Basic network (IV)

Point-to-point network with a TUN device

We will now create an OpenVPN network directly in the command line. Whenever we create an OpenVPN network the server will be on the X.X.X.1 IP address and the clients will be on the X.X.X.2, X.X.X.3, etc. addresses.

In this case we are going to create a point-to-point network with the server on the 10.200.0.1 and the client on the 10.200.0.2 address.

Server

(server)_$: sudo openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun
Fri Nov 20 16:37:05 2015 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
Fri Nov 20 16:37:05 2015 ******* WARNING *******: all encryption and authentication features disabled -- all data will be tunnelled as cleartext
Fri Nov 20 16:37:05 2015 TUN/TAP device tun0 opened
Fri Nov 20 16:37:05 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Nov 20 16:37:05 2015 /sbin/ip link set dev tun0 up mtu 1500
Fri Nov 20 16:37:05 2015 /sbin/ip addr add dev tun0 local 10.200.0.1 peer 10.200.0.2
Fri Nov 20 16:37:05 2015 UDPv4 link local (bound): [undef]
Fri Nov 20 16:37:05 2015 UDPv4 link remote: [undef]
...
Fri Nov 20 16:37:42 2015 Peer Connection Initiated with [AF_INET]80.26.91.232:1194
Fri Nov 20 16:37:42 2015 Initialization Sequence Completed

Client

It might take a little bit till the Initialization Sequence Completed appears. Be patient.

(client)_$: sudo openvpn --ifconfig 10.200.0.2 10.200.0.1 --dev tun --remote <server IP address>
Fri Nov 20 16:37:31 2015 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
Fri Nov 20 16:37:31 2015 ******* WARNING *******: all encryption and authentication features disabled -- all data will be tunnelled as cleartext
Fri Nov 20 16:37:31 2015 TUN/TAP device tun0 opened
Fri Nov 20 16:37:31 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Nov 20 16:37:31 2015 /sbin/ip link set dev tun0 up mtu 1500
Fri Nov 20 16:37:31 2015 /sbin/ip addr add dev tun0 local 10.200.0.2 peer 10.200.0.1
Fri Nov 20 16:37:31 2015 UDPv4 link local (bound): [undef]
Fri Nov 20 16:37:31 2015 UDPv4 link remote: [AF_INET]82.223.28.183:1194
...
Fri Nov 20 16:37:42 2015 Peer Connection Initiated with [AF_INET]82.223.28.183:1194
Fri Nov 20 16:37:43 2015 Initialization Sequence Completed

Check

To check the network we just created we need to open another shell (or tab) both in the server and in the client to test they can communicate with each other.

Ping the client from the server:

(server)_$: ping 10.200.0.2
PING 10.200.0.2 (10.200.0.2) 56(84) bytes of data.
64 bytes from 10.200.0.2: icmp_seq=1 ttl=64 time=26.2 ms
64 bytes from 10.200.0.2: icmp_seq=2 ttl=64 time=26.4 ms
64 bytes from 10.200.0.2: icmp_seq=3 ttl=64 time=26.3 ms
^C
--- 10.200.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 26.241/26.344/26.425/0.076 ms

Ping the server from the client:

(client)_$: ping 10.200.0.1
PING 10.200.0.1 (10.200.0.1) 56(84) bytes of data.
64 bytes from 10.200.0.1: icmp_seq=1 ttl=64 time=26.5 ms
64 bytes from 10.200.0.1: icmp_seq=2 ttl=64 time=26.6 ms
64 bytes from 10.200.0.1: icmp_seq=3 ttl=64 time=26.4 ms
^C
--- 10.200.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 26.405/26.525/26.603/0.086 ms

Stop the point-to-point network

If it is working, stop [Ctrl + C] both openvpn processes. We will learn how to do it automatically in the next step.