OpenVPN Bacula Configuration

With the very affordable VPS and Cloud Computing values available today, you can install a remote Bacula and configure an OpenVPN to directly back up local clients behind Firewalls and NATs more easily and securely.

For this we will consider that we have a CentOS 7 server with a fixed ip and with a tun0 interface enabled and with Bacula Enterprise installed and configured.

1. On the Bacula Server, download the VPN installation script and give execute permission

wget -c http://www.bacula.lat/wp-content/uploads/2018/08/openvpn-install.txt -O /usr/local/bin/openvpn-install.sh
chmod a+x /usr/local/bin/openvpn-install.sh

Run the script to start the installation and leave the default options.

The IP address must be the public IP as this is the address that clients use to connect.

/usr/local/bin/openvpn-install.sh

Welcome to this OpenVPN "road warrior" installer!

I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.

First, provide the IPv4 address of the network interface you want OpenVPN
listening to.
IP address: XXX.XXX.XXX.XXX

Which protocol do you want for OpenVPN connections?
1) UDP (recommended)
2) TCP
Protocol [1-2]: 1

What port do you want OpenVPN listening to?
Port: 1194

Okay, that was all I needed. We are ready to set up your OpenVPN server now.
Press any key to continue...

Finished!

Now you need to run the script again to add or remove clients!

2) Run the script again for client creation

The message below only appears when the OpenVPN server is configured.

Select the “1) Add a new user” option.

For a standardization it is interesting to use the same name of the client in the bacula.

For example: linux-fd, windows-fd, etc.

* In the client’s name do not enter spaces or special characters.

Looks like OpenVPN is already installed.

What do you want to do?
1) Add a new user
2) Revoke an existing user
3) Remove OpenVPN
4) Exit
Select an option [1-4]: 1

Tell me a name for the client certificate.
Please, use one word only, no special characters.
Client name: cliente1-fd

The client configuration file will be saved in: /etc/openvpn/ client with the client name and extension “.ovpn”.

Copy this file to the client machine where FileDaemon is installed.

3) By default OpenVPN configures the VPN network band with the following band: 10.8.0.0/24 and makes the addresses available to clients via DHCP

The OpenVPN server will always reserve the first address of this band for the IP of the server itself, in case 10.8.0.1, and from the second to the next to last address will be made available to the clients.

So after configuring the client it is interesting to define a fixed IP for the clients, because with DHCP it can vary and Bacula can not connect. So basically “client1-fd” will have the address 10.8.0.2, “client2-fd” address 10.8.0.3 and so on.

Create a file inside the “/etc/openvpn/ccd/” directory with the same client name as you previously created (no extension at all) and add the following content:

echo "ifconfig-push 10.8.0.2 255.255.255.0" > /etc/openvpn/ccd/cliente1-fd

Where “10.8.0.2” is the ip address of client1. Change according to customer.

4) Linux Client Installation and Configuration

OpenVPN Installation

Debian/Ubuntu
apt-get install openvpn openssl ca-certificates

CentOS/Red Hat
yum -f install openvpn iptables openssl ca-certificates

Take the client file (client1-fd.ovpn) and save it to /etc/openvpn/ with the name “client.conf”.

Enter the commands below to enable automatic startup of vpn and start the service.

systemctl enable openvpn@client
systemctl start openvpn@client

If everything happens correctly you can enter the command “ipconfig” or “ip address” that will show a “tun0”.

root@bacula:/# ifonfig
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.2 netmask 255.255.255.0 destination 10.8.0.10
inet6 fe80::106b:617a:2c2:6e81 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (Não Especificado)
RX packets 29 bytes 2436 (2.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 37 bytes 2820 (2.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

You can also ping the OpenVPN server address.

root@bacula:/# ping 10.8.0.1
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=189 ms
64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=187 ms
64 bytes from 10.8.0.1: icmp_seq=3 ttl=64 time=181 ms
64 bytes from 10.8.0.1: icmp_seq=4 ttl=64 time=183 ms

4) Windows Client Installation and Configuration

Access the address https://openvpn.net/index.php/download/community-downloads.html and download the latest available EXE version.

Once installed, you need to copy the client file (client1-fd.ovpn) to the “C:Program FilesOpenVPNconfig” directory and access the Windows services “services.msc”.

It is to exist 3 OpenVPN services:

  • OpenVPNService
  • OpenVPNServiceLegacy
  • OpenVPNServiceInteractive

Right click on the first service (OpenVPNService), select properties and change the startup type to “automatic” and also start the service.

With this, OpenVPN will start automatically during system startup and connect to the VPN.

6) Bacula Configuration

With VPN configured on both the Server and the client, you need to change the IP of the Bacula Storage Daemon to the OpenVPN Server address (Or create a new Storage) and configure a Client, Job, and FileSet.

