VPN client for DietPi Topic is solved

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
Post Reply
JRaducha
Posts: 7
Joined: Sat May 25, 2019 10:49 pm

VPN client for DietPi

Post by JRaducha » Sat May 25, 2019 10:53 pm

I am using a Allo Boss DAC for Roon connectivity. I am looking to put the DAC at a remote location and access my server through a L2TP VPN connection. I am looking for a VPN CLIENT that will allow me to do this in DietPi, and make sure all the traffic goes through the VPN connection. How can I do this? What app should be downloaded?

Thank you!

User avatar
MichaIng
Site Admin
Posts: 1870
Joined: Sat Nov 18, 2017 5:21 pm

Re: VPN client for DietPi

Post by MichaIng » Sun May 26, 2019 1:18 am

Are you bound to L2TP? That does not work with the VPN clients we offer through DietPi-Software. So if OpenVPN or WireGuard is an option, that would work.

I have no experience with L2TP, which is usually paired with IPsec, which again is known to be a bid complicated to setup. However hopefully this guide helps you: https://gist.github.com/mietek/4877cd74423bf6925b92

JRaducha
Posts: 7
Joined: Sat May 25, 2019 10:49 pm

Re: VPN client for DietPi

Post by JRaducha » Sun May 26, 2019 6:56 am

I am not bound to L2TP. The Qnap I am using as my VPN server does support OpenVPN.

I looked all over, and I can not find where to install just the CLIENT on OpenVPN in DietPi. Do you have instructions on that?

The other option, I was thinking about would be just using a SSH Tunnel. What are your thoughts on that?\

I have my iPhone and a MacBook Pro already configured to use the L2TP, and it works great. That is why I was trying to use that for the ALLO Boss.


MichaIng wrote:
Sun May 26, 2019 1:18 am
Are you bound to L2TP? That does not work with the VPN clients we offer through DietPi-Software. So if OpenVPN or WireGuard is an option, that would work.

I have no experience with L2TP, which is usually paired with IPsec, which again is known to be a bid complicated to setup. However hopefully this guide helps you: https://gist.github.com/mietek/4877cd74423bf6925b92

User avatar
MichaIng
Site Admin
Posts: 1870
Joined: Sat Nov 18, 2017 5:21 pm

Re: VPN client for DietPi

Post by MichaIng » Sun May 26, 2019 1:58 pm

@JRaducha
Ah yeah that's true, our OpenVPN install configures it as server. WireGuard allows to choose between server and client setup.

However for a client setup usually the config must be provided by the server. Perhaps the Qnap has an option to export a client config based on the VPN server configuration?
Generally the Debian guide explains and gives examples about how to setup both sides: https://wiki.debian.org/OpenVPN

A SSH tunnel is an alternative, but a VPN will be generally more secure, easier to be forced for all network requests on the client and faster (AFAIK) since it can be used with UDP protocol as well.

JRaducha
Posts: 7
Joined: Sat May 25, 2019 10:49 pm

Re: VPN client for DietPi

Post by JRaducha » Tue May 28, 2019 7:27 am

OK… I figured out how to get OpenVPN Client setup for DietPi.


Step 1
Set up your OpenVPN Server

Step 2
Login as root on to your DietPi

Step 3 Type-
apt-get update

Step 4 Type-
apt-get install openvpn

Step 5 – Configure the OpenVPN Client
In /etc/openvpn/ create a new text file named – (Your sever name).ovpn

Paste this text in - PLEASE MAKE CHANGES-----
## How to setup OpenVPN client?
## 1. Install OpenVPN software on your platform.
## 2. Double click XXXX.ovpn file to create new connection profile.
## 3. Type username and password while connection.

client
dev tun
script-security 3
remote (YOUR IP ADDRESS X.X.X.X) 1194
resolv-retry infinite
nobind
auth-nocache
auth-user-pass
remote-cert-tls server
reneg-sec 0
cipher AES-128-CBC
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA
comp-lzo
proto udp
explicit-exit-notify 1
<ca>
-----BEGIN CERTIFICATE-----
(THIS IS LOCATED ON YOUR SERVER CALLED YOURSERVERNAME.CA)
-----END CERTIFICATE-----
</ca>

Step 6
Copy your CA from the server to the client
On the client - located at - /etc/openvpn/client/

Step 7 Type-
service openvpn restart

Step 8 (Just to make sure you have connectivity on both sides)
On the client, try and ping your server

Step 9 Type-
openvpn --config clientname.ovpn

Step 10
Enter your user name and password

Step 11
When OpenVPN shows the message “Initialization Sequence Completed“, then you are connected.
Last edited by JRaducha on Thu May 30, 2019 12:13 am, edited 2 times in total.

User avatar
MichaIng
Site Admin
Posts: 1870
Joined: Sat Nov 18, 2017 5:21 pm

Re: VPN client for DietPi

Post by MichaIng » Tue May 28, 2019 1:44 pm

@JRaducha
Many thanks for providing your solution. Jep looks good.

I am still thinking if OpenVPN ships a command to create a client config directly from the server :?. Will check this out.

JRaducha
Posts: 7
Joined: Sat May 25, 2019 10:49 pm

Re: VPN client for DietPi

Post by JRaducha » Thu May 30, 2019 12:11 am

MichaIng wrote:
Tue May 28, 2019 1:44 pm
@JRaducha
Many thanks for providing your solution. Jep looks good.

I am still thinking if OpenVPN ships a command to create a client config directly from the server :?. Will check this out.
It does, but I could not get it to work properly.

How to configure the client via command line - At least this is how it was explained to me.

OpenVPN server creates certificates for each VPN client machine. These certificates should be available on the client computer at the /etc/openvpn directory. Normally, we use the scp command and copy these files from the OpenVPN server to the machine.

# scp [email protected]:/etc/openvpn/clients/clientname.tar.gz
# tar -xzvf clientname.tar.gz

This would fetch all the client certificates from the OpenVPN server.

Going further, we would then copy the OpenVPN configuration file using the command:

# cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn

Now, on the client machine it’s time to make a few edits in the client specific configuration file at /etc/openvpn/client.conf.

Here, we set the address of the OpenVPN server, the port configured on the OpenVPN server and the actual name of the certificate and key file names. Usually, the OpenVPN port will be 1194.

Post Reply