SlideShare a Scribd company logo

How to setup OpenVPN Server and Client on Ubuntu 14.04

Download as PPTX, PDF
VEXXHOST Private Cloud
VEXXHOST Private Cloud

The purpose of OpenVPN is simple; it allows connecting to other devices within one secure network. It allows to keep online data safe by tunneling them through encrypted servers. So if you’re looking for a reliable, easy-to-use system that is adaptable enough to deal with any operating system, then OpenVPN is a no-brainer. Presented by VEXXHOST, provider of Openstack based Public and Private Cloud Infrastructure https://vexxhost.com/

Technology
1 of 37
1
• OpenVPN is one of the most popular and widely used open source software application that implements virtual private network (VPN) technologies for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. • It uses a custom security protocol that utilizes SSL/TLS for key exchange. • The purpose of OpenVPN is simple; it allows connecting to other devices within one secure network. • It allows to keep online data safe by tunneling them through encrypted servers. • So if you’re looking for a reliable, easy-to-use system that is adaptable enough to deal with any operating system, then OpenVPN is a no-brainer. 2
System Preparation • We are going to setup OpenVPN on the base operating system of Ubuntu Server 14.04. Let’s prepare the base environment before the startup of OpenVPN installation. • The only prerequisite is that you have installed Ubuntu 14.04 Operating System and you have sufficient root level privileges for performing general maintenance on your server. 3
System Preparation • Update your system to refresh the local repository database with the command below. root@ubuntu-14:~# apt-get update • If you are using an old version of your operating system and need to upgrade all of your installed packages with Operating system, then run the command below. root@ubuntu-14:~# apt-get upgrade 4
OpenVPN and RSA Installation • Once your system is updated with the latest updates then install Open VPN and Easy-RSA by running the following command with root user. root@ubuntu-14:~# apt-get install openvpn easy-rsa • The command will install the new packages with its dependencies. • Before the installation process starts, you will be asked to confirm the installation process by typing `Y` for yes and `N` for no. 5
OpenVPN and RSA Installation 6
OpenVPN Server Configuration • There are some sample VPN server configuration files that can be extracted to `/etc/openvpn` folder for further usage. • Now, point to the directory where these example VPN configurations are placed and extract the archive into the required directory with below command. root@ubuntu-14:~# gunzip -c /usr/share/doc/openvpn/examples/sample- config-files/server.conf.gz > /etc/openvpn/server.conf 7
OpenVPN Server Configuration • Now, to configure its configuration parameters in the `server.conf` file, open with any editor and do the required changes. root@ubuntu-14:~# vim /etc/openvpn/server.conf • To configure the `Diffie Hellman parameters` in the configurations file, we will update its value to double the RSA key length used when generating server and client keys. #dh dh1024.pem dh dh2048.pem 8
OpenVPN Server Configuration • To configure the parameters so that the VPN server can pass in the client’s web traffic to its destination, we will uncomment the below line in `server.conf` file. ;push "redirect-gateway def1 bypass-dhcp” push "redirect-gateway def1 bypass-dhcp” • To configure the Public DNS servers provided by opendns.com, uncomment the two line under this section that looks like this. push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 208.67.220.220" 9
OpenVPN Server Configuration • OpenDNS is the default DNS resolvers used by OpenVPN, we can also use whichever DNS service we want to use. Once the necessary parameters have been configured, save the changes and close the file with `:wq!` in case you are using vim editor. 10
Setup the Certificate Authority • We are going to setup certificate authority that allows your server to generate public and private certificates for other computers. • This is one the most important step to setup encrypted communication between the different computers. • We will use Easy RSA’s scripts and copy the Easy-RSA generation scripts into the `openvpn` directory. root@ubuntu-14:~# cp -r /usr/share/easy-rsa/ /etc/openvpn 11
Setup the Certificate Authority • If you list the easy-rsa directory, you will see its different certificate files and directories. • Under the easy-rsa directory, we will make a new key storage directory. root@ubuntu-14:~#mkdir /etc/openvpn/easy-rsa/keys 12
Setup the Certificate Authority • Next, edit `/etc/openvpn/easy-rsa/vars` adjusting the information to your environment, this information is copied to the certificates and keys, and will help identify the keys later. root@ubuntu-14:/etc/openvpn/easy-rsa# vim vars 13
Setup the Certificate Authority # X509 Subject Field export KEY_NAME="EasyRSA” • The variables shown in red should be updated according to your own environment. You would also need to update the OpenVPN configuration files that reference to `server.crt` and `server.key` according to your `KEY_NAME` Otherwise, openvpn service will not start. root@ubuntu-14:/etc/openvpn# vim server.conf #cert server.crt cert EasyRSA.crt #key server.key # This file should be kept secret key EasyRSA.key 14
