Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora Resources > Guides & Solutions (Not For Questions)
FedoraForum Search

Forgot Password? Join Us!

Guides & Solutions (Not For Questions) Post your guides here (No links to Blogs accepted). You can also append your comments/questions to a guide, but don't start a new thread to ask a question. Use another forum for that.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 20th December 2016, 11:25 AM
User808 Offline
Registered User
 
Join Date: Aug 2016
Location: Iraq
Posts: 535
linuxfedorafirefox
Universal Guide for VPN Connection, via OpenVPN, using Terminal

Note: what be colored in this guide by BLUE COLOR are variables determined either by your VPN service provider, like name of VPN .zip file that contain VPN configuration & certificate files; OR determine by you, like name of .txt file that you will save your VPN credentials.

How to install OpenVPN & download your VPN service provider's configuration + certificate files inside it via command line:
================================================== ============================

- Open a terminal window and do the following steps:

- install OpenVPN, if not already installed by default, using following command:

Quote:
sudo dnf install openvpn
- Change to the /etc/openvpn directory with the following command:

Quote:
cd /etc/openvpn
- Download from your VPN server provider the .zip file that contain the configuration and the certificate files -[suppose your VPN service provider names it vpnconfiguration.zip]- using either:

sudo wget {URL}
or
sudo curl command

- Install unzip, if not already installed by default, to decompress the file with the following command:

Quote:
sudo dnf install unzip
- Decompress the vpnconfiguration.zip file with the following command:

Quote:
sudo unzip vpnconfiguration.zip
- Remove vpnconfiguration.zip file which no longer used:

Quote:
sudo rm vpnconfiguration.zip
- List the contents of the directory (see a list of the server config files) with the following command:

Quote:
ls -l
- Start a connection to the VPN with openvpn and the chosen config file with the following command:

Quote:
sudo openvpn 'config-filename.ovpn'
Example:
Quote:
sudo openvpn 'Netherlands.ovpn'
Wait for the connection sequence to finish. Once the connection has been established successfully, you should see something like the screenshot below (Initialization Sequence Completed).

---

After you do the above steps once please follow the next steps to connect when you want to:

How to connect to VPN via OpenVPN within a terminal window
================================================== ======

- Open a terminal window and do the following steps to connect to VPN via OpenVPN

- Change to the /etc/openvpn directory with the following command:

Quote:
cd /etc/openvpn
- List the contents of the directory (see a list of the server config files) with the following command:

Quote:
ls -l
- Start a connection to the VPN with openvpn and the chosen config file with the following command:

Quote:
sudo openvpn 'config-filename.ovpn'
Example:
Quote:
sudo openvpn 'Netherlands.ovpn'
Wait for the connection sequence to finish. Once the connection has been established successfully, you should see something like the screenshot below (Initialization Sequence Completed).

Note: For the VPN to be active, the Terminal window must stay active/open. It can be minimized—just don’t close it!
To disconnect, press “Ctrl” then, while still pressing “Ctrl”, click “C”

Note: You can stop VPN by using following command:

Quote:
sudo service openvpn stop
This command will disconnect VPN by stop OpenVPN itself.
If you use it, you can not re-connect to VPN unless you 1st re-enabling OpenVPN, before applying steps that used to reconnect to VPN. You can re-enable OpenVPN by following command:

Quote:
sudo service openvpn start
-------------------------------
Note: to remove all configuration files from openvpn directory use:

Quote:
cd /etc/openvpn
Quote:
sudo rm -i *
Please notice that you are recommended, in this step, to use "-i" option with rm command, as written above, because we dial with important files. By this you will be asked before delete every file. This minimize risk of delete something that shouldn't deleted.
------------------------------


Saving VPN Credentials:
===================

- To put our VPN credentials in a file. We’ll put this file in /etc/openvpn; the format is simple -1st line is your username, 2nd line is your password:

1st enter to /etc/openvpn by cd /etc/openvpn then create a new file, let we name it for ex: credentials, with your VPN username:

Quote:
$ echo -e "yourusername" | sudo tee -a credentials.txt
Next, append the password:

Quote:
$ echo -e "yourpassword" | sudo tee -a credentials.txt
Because this file has sensitive information, let’s make sure it has the right permissions to protect it:

Quote:
sudo chown root:root credentials.txt
Quote:
sudo chmod 400 credentials.txt
Next, we need the OpenVPN configuration files to use these credentials. We have to Edit VPN configuration files to set ‘auth-user-pass’ to reference credentials.txt file by following commands:

Quote:
sudo sed -i -e 's/auth-user-pass.*/auth-user-pass credentials.txt/' *.ovpn
or, alternatively, we can run – for same purpose – the following command:

Quote:
sudo sed -i "s/auth-user-pass/auth-user-pass credentials.txt/g" *.ovpn
The period, ".", in the first command matches any character, and the asterisk, "*", causes the match to continue for zero or more occurrences of any character to the end of the line. So the first command causes any line that starts with "auth-user-pass" to be replaced by "auth-user-pass credentials.txt". All text after "auth-user-pass" is discarded. The second command causes "credentials.txt" to be appended after "auth-user-pass" leaving the rest of the line intact.

To be more secure, we’ll also tell OpenVPN not to cache the credentials in virtual memory by appending the ‘auth-nocache’ option right after ‘auth-user-pass’ in your VPN configuration files.:

Quote:
sudo sed -i -e '/auth-user-pass credentials.txt/a auth-nocache' *.ovpn
Note: enforcing "auth-nocache" option does not really improve your security, & it does not close security leaks. Should a hacker have access to your RAM or pagefile already, your VPN password is the last thing you should worry about.

