Setting up openvpn is actually really simple. I can summarize the steps for you.
First install openvpn via your package installation tool.
Now create a set of certificates that are used for authentication. The openvpn package should contain a directory easy-rsa
somewhere, on ubuntu it's in /usr/share/doc/openvpn/examples/easy-rsa
. Switch to it or one if it's subdirectories indicating a version and source the file vars
. Please note that you need to execute all following commands as root because the keys are generated into /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys
. If you want to create the keys as a user, you need to copy the whole directory to a place you have write permissions for.
cd /usr/share/doc/openvpn/examples/easy-rsa/2.0
source vars
Then clear all previously generated keys and generate new ones:
./clean-all
./build-ca
./build-key-server server
This generates a certificate and a server key. Now you can either generate one key for each client or you can generate one key and use it for all clients, depending on how secure you want to have your system. To generate a key for the client, execute:
./build-key client
Finally you need to generate Diffie Hellman parameters:
./build-dh
Now copy everything that's related to the server to /etc/openvpn, the directory we will put the config in:
cp ca.crt ca.key dh1024.pem server.crt server.csr server.key /etc/openvpn
Finally, we need to create a config file for the server. Create /etc/openvpn/server.conf by copying (and maybe uncompressing) /usr/share/doc/openvpn/examples/server.conf or server.conf.gz.
The default config is based on routing and not bridging which should be fine for almost all cases. The default config should be fine already but if you want you can go through it and change some parameters. For instance, you might want to uncomment the parameters client-to-client
and duplicate-cn
. Test your config by executing openvpn by hand:
cd /etc/openvpn
openvpn ./server.conf
If it starts up correctly, you can let the system start up the server at boot time. Not sure how you do that on your system, but on Ubuntu you just edit /etc/default/openvpn and uncomment AUTOSTART="all"
.
Finally, you need a client config. Create a new directory somewhere and copy the files ca.crt
, client.crt
and client.key
that we created during key generation into it. Then create the file client.conf and put the following lines into it:
client
dev tap
proto udp
remote <ip or domain of your server>
persist-key
persist-tun
nobind
ca ca.crt
cert client.crt
key client.key
resolv-retry infinite
comp-lzo
verb 3
Copy the directory to your client, switch into it and execute as root or with sudo:
openvpn client.conf
Now a connection should be established.
Please note that you need to set ROS_IP to the ip address of tap0. If you have several machines on the robot's network, you might also ... (more)