Please note that OpenVPN is not a supported configuration on JCS/SOACS, so proceed at own risk.
On JCS, all commands running as root :
On JCS, all commands running as root :
3. yum installlocal openvpn-2.2.2-1 lzo pkcs11-helper-1.11-3
4. openvpn —genkey —secret /etc/openvpn/vpn.key
5. Configure the /etc/openvpn/server.conf:
remote xx.xx.xx.xx <— Remote node (In my case router IP with NAT configured to my local host)
float
port 8000
dev tun
ifconfig 192.168.2.1 192.168.2.2 <— Virtual Network, something different than local and remote network
persist-tun
persist-local-ip
comp-lzo
ping 15
secret /etc/openvpn/vpn.key
route 192.168.1.0 255.255.255.0 <— Remote network (ie. what is going to be forwarded through tun device)
chroot /var/empty
user nobody
group nobody
log vpn.log
verb 1
6. service openvpn start
On the target (on premise) , again as root, assuming that OpenVPN is installed (yum install openssl openvpn)
1. Create the /etc/openvpn/vpn.key (copy text content of the vpn.key on the JCS Node and paste)
2. Configure /etc/openvpn/server.config:
remote yy.yy.yy.yy <— JCS public ip
float
port 8000
dev tun
ifconfig 192.168.2.2 192.168.2.1 <— swapped ie 2<->1->
persist-tun
persist-local-ip
comp-lzo
ping 15
secret /etc/openvpn/vpn.key
route zz.zz.zz.0 255.255.255.0 <— Remote network ie. JCS local network
#chroot /var/empty/openvpn
user nobody
group nobody
log vpn.log
verb 1
3. service openvpn start
On JCS side open the OpenVPN port 8000 (udp and tcp), using Security Rules and Security Application.
From the JCS node you will only have access to target machine, and other means needs to be implemented to access nodes in same network as the target. OAG and OTD can help with this situation.
For debugging purposes there is a "vpn.log" file created under /etc/openvpn. Also remember that traceroute can give you details about the hops and the route a request is going to follow.
No comments:
Post a Comment