“OpenVPN is a free and open source software application that implements virtual private network (VPN) solutions for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses SSL/TLS security for encryption and is capable of traversing network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL).” (Cite from Linux Security).
So with OpenVPN you can create a secure private network using internet connection. OpenVPN uses the OpenSSL library to provide encryption of both the data and control channels and transmitted data. OpenVPN work in multi platform. So once the server is setup and configured (i suggest use Linux), the client can connect from any platform (Windows, Mac OS, And Linux).
To install OpenVPN on Ubuntu:
sudo apt-get install openvpn libssl-dev openssl
OpenVPN Configuration:
- Copy the easy-rsa to openvpn folder:
cd /etc/openvpn/ cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/ chown -R $USER /etc/openvpn/easy-rsa/
- Create the server certificates:
cd /etc/openvpn/easy-rsa/ source vars ./clean-all ./build-dh ./pkitool --initca ./pkitool --server server cd keys openvpn --genkey --secret ta.key cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/
- Create the client certificates:
cd /etc/openvpn/easy-rsa/ source vars ./pkitool hostname cd ..
Change hostname to your client hostname
- Compress the client certificate:
tar czf keys.tgz ca.crt ta.key easy-rsa/keys/hostname.crt easy-rsa/keys/hostname.key
- Download the keys.tgz and extract it under your openvpn client.
- Configure /etc/openvpn/server.conf
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/ gzip -d /etc/openvpn/server.conf.gz
edit server.conf
dev tun server 10.10.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt ca ca.crt cert server.crt key server.key dh dh1024.pem push "route 10.10.0.0 255.255.255.0" push "redirect-gateway" comp-lzo keepalive 10 60 ping-timer-rem persist-tun persist-key user nobody group nobody daemon
- Start openvpn server
echo 1 > /proc/sys/net/ipv4/ip_forward #enable ip forwarding iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o venet0 -j MASQUERADE iptables-save > /etc/iptables.conf echo "#!/bin/sh" > /etc/network/if-up.d/iptables echo "iptables-restore < /etc/iptables.conf" >> /etc/network/if-up.d/iptables chmod +x /etc/network/if-up.d/iptables echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
then:
/etc/init.d/openvpn start
The OpenVPN server configuring finish, the next step is configure the client. In this example i’m using Windows Vista with OpenVPN client installed.
OpenVPN Client Configuration:
- Download the keys.tgz with FTP client
- Extract it in C:Program FilesOpenVPNconfig
- Run openvpn-gui, and press connect.
- You are connected to the OpenVPN, and you can share with the other client just like using a Lan Network over the internet.
Even there are lot of ways and configure options to make your OpenVPN work as you need, this is just a basic example that i do to create my own OpenVPN so i can test my programs. Wish this article is useful for you.
Thanks to:
Configure OpenVPN Ubuntu
vpsnoc.com
will you please tell me how to "Download the keys.tgz with FTP client"
Just open the FTP and download the keys.tgz.
mas, nanya dong setting buat klient nya pake os winxp. yg di atas cuma sampe seting server aja. trims.
What is venet0 (point 7) in this line:
iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o venet0 -j MASQUERADE
That's your VPN ip class.
Hmmm this article is for linux… then why are you telling us to open the openvpn-gui.exe in program files/iopenvpn? Thats just what I wanted to know how to do it in linux, I don't know where am I supposed to put my openvpn credentials