matomo

Special Offer: Save $144.12 on our annual subscription
Disconnected

Install OpenVPN for IPFire

This guide is also available in Svenska, Deutsch and Norsk

Last updated: February 10, 2020

1. Login to the IPfires interface

Click Remote access in the menu System.

Activate SSH as well as Allow password based authentication. Then click Save

Activate SSH for IPFire

2. Log in via SSH

Login via the SSH for your IPFire-installation. Then run the following commands:

cd /var/ipfire/ovpn
mkdir ovpn
cd ovpn

Use OVPN if security is of importance

Your privacy and security is the core focus of OVPN. That's why we've implemented a multi-layered security model.

Learn more

3. Download configuration files

Edit ovpn.conf and change:

up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

to

#up /etc/openvpn/update-resolv-conf
#down /etc/openvpn/update-resolv-conf

Change auth-user-pass parameter to:

auth-user-pass /var/ipfire/ovpn/ovpn_login

Change ovpn-ca.crt to:

ca /var/ipfire/ovpn/ovpn-ca.crt

Change tls-auth ovpn-tls.key 1 to:

tls-auth /var/ipfire/ovpn/ovpn-tls.key 1

Save the file.

Create a file that you name ovpn_login. Enter the following into the file:

username
password

Replace username with your username for OVPN and password with your password for OVPN.

Save the file.

4. Check the connection

Now we should create a file that keeps track of the connection to OVPN. Creata a file and name it tunnelmonitor.sh and enter the following:

#!/bin/bash
# this script tests a tunnel-connection and restarts the tunnel when down
T=10.140.0.1
config="/var/ipfire/ovpn/ovpn/ovpn.conf"
ifconfig | grep tun0 > /dev/null
t=$?
if [ "$t" != 0 ]; then
    echo "no tunnel-device available"
    logger -t TUNTEST "no tunnel-device available"
    modprobe tun
    openvpn --config $config --daemon
    logger -t TUNTEST "tunnel started"
    fi
echo "pinging now"
logger -t TUNTEST "pinging now"
ping -c 1 $T > /dev/null
if [ "$?" != 0 ]; then
    killall openvpn && sleep 10
    openvpn --config $config --daemon
    echo "tunnel restarted"
    logger -t TUNTEST "tunnel restarted"
    else
    echo "tunnel OK"
    logger -t TUNTEST "tunnel OK"
    fi
exit 0

Save the file and then run:

chmod u+x tunnelmonitor.sh

5. Edit iptables

Edit /etc/sysconfig/firewall.local and add the following code under ##add your 'start' rules here 

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o tun0 -j MASQUERADE

Edit the network configuration so your IP and subnet matches your LAN.

Edit script in IPFire

6. Add job to crontab

Run the following command:

fcrontab -e

Press INS in order to add rows. Type the following row in the end:

*/10 * * * * /var/ipfire/ovpn/ovpn/tunnelmonitor.sh >/dev/null 2>&1

Press ESC and type :wq to save and close fcrontab.

7. Finished

Now IPFire is configured to work with OVPN. You can connect to OVPN by typing:

/var/ipfire/ovpn/ovpn/tunnelmonitor.sh
In this guide

Best deal of the year - get 71% off our 1-year plan for Black Friday! Get Deal

View pricing