Last edited by User808; 23rd April 2017 at 06:29 PM.
Reply With Quote
  #2  
Old 26th December 2016, 12:19 PM
User808 Offline
Registered User
 
Join Date: Aug 2016
Location: Iraq
Posts: 535
linuxfedorafirefox
Re: Universal Guide to Connect to VPN via Terminal

Next step: if you are lazy & like to avoid retype:

$ cd /etc/openvpn
$ sudo openvpn 'config-filename.ovpn'

each time you connect or change location, then you can use one of following 2 scripts:

1) if you are JUST LAZY use following script:

Quote:
#! /bin/bash
cd /etc/openvpn
sudo openvpn "${1}.ovpn"
sudo -k
Name this script by short name like vpn.sh
Using short name for this script is the key point to achieve aim from it (ease of use from)
Now all what you need to connect to your vpn is typing in terminal:

Quote:
$ vpn.sh "config-filename"
Notes:
- do not include extension of config-filename, that is to say, do not include .ovpn If you include .ovpn then you will failed to connect to VPN
- if your config-filename composed from only one word, like Austria.ovpn, so no need to put it between " ". So, all what you need to type in terminal:

Quote:
$ vpn.sh Austria
- if your config-filename composed from more than one word, like Russia Skhalin.ovpn, then you MUST put it between " " as such as:

Quote:
$ vpn.sh "Russia Skhalin"
Advantages of this script:
- it is simple, short & easy to written, thus,
- it is not time consuming when written

Disadvantages of this script:
- it necessitates to write FULL config-falename (you can not abrivate it further), thus,
- it does not make you able to shorten, what you needed to type in terminal to connect to VPN, for extreme degree

-----------------------------------------

2) if you are, like me, VERY LAZY use the following script (an example composed from 6 rules for 6 locations - increase rules if you have more):

Quote:
#! /bin/bash
cd /etc/openvpn

rulesuk(){
sudo openvpn 'England.ovpn'
sudo -k
}

rulesat(){
sudo openvpn 'Austria.ovpn'
sudo -k
}

rulesRUmo(){
sudo openvpn 'Russia Moscow.ovpn'
sudo -k
}

rulesRUsk(){
sudo openvpn 'Russia Skhalin.ovpn'
sudo -k
}

rulesza(){
sudo openvpn 'South Africa.ovpn'
sudo -k
}

ruleseg(){
sudo openvpn 'Egypte.ovpn'
sudo -k
}

rules${1}
- What I put it in RED COLOR in the above script, must be exactly the same as your VPN configuration files' names.
- What I put it in BLUE COLOR in the above script are variables' names you are free to change them to what you like.
(PLEASE NOTICE THAT THESE COLOR THAT I USED IN ABOVE SCRIPT HAVE NO ANY RELATION WITH COLORS THAT APPEARED BY YOUR TEXT EDITOR WHEN YOU WRITING SCRIPT)

Name this script by short name like vpn.sh
Using short name for this script is the key point to achieve aim from it (ease of use from)

Disadvantage of this script: if you have many locations, like me which have 50 locations, then this script will be long & consume time to write it.

Advantages of this script: allow you to make connection to VPN via terminal very easy by using very short command. The key point for this is rules variables (rules names). For me I use following approach: if config-filename composed from one word (or even if composed from more than 1 word but refer to name of country, like South Africa) then I use for it's rule the Internet top-level domain's code for that country & use it in small case, like uk for England or za for South Africa.

For more details about Internet top-level domains' codes for various countries vist these 2 links:
https://en.wikipedia.org/wiki/List_o...-level_domains
&
http://www.domainsherpa.com/country-...level-domains/

If config-filename composed from more that 2 word, 1st word refer to country & remaining word(s) refer to special zone within that country like Russia Skhalin, then I use, as a name for it's rule, Internet top-level domain's code for that country IN UPPER CASE followed immidetly by 1st+2nd laters of name of zone area in small case, like RUmo or RUsk. If zone area have a special abbreviation like NY for New York, then you can use USny as a rules name.
In this case, all what you need to connect to VPN, is typing in terminal:

Quote:
$ vpn.sh uk
or

Quote:
$ vpn.sh RUsk
As such as will be easy! Enjoy!

For how to achieve Internet Kill Switch + IPv6 leak protection for your VPN, visit the following link:
http://www.forums.fedoraforum.org/sh...d.php?t=312722

I wish that I give some thing real for this kind dear forum, as it gave me - & still giving me - many valiable help.

---------------------------------

Special thanks for srakitnican & dd_wizard, members in this lovely forum, for their kind help in assistant me to create these scripts

Last edited by User808; 23rd April 2017 at 03:40 PM. Reason: Add "sudo -k" at end of each set of rules to enhanced security by immediate closing of sudo's power after it's use.
Reply With Quote
Reply

Tags
connect, guide, terminal, universal, vpn

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't connect to internet through terminal. GroogFish Linux Chat 1 15th February 2011 09:06 PM
Connect to remote machine via terminal ScottDolan Using Fedora 6 19th May 2010 09:00 PM
How to connect to internet through the terminal naughtysriram Servers & Networking 4 18th March 2009 03:04 PM
connect to wireless from terminal Alphonse86 Servers & Networking 9 2nd January 2009 09:35 AM
need to connect to w2k Terminal Services and need telnet. consumed Using Fedora 2 7th April 2006 03:31 PM


Current GMT-time: 01:02 (Sunday, 28-05-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat