Tweet
OpenVpn Package Installaion
write below commands on the terminal.
Certificate Authority Setup
To setup your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients first copy the easy-rsa directory to /etc/openvpn. This will ensure that any changes to the scripts will not be lost when the package is updated. From a terminal change to user root and:
Next, edit /etc/openvpn/easy-rsa/vars adjusting the following to your environment:
output as follows:
Enter the following to generate the master Certificate Authority (CA) certificate and key:
Server Certificates
Next, we will generate a certificate and private key for the server:
As in the previous step, most parameters can be defaulted. Two other queries require positive responses, "Sign the certificate? [y/n]" and "1 out of 1 certificate requests certified, commit? [y/n]".
Diffie Hellman parameters must be generated for the OpenVPN server:
All certificates and keys have been generated in the subdirectory keys/. Common practice is to copy them to /etc/openvpn/:
Client Certificates
The VPN client will also need a certificate to authenticate itself to the server. Usually you create a different certificate for each client. To create the certificate, enter the following in a terminal while being user root:
Copy the following files to the client using a secure method:
As the client certificates and keys are only required on the client machine, you should remove them from the server.
Transfer Method
Simple Server Configuration
Along with your OpenVPN installation you got these sample config files (and many more if if you check):
Start with copying and unpacking server.conf.gz to /etc/openvpn/server.conf.
Edit /etc/openvpn/server.conf to make sure the following lines are pointing to the certificates and keys you created in the section above.
Changing the following options to resemble and uncomment lines which are commented:
Restart OpenVpn:
Now check if OpenVPN created a tun0 interface:
Simple Client Configuration
Copy the example client configuration file:
Edit the client configuration file:
Change it to resemble:
note: Replace vpn.mycompany.com with the hostname of your VPN server, and hostname.* with the actual certificate and key filenames that correspond to the client.
Now start the OpenVPN client:
Check if it created a tun0 interface:
Check if you can ping the OpenVPN server:
First trouble shooting
If the above didn't work for you, check this:
Client software implementations
Linux Network-Manager GUI for OpenVPN
Many Linux distributions including Ubuntu desktop variants come with Network Manager, a nice GUI to configure your network settings. It also can manage your VPN connections. Make sure you have package network-manager-openvpn installed. Here you see that the installation installs all other required packages as well:
To inform network-manager about the new installed packages you will have to restart it:
Open the Network Manager GUI, select the VPN tab and then the 'Add' button. Select OpenVPN as the VPN type in the opening requester and press 'Create'. In the next window add the OpenVPN's server name as the 'Gateway', set 'Type' to 'Certificates (TLS)', point 'User Certificate' to your user certificate, 'CA Certificate' to your CA certificate and 'Private Key' to your private key file. Use the advanced button to enable compression (e.g. comp-lzo), dev tap, or other special settings you set on the server. Now try to establish your VPN.
OpenVPN with GUI for Win 7
First download and install the latest OpenVPN Windows Installer. OpenVPN 2.3.4 was the latest when this was written. As of this writing, the management GUI is included with the Windows binary installer.
You need to start the OpenVPN service. Goto Start > Computer > Manage > Services and Applications > Services. Find the OpenVPN service and start it. Set it's startup type to automatic. When you start the OpenVPN MI GUI the first time you need to run it as an administrator. You have to right click on it and you will see that option.
You will have to write your OpenVPN config in a textfile and place it in C:\Program Files\OpenVPN\config\client.ovpn along with the CA certificate, Client.key and Client.crt like the following example.
write below commands on the terminal.
