I am using a Allo Boss DAC for Roon connectivity. I am looking to put the DAC at a remote location and access my server through a L2TP VPN connection. I am looking for a VPN CLIENT that will allow me to do this in DietPi, and make sure all the traffic goes through the VPN connection. How can I do this? What app should be downloaded?
Thank you!
VPN client for DietPi Topic is solved
Re: VPN client for DietPi
Are you bound to L2TP? That does not work with the VPN clients we offer through DietPi-Software. So if OpenVPN or WireGuard is an option, that would work.
I have no experience with L2TP, which is usually paired with IPsec, which again is known to be a bid complicated to setup. However hopefully this guide helps you: https://gist.github.com/mietek/4877cd74423bf6925b92
I have no experience with L2TP, which is usually paired with IPsec, which again is known to be a bid complicated to setup. However hopefully this guide helps you: https://gist.github.com/mietek/4877cd74423bf6925b92
Re: VPN client for DietPi
I am not bound to L2TP. The Qnap I am using as my VPN server does support OpenVPN.
I looked all over, and I can not find where to install just the CLIENT on OpenVPN in DietPi. Do you have instructions on that?
The other option, I was thinking about would be just using a SSH Tunnel. What are your thoughts on that?\
I have my iPhone and a MacBook Pro already configured to use the L2TP, and it works great. That is why I was trying to use that for the ALLO Boss.
I looked all over, and I can not find where to install just the CLIENT on OpenVPN in DietPi. Do you have instructions on that?
The other option, I was thinking about would be just using a SSH Tunnel. What are your thoughts on that?\
I have my iPhone and a MacBook Pro already configured to use the L2TP, and it works great. That is why I was trying to use that for the ALLO Boss.
MichaIng wrote: ↑Sun May 26, 2019 1:18 amAre you bound to L2TP? That does not work with the VPN clients we offer through DietPi-Software. So if OpenVPN or WireGuard is an option, that would work.
I have no experience with L2TP, which is usually paired with IPsec, which again is known to be a bid complicated to setup. However hopefully this guide helps you: https://gist.github.com/mietek/4877cd74423bf6925b92
Re: VPN client for DietPi
@JRaducha
Ah yeah that's true, our OpenVPN install configures it as server. WireGuard allows to choose between server and client setup.
However for a client setup usually the config must be provided by the server. Perhaps the Qnap has an option to export a client config based on the VPN server configuration?
Generally the Debian guide explains and gives examples about how to setup both sides: https://wiki.debian.org/OpenVPN
A SSH tunnel is an alternative, but a VPN will be generally more secure, easier to be forced for all network requests on the client and faster (AFAIK) since it can be used with UDP protocol as well.
Ah yeah that's true, our OpenVPN install configures it as server. WireGuard allows to choose between server and client setup.
However for a client setup usually the config must be provided by the server. Perhaps the Qnap has an option to export a client config based on the VPN server configuration?
Generally the Debian guide explains and gives examples about how to setup both sides: https://wiki.debian.org/OpenVPN
A SSH tunnel is an alternative, but a VPN will be generally more secure, easier to be forced for all network requests on the client and faster (AFAIK) since it can be used with UDP protocol as well.
Re: VPN client for DietPi
OK… I figured out how to get OpenVPN Client setup for DietPi.
Step 1
Set up your OpenVPN Server
Step 2
Login as root on to your DietPi
Step 3 Type-
apt-get update
Step 4 Type-
apt-get install openvpn
Step 5 – Configure the OpenVPN Client
In /etc/openvpn/ create a new text file named – (Your sever name).ovpn
Paste this text in - PLEASE MAKE CHANGES-----
## How to setup OpenVPN client?
## 1. Install OpenVPN software on your platform.
## 2. Double click XXXX.ovpn file to create new connection profile.
## 3. Type username and password while connection.
client
dev tun
script-security 3
remote (YOUR IP ADDRESS X.X.X.X) 1194
resolv-retry infinite
nobind
auth-nocache
auth-user-pass
remote-cert-tls server
reneg-sec 0
cipher AES-128-CBC
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA
comp-lzo
proto udp
explicit-exit-notify 1
<ca>
-----BEGIN CERTIFICATE-----
(THIS IS LOCATED ON YOUR SERVER CALLED YOURSERVERNAME.CA)
-----END CERTIFICATE-----
</ca>
Step 6
Copy your CA from the server to the client
On the client - located at - /etc/openvpn/client/
Step 7 Type-
service openvpn restart
Step 8 (Just to make sure you have connectivity on both sides)
On the client, try and ping your server
Step 9 Type-
openvpn --config clientname.ovpn
Step 10
Enter your user name and password
Step 11
When OpenVPN shows the message “Initialization Sequence Completed“, then you are connected.
Step 1
Set up your OpenVPN Server
Step 2
Login as root on to your DietPi
Step 3 Type-
apt-get update
Step 4 Type-
apt-get install openvpn
Step 5 – Configure the OpenVPN Client
In /etc/openvpn/ create a new text file named – (Your sever name).ovpn
Paste this text in - PLEASE MAKE CHANGES-----
## How to setup OpenVPN client?
## 1. Install OpenVPN software on your platform.
## 2. Double click XXXX.ovpn file to create new connection profile.
## 3. Type username and password while connection.
client
dev tun
script-security 3
remote (YOUR IP ADDRESS X.X.X.X) 1194
resolv-retry infinite
nobind
auth-nocache
auth-user-pass
remote-cert-tls server
reneg-sec 0
cipher AES-128-CBC
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA
comp-lzo
proto udp
explicit-exit-notify 1
<ca>
-----BEGIN CERTIFICATE-----
(THIS IS LOCATED ON YOUR SERVER CALLED YOURSERVERNAME.CA)
-----END CERTIFICATE-----
</ca>
Step 6
Copy your CA from the server to the client
On the client - located at - /etc/openvpn/client/
Step 7 Type-
service openvpn restart
Step 8 (Just to make sure you have connectivity on both sides)
On the client, try and ping your server
Step 9 Type-
openvpn --config clientname.ovpn
Step 10
Enter your user name and password
Step 11
When OpenVPN shows the message “Initialization Sequence Completed“, then you are connected.
Last edited by JRaducha on Thu May 30, 2019 12:13 am, edited 2 times in total.
Re: VPN client for DietPi
@JRaducha
Many thanks for providing your solution. Jep looks good.
I am still thinking if OpenVPN ships a command to create a client config directly from the server
. Will check this out.
Many thanks for providing your solution. Jep looks good.
I am still thinking if OpenVPN ships a command to create a client config directly from the server
. Will check this out.Re: VPN client for DietPi
It does, but I could not get it to work properly.
How to configure the client via command line - At least this is how it was explained to me.
OpenVPN server creates certificates for each VPN client machine. These certificates should be available on the client computer at the /etc/openvpn directory. Normally, we use the scp command and copy these files from the OpenVPN server to the machine.
# scp [email protected]:/etc/openvpn/clients/clientname.tar.gz
# tar -xzvf clientname.tar.gz
This would fetch all the client certificates from the OpenVPN server.
Going further, we would then copy the OpenVPN configuration file using the command:
# cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn
Now, on the client machine it’s time to make a few edits in the client specific configuration file at /etc/openvpn/client.conf.
Here, we set the address of the OpenVPN server, the port configured on the OpenVPN server and the actual name of the certificate and key file names. Usually, the OpenVPN port will be 1194.