In Brief: Installing OpenVPN

9 sep 2006, Simon Strandgaard

openvpn server is Ubuntu linux
openvpn client is Windows XP

prompt> uname -a
Linux 2.6.15-26-server #1 SMP Thu Aug 3 04:09:15 UTC 2006 i686 GNU/Linux

Follow this guide: OpenVPN howto

SERVER-STEP1: install the package

prompt> sudo aptitude

choose openVPN for installation.

prompt> openvpn --version
OpenVPN 2.0.6 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Apr 10 2006
Developed by James Yonan
Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
prompt>

SERVER-STEP2: make a dir where we can work

prompt> cd
prompt> mkdir test_openvpn
prompt> cd test_openvpn
prompt> cp /usr/share/doc/openvpn/examples/easy-rsa/* .

SERVER-STEP3: generate master Certificate Authority

IMPORTANT openvpn requires that we use BASH (I personally use TCSH)!

prompt> bash
prompt> edit vars
bash-prompt> source vars
bash-prompt> ./clean-all
bash-prompt> ./build-ca

SERVER-STEP4: generate keys

IMPORTANT I am getting the message "unable to write 'random state'". I have seen others getting the same and it doesnt seem to be a serious error.

prompt> ./build-key-server server
prompt> ./build-key client_user1
prompt> ./build-key client_user2
prompt> ./build-key client_user3

SERVER-STEP5: server configuration

prompt> cp /usr/share/doc/openvpn/examples/sample-config-files/* .
prompt> gunzip server.conf.gz
prompt> edit server.conf

change "server 192.168.2.0 255.255.255.0"

prompt> sudo openvpn server.conf

Now we may verify that a client can connect to our server.

CLIENT-STEP1: install

install openvpn on windows.

CLIENT-STEP2: client configuration

assuming 217.217.217.217 is your servers public IP.
open a Command prompt:

prompt> cd c:\Programmer\OpenVPN
prompt> copy sample-config\client.ovpn config\client.ovpn
prompt> cd config
prompt> pscp "user1@217.217.217.217:test_openvpn/ca.crt" .
prompt> pscp "user1@217.217.217.217:test_openvpn/client_user1.crt" client.crt
prompt> pscp "user1@217.217.217.217:test_openvpn/client_user1.key" client.key
prompt> edit client.ovpn

change "remote 217.217.217.217 1194"

CLIENT-STEP3: launch openvpn when booting

open "Start/Control Panel/Administrative Tools/Services"
scroll down to the "OpenVPN" service
right-click and open the properties window
change start-type from "Manual" into "Automatic"
click "Start"

There should now be a connection with the server.
Reboot and verify that the connection is still working.

SERVER-STEP6: launch openvpn when booting

prompt> sudo cp ca.crt ca.key dh1024.pem server.conf server.crt server.key /etc/openvpn/.
prompt> sudo reboot