< ^ txt
Sat Jan 13 16:07:02 EST 2018
Stayed up very late last night binge-watching some mediocre cop show, and slept very late this morning.
Mostly sunny today. High of sixteen.
Home:
- Set up VPN on Nanook
Done.
- Finish cleaning apartment
Done.
- Paint Warhammer 40k minis
No, not enough light by the time I got around to it.
--- nanook ~ $ sudo apt-get install openvpn
--- nanook ~ $ cd /tmp/
--- nanook tmp $ wget https://downloads.example.com/configs/archives/servers/ovpn.zip
--- nanook tmp $ unzip ovpn.zip
--- nanook tmp $ sudo mv /tmp/ovpn_* /etc/openvpn/
--- nanook tmp $ sudo chown -R root:root /etc/openvpn/ovpn_*
--- nanook ~ $ touch ~/etc/vpn-secret.txt
--- nanook ~ $ chmod 0600 ~/etc/nordvpn-secret.txt
--- nanook ~ $ vim ~/etc/nordvpn-secret.txt
The secret file should have a line for the username and another for the password.
See `--auth-user-pass` option in `openvpn(8)`.
--- nanook ~ $ vim ~/bin/vpn
#!/bin/sh
sudo openvpn --config /etc/openvpn/ovpn_udp/99.example.com.udp.ovpn --auth-user-pass "$HOME"/etc/nordvpn-secret.txt
--- nanook ~ $ chmod 0700 ~/bin/vpn
That works. We can run ~/bin/vpn to establish the VPN.
But we want it to start at boot, and run supervised.
I suspect there's a more correct way to do this, but the following works.
--- nanook ~ $ sudo vim /etc/systemd/system/vpn.service
[Unit]
Description=OpenVPN
Wants=network.target
After=network.target
[Service]
Type=simple
User=paulgorman
Group=paulgorman
PermissionsStartOnly=true
ExecStart=/home/paulgorman/bin/vpn
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
--- nanook ~ $ systemctl daemon-reload
--- nanook ~ $ sudo systemctl enable vpn
--- nanook ~ $ sudo systemctl start vpn
Mopped kitchen and bathroom, vacuumed, watered plants, put away laundry, tidied, washed dishes.
Tried to set up guest wifi networks on the MicroTik, but it's not quite there.
Lunch: coffee, macaroni
Dinner: chicken pot pie
< ^ txt