Creating the Simplest VPN Example

The following example creates a point-to-point VPN tunnel. It demonstrates how to create a VPN tunnel between one client and a server. It is assumed that your VPN server will use private IP addresses like 10.23.8.1 and your client the IP address 10.23.8.2. You can modify these private IP addresses to your needs but make sure you select addresses which do not conflict with other IP addresses.

[Warning]Use It Only For Testing

This scenario is only useful for testing and is considered as an example to get familiar with VPN. Do not use this as a real world scenario to connect as it can compromise your security and the safety of your IT infrastructure!

Configuring the VPN Server

To configure a VPN server, do the following:

  1. Install the package openvpn on the machine that will later become your VPN server.

  2. Open a shell, become root and create the VPN secret key:

    openvpn --genkey --secret /etc/openvpn/secret.key
  3. Copy the secret key to your client:

    scp /etc/openvpn/secret.key root@10.23.8.2:/etc/openvpn/
  4. Create the file /etc/openvpn/server.conf with the following content:

    dev tun
    ifconfig 10.23.8.1 10.23.8.2
    secret secret.key
  5. Start the YaST firewall module and open UDP port 1194.

  6. Start the OpenVPN service as root:

    rcopenvpn start

Configuring the VPN Client

To configure the VPN client, do the following:

  1. Install the package openvpn on your client VPN machine.

  2. Create /etc/openvpn/server.conf with the following content:

    remote IP_OF_SERVER 
    dev tun
    ifconfig 10.23.8.2 10.23.8.1
    secret secret.key

    Replace the placeholder IP_OF_SERVER in the first line with either the domain name, or the public IP address of your server.

  3. Start the OpenVPN service as root:

    rcopenvpn start

Testing the VPN Example

After the OpenVPN is successfully started, test if the tun device is available. You can do so with the following command:

ifconfig tun0

To verify the VPN connection, use ping on both client and server to see if you can reach each other. Ping server from client:

ping 10.23.8.1

Ping client from server:

ping 10.23.8.2