IPredator OpenVPN Slackware Linux 14.1 setup

IPredator is a swedish VPN service offered with the stated goal of providing internet privacy.

This guide assumes a full Slackware Linux installation.
All certificates and configuration files are provided by IPredator.

Installing additional software

We’ll be using openresolv to avoid DNS leaks. DNS leaks happen when your DNS requests are routed through your ISP’s DNS servers, instead of those provided by the VPN provider.
Slackbuilds.org is providing a SlackBuild for openresolv here.

Download the SlackBuild but leave the source alone as it’s out of date. Extract openresolv.tar.gz and edit openresolv.SlackBuild by replacing the following line:

VERSION=${VERSION:-3.5.4} 
# with 
VERSION=${VERSION:-3.6.1 }

Download the source for openresolv 3.6.1 from this link and add it to the SlackBuild folder. Build openresolv with the command:

OPENVPN=yes ./openresolv.SlackBuild

(OPENVPN=yes tells the script to copy the update-resolv-conf file to /etc/openvpn folder during installation) Install the package with the command:

installpkg /tmp/openresolv-3.6.1-x86_64-1_SBo.tgz

Configuring OpenVPN.

You might just as well browse through the Debian guide at https://www.ipredator.se/guide/openvpn/debian/native as I’m mostly replicating those steps over here.

Head over to the IPredator site and download the IPredator-CLI-Password.conf. Edit IPredator-CLI-Password.conf and add the openresolv instructions just below the user authentication part like shown below:

# <snip>
auth-user-pass /etc/openvpn/IPredator.auth
auth-retry nointeract

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
# </snip>

Make sure the update-resolv-conf file actually resides under /etc/openvpn (remember the SlackBuild). If not then adjust accordingly.

Next, we’ll create the file containing our username and password for the service. It should only have two lines containing your username and password repectivly.

# Create the auth file
vi /etc/openvpn/IPredator.auth

# Add username and password
username
password

The last step of the configuration is moving the config files to /etc/openvpn and changing permissions.
Note that I’m renaming the IPredator-CLI-Password.conf to IPredator.conf to avoid mistaking the config file for the authentication file (it’s probably just me).

mv $HOME/Downloads/IPredator-CLI-Password.conf /etc/openvpn/IPredator.conf
mv $HOME/Downloads/IPredator.auth /etc/openvpn/IPredator.auth

chown root:root /etc/openvpn/IPredator.conf
chown root:root /etc/openvpn/IPredator.auth

chmod 400 /etc/openvpn/IPredator.conf
chmod 400 /etc/openvpn/IPredator.auth
chmod 755 /etc/openvpn/update-resolv-conf

The update-resolv-conf file will be updating /etc/resolv.conf with the correct DNS servers.

Testing the service.

Verify that the connection works as expected:

openvpn --config /etc/openvpn/IPredator.conf

Provided that everything worked as expected, we can now initiate OpenVPN from the commandline by issuing openvpn /etc/openvpn/IPredator.conf and killing it with ctrl+c. That works, but it’s neither reliable or user-friendly.
The Slackware way of controlling services is by using simple init scripts that resides in /etc/rc.d

There are a few unofficial rc.openvpn scripts available for Slackware, but they differ greatly in quality. Giancarlo Razzolini is the author of the rc.openvpn script I’ve adopted. This script had a couple of minor bugs, which is why I’ve modified it, but all credit goes to Mr. Razzolini.

Installing the rc.openvpn service script

# Create the rc.openvpn script
vi /etc/rc.d/rc.openvpn

Get the source from this link: rc.openvpn
Make the script executable with the command

chmod 755 /etc/rc.d/rc.openvpn

Usage:

/etc/rc.d/rc.openvpn start|status|stop|restart