Remote Suppoer VPN eng: Unterschied zwischen den Versionen

Aus metasec wiki
Wechseln zu: Navigation, Suche
(Die Seite wurde neu angelegt: „This page describes in an easy way, how to use the Support archives for remote support via OpenVPN. == OpenVPN == Within the METASEC network, an OpenVPN Server …“)
 
(OpenVPN start)
 
(3 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 8: Zeile 8:
  
 
You need to download a free Support archive. This archive includes all necessary files for a working OpenVPN Client.
 
You need to download a free Support archive. This archive includes all necessary files for a working OpenVPN Client.
 +
After extraction to a directory of your choice
 +
# cd /directory/of/your/choice
 +
# tar -xzvf SupportX.tgz
 +
you will see the following files:
  
Included files:
 
 
* ca.crt: Certificate of the Certification Authority
 
* ca.crt: Certificate of the Certification Authority
 
* supportX.crt: Certificate of support client X
 
* supportX.crt: Certificate of support client X
* supportX.csr: Additional Information of the Certifikate (obsolete)
+
* supportX.csr: Additional Information of the certificate (obsolete)
 
* supportX.key: Private part of the client certificate
 
* supportX.key: Private part of the client certificate
 
* METASEC.conf: Configuration file to connect to the METASEC OpenVPN server
 
* METASEC.conf: Configuration file to connect to the METASEC OpenVPN server
Zeile 18: Zeile 21:
 
=== Requirements ===
 
=== Requirements ===
  
You need a wrking installation of openVPN. In general the installation differs on the used operation system.
+
You need a working installation of OpenVPN. In general the installation differs in the used operation system.
In case of a used Debian/Ubuntu you can use the intern installation tool aptitude
+
In case of a used Debian/Ubuntu you can use the intern installation tool "aptitude".
 
  # aptitude install openvpn
 
  # aptitude install openvpn
  
Zeile 27: Zeile 30:
 
  # openvpn --config METASEC.conf
 
  # openvpn --config METASEC.conf
  
All paths to the needed certifiactes are set relativly. They are searched within the same directory as the configuration.
+
All paths to the needed certificates are set relatively. They are searched within the same directory as the configuration.
  
After a successful connection ("connection established" in log) the computer is part of the OpenVPN network an is accessible from the METASEC network.
+
After a successful connection ("connection established" in log) the computer is part of the OpenVPN network and is accessible from the METASEC network.
  
 
== Termination of OpenVPN support ==
 
== Termination of OpenVPN support ==
  
After succesfull support session you can simply quit the openvpn tunnel by pressing "STRG" and "C".
+
After a successfully support session you can simply quit the OpenVPN tunnel by pressing "STRG" and "C".
 
The tunnel is terminated.
 
The tunnel is terminated.
  
 
== OpenVPN in background ==
 
== OpenVPN in background ==
  
Alternativly you can fork the OpenVPN to the background. To do this simple enlarge the openvpn command with "--daemon".
+
Alternatively you can fork the OpenVPN to the background. To do this simple enlarge the OpenVPN start command with "--daemon".
 
  # openvpn --config METASEC.conf --daemon
 
  # openvpn --config METASEC.conf --daemon
  
To terminate a daemonized tunnel you have to identify the pid of the tunnel and kill it manually
+
To terminate a daemonised tunnel you have to identify the pid of the tunnel and kill it manually
 
  # ps -ef | grep openvpn
 
  # ps -ef | grep openvpn
 
  # kill $PROCESS-ID
 
  # kill $PROCESS-ID

Aktuelle Version vom 19. Mai 2011, 10:51 Uhr

This page describes in an easy way, how to use the Support archives for remote support via OpenVPN.

OpenVPN

Within the METASEC network, an OpenVPN Server is established. This server will be used for remote support. A computer, that needs remote support will be set as a OpenVPN client on the intern OpenVPN Server.

What to do

You need to download a free Support archive. This archive includes all necessary files for a working OpenVPN Client. After extraction to a directory of your choice

# cd /directory/of/your/choice
# tar -xzvf SupportX.tgz

you will see the following files:

  • ca.crt: Certificate of the Certification Authority
  • supportX.crt: Certificate of support client X
  • supportX.csr: Additional Information of the certificate (obsolete)
  • supportX.key: Private part of the client certificate
  • METASEC.conf: Configuration file to connect to the METASEC OpenVPN server

Requirements

You need a working installation of OpenVPN. In general the installation differs in the used operation system. In case of a used Debian/Ubuntu you can use the intern installation tool "aptitude".

# aptitude install openvpn

OpenVPN start

With a working installation of OpenVPN you are now able to connect to the METASEC server. It is recommend that the following command is performed as root, because a tun device needs to be created.

# openvpn --config METASEC.conf

All paths to the needed certificates are set relatively. They are searched within the same directory as the configuration.

After a successful connection ("connection established" in log) the computer is part of the OpenVPN network and is accessible from the METASEC network.

Termination of OpenVPN support

After a successfully support session you can simply quit the OpenVPN tunnel by pressing "STRG" and "C". The tunnel is terminated.

OpenVPN in background

Alternatively you can fork the OpenVPN to the background. To do this simple enlarge the OpenVPN start command with "--daemon".

# openvpn --config METASEC.conf --daemon

To terminate a daemonised tunnel you have to identify the pid of the tunnel and kill it manually

# ps -ef | grep openvpn
# kill $PROCESS-ID