Code:
sudo apt-get update sudo apt-get upgrade sudo apt-get install openvpn
To setup your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients first copy the easy-rsa directory to /etc/openvpn. This will ensure that any changes to the scripts will not be lost when the package is updated. From a terminal change to user root and:
Code:
mkdir /etc/openvpn/easy-rsa/ cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
Code:
sudo vi /etc/openvpn/easy-rsa/vars
Code:
export KEY_COUNTRY="US" export KEY_PROVINCE="NC" export KEY_CITY="Winston-Salem" export KEY_ORG="Example Company" export KEY_EMAIL="steve@example.com"
Code:
cd /etc/openvpn/easy-rsa/ source vars ./clean-all ./build-ca
Server Certificates
Next, we will generate a certificate and private key for the server:
Code:
./build-key-server server
Diffie Hellman parameters must be generated for the OpenVPN server:
Code:
./build-dh
Code:
cd keys/ cp server.crt server.key ca.crt dh1024.pem /etc/openvpn/
The VPN client will also need a certificate to authenticate itself to the server. Usually you create a different certificate for each client. To create the certificate, enter the following in a terminal while being user root:
Code:
cd /etc/openvpn/easy-rsa/ source vars ./build-key client1
- /etc/openvpn/ca.crt
- /etc/openvpn/easy-rsa/keys/client1.crt
- /etc/openvpn/easy-rsa/keys/client1.key
As the client certificates and keys are only required on the client machine, you should remove them from the server.
Transfer Method
- scp: you can transfer the client keys through scp(secure copy).
- sftp: this is another which is used to transfer keys in windows.
- samba: you can share your keys through samba as well.
Simple Server Configuration
Along with your OpenVPN installation you got these sample config files (and many more if if you check):
Code:
root@server:/# ls -l /usr/share/doc/openvpn/examples/sample-config-files/ total 68 -rw-r--r-- 1 root root 3427 2011-07-04 15:09 client.conf -rw-r--r-- 1 root root 4141 2011-07-04 15:09 server.conf.gz
Code:
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/ sudo gzip -d /etc/openvpn/server.conf.gz
Code:
sudo vi /etc/openvpn/server.conf
Code:
port 1194
proto udp
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1" # uncomment this line to redirect their default network gateway through the VPN,
causing all IP traffic such as web browsing and DNS lookups to go through the VPN
push "dhcp-option DNS 8.8.8.8" # add this line to resolve DNS for windows client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
Code:
sudo /etc/init.d/openvpn start
Now check if OpenVPN created a tun0 interface:
Code:
sudo ifconfig tun0
Copy the example client configuration file:
Code:
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn
Code:
sudo vi /etc/openvpn/client.conf
Code:
client remote vpnserver.example.com 1194 ca ca.crt cert client1.crt key client1.key
note: Replace vpn.mycompany.com with the hostname of your VPN server, and hostname.* with the actual certificate and key filenames that correspond to the client.
Now start the OpenVPN client:
Code:
/etc/init.d/openvpn start
Code:
ifconfig tun0
Code:
ping 10.8.0.1 PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. 64 bytes from 10.8.0.1: icmp_req=1 ttl=64 time=0.920 ms
If the above didn't work for you, check this:
- Check your syslog, e.g. grep -i vpn /var/log/syslog
- Can the client connect to the server machine? Maybe a firewall is blocking access? Check syslog on server.
- Client and server must use same protocol and port, e.g. UDP port 1194, see port and proto config option
- Client and server must use same config regarding compression, see comp-lzo config option
- Client and server must use same config regarding bridged vs routed mode, see server vs server-bridge config option
Client software implementations
Linux Network-Manager GUI for OpenVPN
Many Linux distributions including Ubuntu desktop variants come with Network Manager, a nice GUI to configure your network settings. It also can manage your VPN connections. Make sure you have package network-manager-openvpn installed. Here you see that the installation installs all other required packages as well:
Code:
apt-get install network-manager-openvpn
Code:
restart network-manager
OpenVPN with GUI for Win 7
First download and install the latest OpenVPN Windows Installer. OpenVPN 2.3.4 was the latest when this was written. As of this writing, the management GUI is included with the Windows binary installer.
You need to start the OpenVPN service. Goto Start > Computer > Manage > Services and Applications > Services. Find the OpenVPN service and start it. Set it's startup type to automatic. When you start the OpenVPN MI GUI the first time you need to run it as an administrator. You have to right click on it and you will see that option.
You will have to write your OpenVPN config in a textfile and place it in C:\Program Files\OpenVPN\config\client.ovpn along with the CA certificate, Client.key and Client.crt like the following example.
Code:
client remote server.example.com # openvpn server's ip port 1194 proto udp dev tun dev-type tun ns-cert-type server reneg-sec 86400 auth-user-pass auth-retry interact comp-lzo yes verb 3 ca ca.crt cert client1.crt" key client1.key"