - killing current vpn" | tee -a $VPNLOG\r\n ps ax | grep vpndir | tr -s " " | cut -f 1 -d ' ' | xargs kill -9\r\n fi\r\nfi\r\necho "`date` Run this thing!" | tee -a $VPNLOG\r\n\/usr\/sbin\/openvpn --config \/mnt\/HDA_ROOT\/vpndir\/qnap.conf | tee -a $VPNLOG\r\n<\/pre>\n
\n
1. Edit \/etc\/config\/crontab and add your custom entry.\r\n2. Run 'crontab \/etc\/config\/crontab' to load the changes.\r\n3. Restart cron, i.e. '\/etc\/init.d\/crond.sh restart'<\/pre>\n<\/li>\n