A perimeter firewall on the server’s network is filtering out incoming OpenVPN packets (by default OpenVPN uses UDP or TCP port number 1194).The most common error when trying to connect to the server is “TLS key negotiation failed to occur with 60 seconds”. The tutorials mentioned above have the template available. The second step is to write configuraion files for server and client. The most secure method is not to leak the domain name to other people. The dh pem file can be created by the following command openssl dhparam -out dh2048.pem 2048Īctually, even 2048 bit is not secure enough nowadays. The easier way is to find such a key on your desktop or laptop and copy it onto RPI, this approach will be much faster. To create diffie-hellman key with size 2048, RPI will take about 3~4 hours to find a large prime number with 2048 bits. Please follow the following two tutorials rpi-vpn-tutorial and openvpn-documentation. The first is to create the master certificate, server certificate, client certificate, and the private keys. Pre-up /etc/firewall-openvpn-rules.sh (add this line ) Configure OpenVPN server and client $ chmod 700 /etc/firewall-openvpn-rules.sh Next, we put it into the interfaces setup code so it runs on boot. The first ip is the start ip that I chose for VPN subnet, the second is the internal ip of RPI. We need open an hole for OpenVPN in the firewall. RPI has a build-in firewall that will block incoming connections. ![]() _forward =1 (uncomment this line ) $ sysctl -p (configure kernel parameters at runtime, -p means reload ) Thus, when I ssh to my RPI remotely, I can use the registered dns hostname instead of the dynamic ip address.īy default, Raspbian does not forward internet traffic. With some simple configuration, it will update my dynamic ip to the dns server every 30s(you can change the value). Then I installed its linux version software Dynamic Update Client (noip2) on my RPI. First, I registered a free dns hostname on noip website. After some search online, I found noip is a good choice to host the dynamic dns. However, if we want to connect to RPI outside home, we need has a static ip address. Now we have a fixed internal ip address to connect. Use ifconfig(ip address, netmask, broadcast address) and netstat -nr(network,gateway) to find all the information and put it there. Then, change the interface file located in /etc/network/interfaces. To make this internal ip static, first step is to configure the home router to make a dhcp reservation for my RPI ip address(i.e. If I am using my laptop remotely, I can use nmap to scan the available ip and find it (in my case, it is 192.168.0.8). The ip address of RPI can be found using ifconfig command. The last software to install is the openvpn. ![]() I choose the noip, I download linux version noip software (for dynamic dns service), use make and sudo make install to install the software. Since most of the home network use dynamic ip, we need to update our ip with the free dns domain name we get from some online provider. sudo apt-get install xrdp ( for remote desktop access ) sudo update-rc.d xrdp enable ( enable it at boot ) In order to use remote desktop service from PC, we need to install xrdp in RPI, it will install the dependency tigervncserver as well. Now we can access RPI(Raspberry Pi) remotely using ssh. To start the GUI, just type “startx” in the terminal. The default login is the command line enviroment. It will take about 20 mins to finish installing the operating system. I choose to install the Raspbian operating system at the start up page. After plug in the power, it will automatically start with several options. Plug in keyboard, mouse and microsd card, connect hdmi cable with monitor. The first step is to install the operating system on raspberry pi. Install Raspbian and related softwares#.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |