This is a streamlined installer for the PiVPN project targeting ArdexaLinux and ArdexaTunnel.
PiVPN actually uses a generic suite of tools, so will work on any Debian-based operating system and architecture.
You MUST give your ArdexaLinux machine a Static IP address before attempting to setup Ardexa VPN. Please refer to the Ardexa Central documentation for details on how to do this: https://ardexa.zendesk.com/hc/en-us/articles/360000328335
The structure of this file is very strict.
For Windows users, please use a modern text editor. We recommend
- Atom: https://atom.io
- Notepad++
- Sublime Text
- VS Code
- DO NOT Use spaces anywhere
- DO NOT Change the character encoding (ASCII or UTF8 only)
- DO NOT Change the line endings (Windows users will need to be careful)
Replace __IFACE__ with the Ardexa Linux interface name you wish to use with
the VPN. To get a list of interface names, run ip a via the REMOTE SHELL.
Replace __STATIC_IP__ with the Static IP assigned to your chosen __IFACE__.
ip a will provide you with this IP address, or use the NETWORK tab on the
DEVICES page of the Ardexa Web App.
Using REMOTE SHELL, run
mkdir /etc/pivpn/
Using SEND FILES, transfer the following files
- dir:
/etc/pivpnfile:setupVars.conf - dir
/tmpfile:setup-ardexa-vpn
Using REMOTE SHELL, run
chmod +x /tmp/setup-ardexa-vpn
Make sure ufw is enabled
ufw status
If this reports inactive, run the following command
ufw enable
And then check the status again.
Launch the install script using REMOTE SHELL. The whole process should take no more than a few minutes, depending on your connection speed
/tmp/setup-ardexa-vpn
Once the installation is complete, there are some final tweaks required before you can start issuing keys.
Using REMOTE SHELL, run:
echo route-nopull >> /etc/openvpn/easy-rsa/pki/Default.txt
Update the following command, replacing the variables to match your site configuration, and then run it using REMOTE SHELL
echo route $NETWORK_ADDR $SUBNET_MASK >> /etc/openvpn/easy-rsa/pki/Default.txt
Where $NETWORK_ADDR is the first address of the network range. For
example:
echo route 172.16.10.0 255.255.255.0 >> /etc/openvpn/easy-rsa/pki/Default.txt
The VPN is now ready for use. You can build an ovpn profile for use with any
OpenVPN client.
To create a new profile, run the following command. Replace name with the
name of the profile
pivpn add nopass -n name -d 1080
NB Please ignore any errors this returns.
Use GET FILES to download the new profile
/home/ardexa/ovpns/name.ovpn
We recommend the official OpenVPN client.
To install the OpenVPN Connect Client, follow the instructions here:
https://openvpn.net/client-connect-vpn-for-windows/
You will also need to have the ardexa-tunnel installed: https://ardexa.zendesk.com/hc/en-us/articles/360001052536-Installing-the-Tunnel-Client
- Browse to the TUNNEL tab for the device you are connecting to and enter
1194for both the Remote and Local Ports. Leave the IP as127.0.0.1 - Click
Copy to Clipboard - Paste the command into a command shell, run the command and then enter your Ardexa Web App password
- Once the Ardexa Tunnel is connected, then double-click the
ovpnfile you downloaded earlier to launch the OpenVPN Client - Check the box
Connect after importand then clickAdd
Your VPN is now connected and you can access any IP on the remote network as if you were connected directly!