Connect Two Servers Using OpenVPN With Shared Secret

Published on: Tue, Jun 7, 2016 at 2:34 pm EST
Debian Linux Guides System Admin Ubuntu

Introduction

OpenVPN is a SSL-based and secured VPN which works on almost every UNIX-like system, and as well on Windows. OpenVPN can be used to connect two machines and exchange traffic between them securely. This guide explains how to setup a connection between two servers using OpenVPN and shared-keys.

Prerequirements

  • Ubuntu or Debian
  • 10 Minutes

Install packages

You can run this command on both servers:

sudo apt-get install openvpn

Configuration

OpenVPN is based on config files in which all details of the other remote-server are written in. There's also a Server -> Client Mode for OpenVPN, but it's easier to setup a P2P Connection using shared-keys though, and they fit our needs.

After the installation process has completed, we can create a new file ending with .conf under /etc/openvpn/*.

proto       udp
mode        p2p
remote      <REMOTE_HOST>
rport       <REMOTE_PORT>
local       <LOCAL_HOST>
lport       <LOCAL_PORT>
dev-type    tun
tun-ipv6
resolv-retry infinite
dev         <INTERFACE_NAME>
comp-lzo
persist-key
persist-tun
cipher aes-256-cbc
ifconfig <LOCAL_TUNNEL_IP>  <REMOTE_TUNNEL_IP>
secret /etc/openvpn/<NAME_OF_CONFIG_FILE>.key

Once we've created our config file, we're all set to create our shared key which we'll have to transfer to the other server.

openvpn --genkey --secret /etc/openvpn/<NAME_OF_CONFIG_FILE>.key

Connect the servers

We can now start right away with connecting our servers. We have to create the same config file and copy the key from the initial server onto the other server. But keep in mind, that the config files aren't identical, because <REMOTE> and <LOCAL> as well the <TUNNEL_IP> fields are different.

Start the tunnel

Once we have copied the key from the initial server to the second server and we have finished editing the config files, we can start the tunnel by typing the following command into our shell:

service openvpn start <NAME_OF_CONFIG_FILE>

Test the tunnel

By typing ping REMOTE_TUNNEL_IP into our shell, we can verify whether or not the other side is up and running. If there's no reply from the other server, check the following:

  • Firewalls on both sides.
  • The key is identical on each server.
  • The <REMOTE> and <LOCAL> fields are set properly.

Want to contribute ?

You could earn up to $300 by adding new articles