Wednesday, December 14, 2011

Using CLI OpenVPN And VyprVPN/Giganews

The 'official' Giganews OpenVPN Linux instructions only cover using NetworkManager GUI. However what if you have a linux based gateway router without graphic support? Or for whatever reason, you simply want to connect using the CLI version of OpenVPN.

Before beginning, I assume the reader is familiar with the basic concepts behind Linux system administration.
Also note that 'screen' is not manadatory. I just like running my OpenVPN session via 'screen'

Step 1 - Install:

To install using apt-get, and using a Debian/Ubuntu based distro, run the below command.


apt-get install openvpn
apt-get install screen

If running a RHEL/Fedora based distro run the below:

yum install openvpn
yum install screen


Step 2 - Download the VyprVPN CA cert


sudo wget -O /etc/openvpn/ca.vyprvpn.com.crt \
http://www.giganews.com/vyprvpn/ca.vyprvpn.com.crt




Step 3 - Run the client

First run the command:

screen

Once within the screen session run the below:


sudo openvpn --client \
--remote hk1.vpn.giganews.com \
--dev tun \
--comp-lzo \
--auth-user-pass \
--tls-client \
--ca /etc/openvpn/ca.vyprvpn.com.crt

You may be prompted for your sudo password. Enter that. After you pass sudo authentication, you will then need to supply your VPN credentials. Enter those. Note that this is a basic configuration that works. Tweak as needed. Also note that the '--remote' argument can be any of the supported VyprVPN gateways.

Step 4 - Verify your connection

From a seperate console, run the below

ifconfig -a

Notice the tun device has been created

Also run traceroute to some random host...

traceroute cnn.com

Notice that your route begins at the VPN gateway.. Which in this case would be somewhere in Hong Kong.

You can also parse through wget or curl output from www.ip2location.com

curl -s www.ip2location.com | grep chkCountry\"\> 2>&1
wget -q -O - www.ip2location.com | grep chkCountry\"\>


Output may look something like..

<td><label for="chkCountry">HONG KONG</label></td>


Step 5 - End Your Session


When complete, simply ctrl-c from within the screen session. Or simply kill the openvpn process.

To verify your VPN session has been terminated, simply run 'ifconfig -a', and notice the absence of the tun device.



5 comments:

  1. question! (Great article btw - very helpful and worked a treat) if I was to run this as a script on startup how would I go about it? specifically the input of username and pass, is there somewhere I can put those details? Thanks again

    ReplyDelete
  2. yup i could do with the above too!

    ReplyDelete
  3. Thanks for sharing this such a great information about VyprVPN i shared this info to my all facebook and twitter friends because this info helps to everyone

    ReplyDelete
  4. Nice write up, I tried it this morning on centos 6.5 and it didn't work, got an auth failure. Tried it at work on a Fedora20 box, literally cutting and pasting your options. Worked like a champ. I'm thinking there may be an issue with the version of OpenVPN since they are from different repos.

    ReplyDelete
  5. Nice article, is it ok if i use ivacy vpn instead of vypr?
    http://www.bestvpnservice.com/ivacyvpn/

    ReplyDelete