OpenVPN

Submitted by freelock on

Client instructions

See:

Set up Easy-RSA as CA


  1. Copy easy-rsa dir to location, usually in /etc so it can be backed up... Ubuntu openvpn packages include easy-rsa at /usr/share/doc/openvpn/examples/easy-rsa
  2. cd into easy-rsa/
  3. Edit vars as follows:
  4. * KEY_COUNTRY
  5. * KEY_PROVINCE
  6. * KEY_CITY
  7. * KEY_ORG
  8. * KEY_EMAIL
  9. Run following commands:
. vars

./clean-all

./build-ca  (Put company name in Common Name)

./build-dh

chmod +x make-crl

./make-crl crl.pem

Create a server certificate

Server certificates are normal client certificates, except that we don't build them with a passphrase, and we mark the certificate with a server flag...

./build-key-server server (name for files to generate. Provide server DNS name for Common Name, sign and commit)

Create client certificates


Each client gets a unique certificate, that must be signed by this CA to be recognized by the server.

. vars
./build-key personname
(name for files to generate--make them unique, we usually use the person's name or a numbered system like client1, client2, etc. Use ./build-key-pass for passphrase-encrypted keys.)

Configure OpenVPN Server-Routed


  1. cd /etc/openvpn
  2. Copy server.conf from docs, and unpack.
  3. cp /etc/capath/keys/ca.crt .
  4. cp /etc/capath/keys/server.* .
  5. cp /etc/capath/keys/dh1024.pem .
  6. Edit server.conf as follows:
  7. * server - set to unique subnet if you connect to multiple OpenVPN tunnels at the same time
  8. * push "route 192.168.1.0 255.255.255.0" ; set the route for the subnet to use
  9. * push "dhcp-option DNS 192.168.1.2" ; set the DNS server via DHCP
  10. * push "dhcp-option WINS 192.168.1.2" ; set a WINS server over DHCP
  11. * push "dhcp-option DOMAIN freelock.lan" ; set a default DNS suffix
  12. * client-to-client ; see other clients at once
  13. * mode server
  14. * tls-server

Server.conf:


Configure firewall to allow traffic


Configure OpenVPN Linux Client

  • Copy client.key, client.crt, ca.crt, and client.conf from docs into a tarball and transfer to client.
  • Edit client.conf as follows:
    • remote servername 1194
    • crt crtname.crt
    • key crtkey.crt
    • ca ca.crt
    • up /etc/openvpn/client.up
    • down /etc/openvpn/client.down
  • Copy client.up and client.down from /usr/share/doc/openvpn/examples/sample...

Configure OpenVPN Windows Client

Set up OpenVPN on Windows
  1. Download the latest stable Installation Package for Windows OpenVPN GUI from here:
  2. * http://openvpn.se/download.html
  3. Run through the installer, accept all defaults
  4. Copy these configs to your laptops that need to connect remotely.
  5. Unzip your zip file, putting the contents in c:\Program Files\Openvpn\config.

That should do it... You'll have a new OpenVPN icon in your system tray. When it's disconnected, it looks like a network icon with a red screen. When it's connected, it turns green (yellow during connection time). To connect, right-click it and click Connect.

Notes:

  • The VPN will not work when you're already connected to your LAN. It should work via external networks.