Remote Suppoer VPN eng
This page describes in an easy way, how to use the Support archives for remote support via OpenVPN.
Inhaltsverzeichnis
OpenVPN
Within the METASEC network, an OpenVPN Server is established. This server will be used for remote support. A computer, that needs remote support will be set as a OpenVPN client on the intern OpenVPN Server.
What to do
You need to download a free Support archive. This archive includes all necessary files for a working OpenVPN Client.
Included files:
- ca.crt: Certificate of the Certification Authority
- supportX.crt: Certificate of support client X
- supportX.csr: Additional Information of the Certifikate (obsolete)
- supportX.key: Private part of the client certificate
- METASEC.conf: Configuration file to connect to the METASEC OpenVPN server
Requirements
You need a wrking installation of openVPN. In general the installation differs on the used operation system. In case of a used Debian/Ubuntu you can use the intern installation tool aptitude
# aptitude install openvpn
OpenVPN start
With a working installation of OpenVPN you are now able to connect to the METASEC server. It is recommend that the following command is performed as root, because a tun device needs to be created.
# openvpn --config METASEC.conf
All paths to the needed certifiactes are set relativly. They are searched within the same directory as the configuration.
After a successful connection ("connection established" in log) the computer is part of the OpenVPN network an is accessible from the METASEC network.
Termination of OpenVPN support
After succesfull support session you can simply quit the openvpn tunnel by pressing "STRG" and "C". The tunnel is terminated.
OpenVPN in background
Alternativly you can fork the OpenVPN to the background. To do this simple enlarge the openvpn command with "--daemon".
# openvpn --config METASEC.conf --daemon
To terminate a daemonized tunnel you have to identify the pid of the tunnel and kill it manually
# ps -ef | grep openvpn # kill $PROCESS-ID
