SOFTWARE REVIEWS, PROGRAMMING TIPS, AND SOFTWARE SOLUTIONS FOR ALL YOUR BUSINESS NEEDS.

OpenVPN Setup (Updated 11/02/2006)

Added on by Ray Insalaco.
I had two machines that I needed to install OpenVPN on yesterday, so I figured I would post the steps required to get them up and running. The servers where both running Ubuntu 6.06.

Here are the quick and dirty steps:
sudo apt-get install openvpn openssl

cd /usr/share/doc/openvpn/examples
sudo cp -R easy-rsa/ /etc/openvpn

cd /etc/openvpn/easy-rsa
sudo . ./vars
sudo ./clean-all
sudo ./build-ca
Answer the questions to create the key

Now we need to create the server key:
sudo ./build-key-server server
Again answer the questions to customize the key. You can use the defaults if you want and just enter the server name when asked. The name is required, if you do not enter a name the key will be a zero length and will not work. The error message if not all that straight forward, it only says the server failed to start.

Now we need to create the client keys:
sudo ./build-key 'name of key'
Again answer the questions to customize the key. You can use the defaults if you want and just enter the computer name when asked. I like to use the name of the computer the key is for, because it makes it easier to keep track of the keys if you need to remove one. The name is required, if you do not enter a name the key will be a zero length and will not work. The error message if not all that straight forward, it only says the server failed to start.

Now we create the Diffie-Hellman parameters:
sudo ./build-dh

When we pass the keys to the clients we need to distribute the following keys to each client:
ca.crt goes to the client and the server.
ca.key goes to the key signing machine only, which we set this on to be.
dh{n}.pem goes to the server only.
server.crt goes to the server only.
server.key goes to the server only.
.crt goes to the client only.
.key goes to the client only.

The last thing to do on the server is create the configuration file: (view sample)
sudo vi /etc/openvpn/server.conf

Restart the service and the server is done.
sudo /etc/init.d/openvpn restart

Next we have to create the configuration file for the client: (view sample)
This file needs to be saved in the same directory as the keys. On windows the configuration file should be saved with a .ovpn extension. Just double-click this file to establish the connection. Establish the connection on *nix or Windows run openvpn [client config file]. With a little luck you should be connected now.