Building the VPN node configuration... Restarting OpenVPN server... Retrieving the local vpn server ip... Trying to deploy the VPN configuration on the remote Sheriff appliance... An error occurred while establishing the vpn tunnel: Currently there is no connectivity with the remote Sheriff appliance. The steps to deploy the VPN client manually are the following: * A new VPN configuration file has been created for the remote Sheriff appliance at: /etc/openvpn/nodes/[client_IP].tar.gz. * Copy this configuration file to the remote Sheriff appliance * Extract the configuration file: /bin/tar zxf [client_IP].tar.gz -C /tmp/ * Move the VPN client configuration file to the OpenVPN folder: cp -arf /tmp/etc/openvpn/nodes/* /etc/openvpn/; mv /etc/openvpn/[client_IP]/*.conf /etc/openvpn/ * Fire the configuration triggers: dpkg-trigger --no-await Sheriff-network-vpn-net-client; dpkg --pending --configure * Clean up: rm -rf /tmp/etc * Finally, once the VPN connection has been established, please add the remote Sheriff appliance from the Configuration > Deployment menu option on the web UI Press [Enter] to continueThis creates a configuration file instead. And you must configure the VPN client manually, as described here. To configure the VPN client through the command line
Transfer the VPN configuration file to the VPN client manually:
/etc/openvpn/nodes/
and locate the <client_IP>.tar.gz
file, where <client_IP>
is the VPN client IP address you specified in step 4 when creating the VPN client.
scp
, or a similarly secure copy method, transfer the <client_IP>.tar.gz
file to the VPN client and place it in /etc/sheriff/network/.
Exit
to return to the Sheriff Setup main menu.
Configuring the tunnel on the VPN client:
SSH
to the VPN client.
The system extracts from the configuration file to build a tunnel.
VPN server | VPN client | |
---|---|---|
Private IP | 192.168.0.1 | 172.16.20.56 |
Public IP | 88.132.33.11 | 145.156.44.33 |
145.156.44.33
. Extract the resulting /etc/openvpn/nodes/145.156.44.33.tar.gz
file and locate the VPN client configuration file, 145.156.44.33.conf.
Observe that the private IP address of the VPN server (192.168.0.1
) is added instead of the public IP address, as indicated in line 4 below:
client dev tun proto tcp remote 192.168.0.1 33800 resolv-retry infinite nobind user nobody group nogroup verb 3 ca /etc/openvpn/145.156.44.33/ca.crt cert /etc/openvpn/145.156.44.33/145.156.44.33.crt key /etc/openvpn/145.156.44.33/145.156.44.33.key script-security 2 system up "/etc/init.d/fprobe stop || true" comp-lzo persist-key persist-tunThis causes the VPN tunnel not be established. Changing the IP address to
88.132.33.11
in the file above resolves this issue.