[ubuntu-uk] Ubuntu'ing a PC for a friend.
Jon Spriggs
jon at sprig.gs
Sat May 21 16:39:46 UTC 2011
As I said, the VPN part is more to save having to set up local port
forwarding and DynDNS, especially as my Dad is with BT, and their
default response with the home hub is "Press the reset button on the
side of the router. Does it work now?"
OpenVPN configuration is pretty straightforward, here's my config file
for my laptop:
client
dev tun
proto udp
remote MyHostName 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca_Jon_EEE.crt
cert Jon_EEE.crt
key Jon_EEE.key
ns-cert-type server
comp-lzo
float
keepalive 10 120
And on my server:
client-to-client
comp-lzo
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/Server.crt
dh /etc/openvpn/keys/dh1024.pem
ifconfig-pool-persist /tmp/ipp.txt
key /etc/openvpn/keys/Server.key
max-clients 64
port 1194
status /tmp/openvpn.clients 15
status-version 2
syslog openvpn
verb 3
push "route 10.8.0.0 255.255.255.0"
dev tun
server 10.8.0.0 255.255.255.0
proto udp
client-config-dir /etc/openvpn/ccd
writepid /var/run/openvpn-openvpn.pid
Once you've got the server-side all set up, the "complicated" bit, is
setting up SSL certificates - and that's easily scriptable too.
For the pain of a few bits of trial-and-error, you get to forget about
anything else at their end, but like all things IT, there are very
many more ways to solve things than one, and each one has their own
benefits and disadvantages. This is just my preferred way of doing it.
--
Jon "The Nice Guy" Spriggs
On 21 May 2011 16:27, Alan Pope <alan at popey.com> wrote:
> On 21 May 2011 15:55, Jon Spriggs <jon at sprig.gs> wrote:
>> How will you be supporting it?
>>
>
> Good question. I don't know if I will yet. However what i did for my
> mum was setup a dyndns address which automatically updates whenever
> their her IP changes.
>
> I can then ssh into her machine via the dyndns hostname, or I can use
> vnc over ssh with:-
>
> vncviewer localhost -via mumshostname.dyndns.org
>
> That gives me an encrypted tunnel over which VNC runs, and I can avoid
> any VPN setup :)
>
> In terms of laptops being stolen I tend to install preyproject.
>
> Cheers,
> Al.
>
> --
> ubuntu-uk at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk
> https://wiki.ubuntu.com/UKTeam/
>
More information about the ubuntu-uk
mailing list