How to configure OpenVPN in ubuntu

    A virtual private network (VPN) is a technology for using the Internet or another intermediate network to connect computers to isolated remote computer networks that would otherwise be inaccessible. A VPN provides security so that traffic sent through the VPN connection stays isolated from other computers on the intermediate network. VPNs can connect individual users to a remote network or connect multiple networks together.

 

   Naturally, Linux provides several VPN options. In this tutorial we cover only one: OpenVPN (http://openvpn.net). This package ships with most Linux distributions, so you can probably install it using your package manager. 

Server Side Configuration 
 
 Install Openvpn deb package
[ root@server ]#  apt-get   install  openvpn
 
 Copy necessary scripts or files to /etc/openvpn directory.
[ root@server ]#  cp  -r  /user/share/doc/openvpn/example/easy-rsa/2.0/*     /etc/openvpn/
 

 

Edit the  following script which you have copied.

[ root@server ]#  cd  /etc/openvpn

[ root@server ]#  nano  ./var

   export KEY_COUNTRY="US 

   export KEY_PROVINCE="CA 

   export KEY_CITY="SanFrancisco 

   export KEY_ORG="Fort-Funston

   export KEY_EMAIL="me@myhost.mydomain"

[ root@server ]#   source   ./var

[ root@server ]#   ./clean-all

 

Now create CA's private and public key.

Following command will ask various pieces of information some of which

default to the values you set in the vars file.

[ root@server ]#   ./build-ca

 

Following command will generate prviate and public key pair for server and client in /etc/openvpn/keys directory.

This command will generate key pair with server name for vpn server.

[ root@server ]#  ./build-key-server   server

 

Now generate private and public key for client.

[ root@server ]#  ./build-key  client1

 

This command computes a large prime number that’s used in the encryption process.
[ root@server ]#   ./build-dh
 
 
Following step will decribe the server file configuration.
 
Copy sample configuration file and edit as follows.
[ root@server ]#  cp   /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz    /etc/openvpn
[ root@server ]#  cd   /etc/openvpn
[ root@server ]#  gunzip   server.conf.gz
[ root@server ]#  nano   server.conf      ( modifiy the following lines)
 
   ca       /etc/openvpn/keys/ca.key
   cert    /etc/openvpn/keys/server.crt
   key     /etc/openvpn/keys/server.key
   dh        /etc/openvpn/keys/dh1024.pem
   user    nobody
   group  nobody
   
 
 
 
Configure following file for client.
 
[ root@server ]#  cp   /usr/share/doc/openvpn/examples/sample-config-files/client.conf    /etc/openvpn/keys
[ root@server ]#  cd   /etc/openvpn
[ root@server ]#  nano   client.conf      ( modifiy the following lines)
 
   ca       /etc/openvpn/ca.key
   cert    /etc/openvpn/client1.crt
   key     /etc/openvpn/client1.key
   remote  192.168.0.1  1194       ( where 192.168.0.1 is server's ip address )
 
Now copy { ca.key, client1.crt, client1.key and client.conf } files from server to client computer
in /etc/openvpn directory, using secure medium 
 
 
In Server to start openvpn run the following command.
 
[ root@server ]#   openvpn   /etc/openvpn/server.conf
 
un Sep 23 14:37:02 2012 GID set to nogroup
Sun Sep 23 14:37:02 2012 UID set to nobody
Sun Sep 23 14:37:02 2012 Socket Buffers: R=[112640->131072] S=[112640->131072]
Sun Sep 23 14:37:02 2012 UDPv4 link local (bound): [undef]
Sun Sep 23 14:37:02 2012 UDPv4 link remote: [undef]
Sun Sep 23 14:37:02 2012 MULTI: multi_init called, r=256 v=256
Sun Sep 23 14:37:02 2012 IFCONFIG POOL: base=10.8.0.4 size=62
Sun Sep 23 14:37:02 2012 IFCONFIG POOL LIST
Sun Sep 23 14:37:02 2012 Initialization Sequence Completed  <<== server has started successfully 
 

In client run the following command to start openvpn

[ root@client1 ]#   openvpn   /etc/openvpn/client.conf

 

Sun Sep 23 14:52:11 2012 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sun Sep 23 14:52:11 2012 OPTIONS IMPORT: timers and/or timeouts modified
Sun Sep 23 14:52:11 2012 OPTIONS IMPORT: --ifconfig/up options modified
Sun Sep 23 14:52:11 2012 OPTIONS IMPORT: route options modified
Sun Sep 23 14:52:11 2012 ROUTE default_gateway=30.0.0.1
Sun Sep 23 14:52:11 2012 TUN/TAP device tun1 opened
Sun Sep 23 14:52:11 2012 TUN/TAP TX queue length set to 100
Sun Sep 23 14:52:11 2012 /sbin/ifconfig tun1 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Sun Sep 23 14:52:11 2012 /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.5
Sun Sep 23 14:52:11 2012 Initialization Sequence Completed <<== client connection established successfully