Remote Suppoer VPN eng

Aus metasec wiki
Wechseln zu: Navigation, Suche

This page describes in an easy way, how to use the Support archives for remote support via OpenVPN.


Within the METASEC network, an OpenVPN Server is established. This server will be used for remote support. A computer, that needs remote support will be set as a OpenVPN client on the intern OpenVPN Server.

What to do

You need to download a free Support archive. This archive includes all necessary files for a working OpenVPN Client. After extraction to a directory of your choice

# cd /directory/of/your/choice
# tar -xzvf SupportX.tgz

you will see the following files:

  • ca.crt: Certificate of the Certification Authority
  • supportX.crt: Certificate of support client X
  • supportX.csr: Additional Information of the certificate (obsolete)
  • supportX.key: Private part of the client certificate
  • METASEC.conf: Configuration file to connect to the METASEC OpenVPN server


You need a working installation of OpenVPN. In general the installation differs in the used operation system. In case of a used Debian/Ubuntu you can use the intern installation tool "aptitude".

# aptitude install openvpn

OpenVPN start

With a working installation of OpenVPN you are now able to connect to the METASEC server. It is recommend that the following command is performed as root, because a tun device needs to be created.

# openvpn --config METASEC.conf

All paths to the needed certificates are set relatively. They are searched within the same directory as the configuration.

After a successful connection ("connection established" in log) the computer is part of the OpenVPN network and is accessible from the METASEC network.

Termination of OpenVPN support

After a successfully support session you can simply quit the OpenVPN tunnel by pressing "STRG" and "C". The tunnel is terminated.

OpenVPN in background

Alternatively you can fork the OpenVPN to the background. To do this simple enlarge the OpenVPN start command with "--daemon".

# openvpn --config METASEC.conf --daemon

To terminate a daemonised tunnel you have to identify the pid of the tunnel and kill it manually

# ps -ef | grep openvpn
# kill $PROCESS-ID