Configuration example:

# bacula-sd.conf
Storage {
   Name = "File1"
   Address = 10.8.0.1
   Autochanger = "File1"
   Device = "FileChgr1"
   MaximumConcurrentJobs = 10
   MediaType = "File1"
   Password = "15hMBwwAtL984OA6fEmgCfdrejw3CYlXONKPe/orpcQ6"
   SdPort = 9103
}


Client {
   Name = "client1-fd"
   Address = 10.8.0.2
   AutoPrune = no
   Catalog = "MyCatalog"
   FileRetention = 31536000
   JobRetention = 31536000
   MaximumConcurrentJobs = 5
   Password = "8UswWEjIiXN68yoUtxxIw1tdWygOxxq5t"
}

Job {
   Name = "Backup_Client1"
   Type = "Backup"
   Client = "client1-fd"
   Fileset = "FileSet_Client1"
   JobDefs = "DefaultJob"
   Messages = "Standard"
   Pool = "File"
   Schedule = "WeeklyCycle"
   Storage = "File1"
}

Fileset {
   Name = "FileSet_Client1"
   EnableVss = no
   Include {
      Options {
         Compression = Gzip6
         Signature = Md5
      }
      File = "/usr/sbin/"
   }
}

With the configured client you can execute a client status:

[root@bacula]# bconsole
Connecting to Director localhost:9101
1000 OK: 10002 bacula-dir Version: 10.0.2 (30 May 2018)
Enter a period to cancel a command.
*status client=client1-fd
Connecting to Client client1-fd at 10.8.0.2:9102

client1-fd Version: 10.0.2 (30 May 2018) x86_64-pc-linux-gnu-bacula-enterprise debian 9.0
Daemon started 28-jul-18 20:35. Jobs: run=1 running=0.
Heap: heap=266,240 smbytes=4,837,726 max_bytes=5,141,688 bufs=172 max_bufs=213
Sizes: boffset_t=8 size_t=8 debug=0 trace=0 mode=0,2010 bwlimit=0kB/s
Plugin: bpipe-fd.so

Running Jobs:
No Jobs running.
====

Terminated Jobs:
JobId Level Files Bytes Status Finished Name
=======================================================================
*

And perform a Backup Job:

bacula-dir JobId 13: Start Backup JobId 13, Job=Backup_Client1.2018-07-28_19.36.21_37
bacula-dir JobId 13: Using Device "FileChgr1-Dev1" to write.
bacula-dir JobId 13: Created new Volume="Vol-0001", Pool="File", MediaType="File1" in catalog.
bacula-sd JobId 13: Labeled new Volume "Vol-0001" on File device "FileChgr1-Dev1" (/tmp).
bacula-sd JobId 13: Wrote label to prelabeled Volume "Vol-0009" on File device "FileChgr1-Dev1" (/tmp)
bacula-sd JobId 13: Elapsed time=00:17:25, Transfer rate=25.38 K Bytes/second
bacula-sd JobId 13: Sending spooled attrs to the Director. Despooling 30,919 bytes ...
bacula-dir JobId 13: Bacula Enterprise bacula-dir 10.0.2 (30May18):
Build OS: x86_64-redhat-linux-gnu-bacula-enterprise redhat
JobId: 13
Job: Backup_Client1.2018-07-28_19.36.21_37
Backup Level: Full
Client: "client1-fd" 10.0.2 (30May18) x86_64-pc-linux-gnu-bacula-enterprise,debian,9.0
FileSet: "FileSet_Client1" 2018-07-28 19:30:35
Pool: "File" (From Job resource)
Catalog: "MyCatalog" (From Client resource)
Storage: "File1" (From Job resource)
Scheduled time: 28-Jul-2018 19:36:20
Start time: 28-Jul-2018 19:36:28
End time: 28-Jul-2018 19:53:53
Elapsed time: 17 mins 25 secs
Priority: 10
FD Files Written: 150
SD Files Written: 150
FD Bytes Written: 26,510,195 (26.51 MB)
SD Bytes Written: 26,525,714 (26.52 MB)
Rate: 25.4 KB/s
Software Compression: 67.5% 3.1:1
Comm Line Compression: 0.7% 1.0:1
Snapshot/VSS: no
Encryption: no
Accurate: no
Volume name(s): Vol-0001
Volume Session Id: 5
Volume Session Time: 1532387762
Last Volume Bytes: 26,560,522 (26.56 MB)
Non-fatal FD errors: 0
SD Errors: 0
FD termination status: OK
SD termination status: OK
Termination: Backup OK

Disponível em: pt-brPortuguês (Portuguese (Brazil)) enEnglish esEspañol (Spanish)

Leave a Reply

Close Menu