Connection/Disconnection from an OpenVPN Client (CentOS)

About this task

To connect or disconnect the SSL-VPN Connection resource on IaaS from a PC where an OpenVPN client has been set up, follow the procedure below.

Procedure

  1. Starting up of an OpenVPN client

    Execute the following command to start the OpenVPN client:

    # /usr/sbin/openvpn /etc/openvpn/client.ovpn
  2. Authentication of HTTP proxy servers

    If an HTTP proxy server is involved when using an SSL-VPN connection, input the user name and password registered on the HTTP proxy server.

    Enter HTTP Proxy Username: <User name for the HTTP proxy server>
Enter HTTP Proxy Password: <Password for the HTTP proxy server>
  3. Authentication of a client private key

    When using an encrypted client private key, enter the password for the client private key.

    Enter Private Key Password: <Password for the client private key>
    Tip:

    Regarding client private key passwords

    • When using a self-signed certificate

      Use the password specified when converting the client certificate and the private key to the pkcs#12 format.

    • When using a client certificate that was downloaded from the K5 portal

      Use the password set for the certificate on the K5 portal.

  4. Checking of SSL-VPN connection status 
    [root@centos66 openvpn]# /usr/sbin/openvpn /etc/openvpn/client.ovpn & 
[1] 31279 
[root@centos66 openvpn]# Sat Nov 22 17:00:50 2014 OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 2013 
Sat Nov 22 17:00:50 2014 UDPv4 link local: [undef] 
Sat Nov 22 17:00:50 2014 UDPv4 link remote: [AF_INET]172.21.2.40:1194 
Sat Nov 22 17:00:50 2014 [server] Peer Connection Initiated with [AF_INET]172.21.2.40:1194 
Sat Nov 22 17:00:53 2014 TUN/TAP device tun0 opened 
Sat Nov 22 17:00:53 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 
Sat Nov 22 17:00:53 2014 /sbin/ip link set dev tun0 up mtu 1500 
Sat Nov 22 17:00:53 2014 /sbin/ip addr add dev tun0 local xxx.xxx.xxx.xxx peer yyy.yyy.yyy.yyy 
Sat Nov 22 17:00:53 2014 Initialization Sequence Completed

    Content to check:

    • 2nd line: Process number in which connection is executed. Used for disconnecting the SSL-VPN connection.
    • 10th line: Confirm that "peer yyy.yyy.yyy.yyy", which indicates that the peer address is allocated, is displayed.
    • 11th line: Confirm that "Completed", which notifies that startup has been completed, is output.

What to do next

To disconnect, input the following command to end the OpenVPN client process:

# pgrep openvpn
# kill [Process number]

or

# killall openvpn