Linux Hub

Translated articles about Linux!

Linux Hub

Translated articles about Linux!

Tutorials

Install OpenVPN Client on Ubuntu

Rork

Some users are interested in creating a private virtual network between the two computers. Provided by the task by using VPN technology (Virtual Private Network). Implemented the connection via public or private utilities and programs. After successful installation and configuration of all components of the procedure can be considered completed, and the connection is protected. Next, we would like to discuss in detail the implementation of the technology using OpenVPN client in an operating system based on Linux kernel.

Install OpenVPN on Linux

Since most of the users use based distributions Ubuntu, today’s instructions will be based on these versions. In other cases a fundamental difference in the installation and configuration of OpenVPN, you won’t notice unless I have the syntax of a distribution, what you can read in the official documentation of their system. We offer you to get acquainted with the entire process step by step, to better understand each activity.

One should take into account that the functioning of OpenVPN takes place via two host (computer or server), which means that installation and configuration applies to all members of the connection. Our next guide will focus just on two sources.

Step 1: Install OpenVPN

Of course, you should start with adding all required libraries to computers. Be ready, for the task used to be solely built-in OS “Terminal”.

  • Open the menu and start the console. This can be done by pressing a combination of keys Ctrl + Alt + T.

  • Mount command sudo apt install openvpn easy-rsa to install all the needed repositories. After that press Enter.

  • Specify the password of the account superuser. That character set is not displayed in the field.

  • Confirm adding new files by selecting the appropriate option.

    • Proceed to the next step only when the installation will be performed on both devices.

    Step 2: create and configure a certification authority

    Center specifications responsible for verifying public keys and provides strong encryption. It is created on the device, which then will connect to other users, so open a console on the desired PC and follow these steps:

  • Priority folder is created to store all the keys. You can place it anywhere, but it is better to choose a reliable place. Use the command sudo mkdir /etc/openvpn/easy-rsawhere /etc/openvpn/easy-rsa — a place to create a directory.

  • Further, in this folder you want to put scripts add-ons easy-rsa, and this is done using sudo cp-R /usr/share/easy-rsa /etc/openvpn/.

  • In the finished folder is created by the certification authority. First go to this folder cd /etc/openvpn/easy-rsa/.

  • Then paste in the box the following command:

    sudo-i
    # source ./vars
    # ./clean-all
    # ./build-ca

    • While the server computer can be left alone and to travel to client devices.

    Step 3: configure the client certificates

    The user manual with which you will be introduced below, you will need to spend on each client computer to organize properly functioning secure connection.

  • Open the console and write there the command sudo cp-R /usr/share/easy-rsa /etc/openvpn/to copy all the required scripts tool.

  • Previously on a server PC was created as a separate file with the certificate. Now it needs to be copied and placed in the folder with the rest. The easiest way to do this via the command sudo scp [email protected]:/etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/easy-rsa/keyswhere [email protected] — address of the device from which you are downloading.

  • You only have to generate a personal secret key to the further it was carried through the connection. Do this by navigating to the folder scripts cd /etc/openvpn/easy-rsa/.

  • To create the file, use the command:

    sudo-i
    # source ./vars
    # build-req Lumpics

    Lumpics in this case, the specified file name. Created key must be in the same directory with the rest of the keys.

  • You only have to send the access key to the server device to authenticate your connection. This is done using the same command used to download. You need to enter scp /etc/openvpn/easy-rsa/keys/Lumpics.csr [email protected]:~/, where [email protected] name of the computer to send and Lumpics.csr — the name of the key file.

  • On a server PC confirm using the key ./sign-req ~/Lumpicswhere Lumpics — the name of the file. Then return the document back through sudo scp [email protected]:/home/Lumpics.crt /etc/openvpn/easy-rsa/keys.

    • This is all preliminary work completed, it remains only to bring himself up OpenVPN in a normal condition and you can begin to use a private encrypted connection with one or more clients.

    Step 4: Configuring OpenVPN

    The following guide will address and the client part and the server. We will all share in the action and warn about changes to the machines so you just need to follow these instructions.

  • First, create a configuration file on a server PC by using the command zcat /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf. When configuring client devices, this file will also have to create separately.

  • Read the standard values. As you can see, the port and Protocol match the standard, but no additional parameters.

  • Run the created the configuration file in an editor sudo nano /etc/openvpn/server.conf.

  • We won’t go into the details of the change of all values, because in some cases they are individual, but the standard line in the file must be present, and the picture looks like this:

    port 1194
    proto udp
    comp-lzo
    dev tun
    ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
    cert /etc/openvpn/easy-rsa/2.0/keys/ca.crt
    dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
    topology subnet
    server 10.8.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt

    After you have completed all changes, save the settings and close the file.

  • Work with server part completed. Run OpenVPN using the config file created by openvpn /etc/openvpn/server.conf.

  • Now to the client devices. As already mentioned, there is also created the configuration file, but this time he unpacked, so the command is: sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/client.conf.

  • Run the file in the same way as it was shown above and put the following lines:

    client
    dev tun
    proto udp
    remote 194.67.215.125 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca /etc/openvpn/easy-rsa/keys/ca.crt
    cert /etc/openvpn/easy-rsa/keys/Sergiy.crt
    key /etc/openvpn/easy-rsa/keys/Sergiy.key
    tls-auth ta.key 1
    comp-lzo
    verb 3.

    After editing is complete, launch OpenVPN: openvpn /etc/openvpn/client.conf.

  • Insert command ifconfig, to verify system operation. Among all the displayed values must be present the interface tun0.

    • For traffic forwarding and open Internet access for all clients on a server PC, you will need to alternately activate the following commands.

    sysctl -w net.ipv4.ip_forward=1
    iptables -A INPUT -p udp –dport 1194 -j ACCEPT
    iptables-I FORWARD -i tun0 -o eth0 -j ACCEPT
    iptables-I FORWARD-i eth0 -o tun0 -j ACCEPT
    iptables-t nat -A POSTROUTING -o eth0 -j MASQUERADE

    In today’s article, you were introduced to the procedure to install and configure OpenVPN on server and client side. I advise to pay attention on the notification shown in the”Terminal” and examine the error codes if they appear. Such actions will help to avoid further problems with the connection, because the prompt resolution of problems prevents other problems arising.

    Source: lumpics.ru

    Leave a Reply

    Your email address will not be published. Required fields are marked *