paulgorman.org

< ^ txt

Sat Jan 13 16:07:02 EST 2018 Stayed up very late last night binge-watching some mediocre cop show, and slept very late this morning. Mostly sunny today. High of sixteen. Home: - Set up VPN on Nanook Done. - Finish cleaning apartment Done. - Paint Warhammer 40k minis No, not enough light by the time I got around to it. --- nanook ~ $ sudo apt-get install openvpn --- nanook ~ $ cd /tmp/ --- nanook tmp $ wget https://downloads.example.com/configs/archives/servers/ovpn.zip --- nanook tmp $ unzip ovpn.zip --- nanook tmp $ sudo mv /tmp/ovpn_* /etc/openvpn/ --- nanook tmp $ sudo chown -R root:root /etc/openvpn/ovpn_* --- nanook ~ $ touch ~/etc/vpn-secret.txt --- nanook ~ $ chmod 0600 ~/etc/nordvpn-secret.txt --- nanook ~ $ vim ~/etc/nordvpn-secret.txt The secret file should have a line for the username and another for the password. See `--auth-user-pass` option in `openvpn(8)`. --- nanook ~ $ vim ~/bin/vpn #!/bin/sh sudo openvpn --config /etc/openvpn/ovpn_udp/99.example.com.udp.ovpn --auth-user-pass "$HOME"/etc/nordvpn-secret.txt --- nanook ~ $ chmod 0700 ~/bin/vpn That works. We can run ~/bin/vpn to establish the VPN. But we want it to start at boot, and run supervised. I suspect there's a more correct way to do this, but the following works. --- nanook ~ $ sudo vim /etc/systemd/system/vpn.service [Unit] Description=OpenVPN Wants=network.target After=network.target [Service] Type=simple User=paulgorman Group=paulgorman PermissionsStartOnly=true ExecStart=/home/paulgorman/bin/vpn Restart=always RestartSec=5 [Install] WantedBy=multi-user.target --- nanook ~ $ systemctl daemon-reload --- nanook ~ $ sudo systemctl enable vpn --- nanook ~ $ sudo systemctl start vpn Mopped kitchen and bathroom, vacuumed, watered plants, put away laundry, tidied, washed dishes. Tried to set up guest wifi networks on the MicroTik, but it's not quite there. Lunch: coffee, macaroni Dinner: chicken pot pie

< ^ txt