“OpenVPN is a free and open source software application that implements virtual private network (VPN) solutions for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses SSL/TLS security for encryption and is capable of traversing network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL).” (Cite from Linux Security).
So with OpenVPN you can create a secure private network using internet connection. OpenVPN uses the OpenSSL library to provide encryption of both the data and control channels and transmitted data. OpenVPN work in multi platform. So once the server is setup and configured (i suggest use Linux), the client can connect from any platform (Windows, Mac OS, And Linux).
To install OpenVPN on Ubuntu:
sudo apt-get install openvpn libssl-dev openssl
- Copy the easy-rsa to openvpn folder:
cd /etc/openvpn/ cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/ chown -R $USER /etc/openvpn/easy-rsa/
- Create the server certificates:
cd /etc/openvpn/easy-rsa/ source vars ./clean-all ./build-dh ./pkitool --initca ./pkitool --server server cd keys openvpn --genkey --secret ta.key cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/
- Create the client certificates:
cd /etc/openvpn/easy-rsa/ source vars ./pkitool hostname cd ..
Change hostname to your client hostname
- Compress the client certificate:
tar czf keys.tgz ca.crt ta.key easy-rsa/keys/hostname.crt easy-rsa/keys/hostname.key
- Download the keys.tgz and extract it under your openvpn client.
- Configure /etc/openvpn/server.conf
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/ gzip -d /etc/openvpn/server.conf.gz
dev tun server 10.10.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt ca ca.crt cert server.crt key server.key dh dh1024.pem push "route 10.10.0.0 255.255.255.0" push "redirect-gateway" comp-lzo keepalive 10 60 ping-timer-rem persist-tun persist-key user nobody group nobody daemon
- Start openvpn server
echo 1 > /proc/sys/net/ipv4/ip_forward #enable ip forwarding iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o venet0 -j MASQUERADE iptables-save > /etc/iptables.conf echo "#!/bin/sh" > /etc/network/if-up.d/iptables echo "iptables-restore < /etc/iptables.conf" >> /etc/network/if-up.d/iptables chmod +x /etc/network/if-up.d/iptables echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
The OpenVPN server configuring finish, the next step is configure the client. In this example i’m using Windows Vista with OpenVPN client installed.
OpenVPN Client Configuration:
- Download the keys.tgz with FTP client
- Extract it in C:Program FilesOpenVPNconfig
- Run openvpn-gui, and press connect.
- You are connected to the OpenVPN, and you can share with the other client just like using a Lan Network over the internet.
Even there are lot of ways and configure options to make your OpenVPN work as you need, this is just a basic example that i do to create my own OpenVPN so i can test my programs. Wish this article is useful for you.