Setup the Certificate Authority • Now we are going to generate the Diffie-Hellman parameters by executing the below command. It might take a few minutes to complete the process. root@ubuntu-14:/etc/openvpn/easy-rsa# openssl dhparam -out /etc/openvpn/dh2048.pem 2048 15
Setup the Certificate Authority • We’ll clear the working directory of any possible old or test keys to make way for the new ones by executing the below command. root@ubuntu-14:/etc/openvpn/easy-rsa# ./clean-all • Now we build the certificate authority (CA) by invoking an interactive OpenSSL command. You can accept the default settings at the prompt as we have already configured in the previous steps so simply press `enter` to configure each of the option. If you need to update any of the option then you can also update the settings from here. root@ubuntu-14:/etc/openvpn/easy-rsa# ./build-ca 16
Setup the Certificate Authority 17
Creating Server Certificate • Now, we are going to set up the public and private keys for the actual server. This allows the server to set up its end of the encrypted tunnel between itself and any other computer. root@ubuntu-14:/etc/openvpn/easy-rsa# ./build-key-server EasyRSA • So working in the same directory, we entered the command to build the server’s key with its export key name as we configured earlier. • This will be generating a 2048 bit RSA private key where we will be asked to enter the information that will be incorporated into your certificate request. 18
Creating Server Certificate • In addition to the similar options that we had already configured previously, you will be asked to enter some extra attributes as shown. 19
• The output shows that we have successfully installed and configured an operation openvpn server. Now in the next steps we will show you about its client setup. Creating Server Certificate • So, we had successfully created the new certificates for the server, now we have to copy these certificates into the `/etc/openvpn` directory. root@ubuntu-14:/etc/openvpn/easy-rsa/keys# cp EasyRSA.crt EasyRSA.key ca.crt /etc/openvpn/ 20
OpenVPN Client Configurations • We are going to setup openvpn client that will be used to connect to the openvpn server, so we are starting with its package installation on the client machine which is also running with Ubuntu 14.04 operating system. • Use the following command to start the installation of OpenVPN as shown. root@ubuntu-client:~# apt-get install openvpn 21
22
OpenVPN Client Configurations • Now copy the `client.conf` file from the openvpn example files into the `/etc/openvpn/` directory of your openvpn client host. root@ubuntu-client:~# cp /usr/share/doc/openvpn/examples/sample-config- files/client.conf /etc/openvpn/ • You can repeat this section for the new clients by replacing the name of each device with the appropriate client name. 23
OpenVPN Client Key and Certs Building • As we did for OpenVPN servers key and certificates building, we will repeat the step for the new client certificates and keys generation. • So, to create separate authentication credentials for each device that we want to connect to the VPN, we will have to generate the new certificates with its separate name. root@ubuntu-14:/etc/openvpn/easy-rsa# ./build-key client1 24
25
Transferring Certs and Keys to Client Device • Now we need to transfer the client certificate, key, and profile template files to a folder on our client device. • You can also use the below `scp` command to import the files from your server to client machine by giving the source path and destination path. root@ubuntu-14:/etc/openvpn/easy-rsa/keys# scp client1.crt client1.key root@xx.xx.xx.xx:/etc/openvpn/ 26
Transferring Certs and Keys to Client Device 27
Transferring Certs and Keys to Client Device • Let’s do some configuration changes in the `client.conf` with the correct certs and keys name as following. root@ubuntu-client:/etc/openvpn# vim client.conf ca ca.crt cert client1.crt key client1.key • Also change the following line with openvpn’s hostname or IP address with port to connect from the client device. remote xx.xx.xx.xx 1194 28
• Transferring Certs and Keys to Client Device • Now, save the changes with `:wq!` and start `openvpn` service on client device. root@ubuntu-client:/etc/openvpn# service openvpn start 29
Transferring Certs and Keys to Client Device • You should see in your ifconfig that a `tun` interface appeared. 30
Transferring Certs and Keys to Client Device • Similarly, if you check in openvpn server side, there will also be a new `tun0` interface present. 31
Firewall Rules to Connect VPN Server • In order to allow the VPN client to connect to machines behind the VPN server, we must add a couple of routes to the server. First, you’ll want to enable IP forwarding by running the following command. root@ubuntu-14:~# sysctl -w net.ipv4.ip_forward=1 root@ubuntu-client:~# sysctl -w net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1 • Now we only need to make few firewall rules and configuration changes and then re-enable the firewall. • So first we will allow the SSH and the port 1194 to both machines with following command. #ufw allow ssh #ufw allow 1194/udp 32
Firewall Rules to Connect VPN Server • Set the default forward policy to ACCEPT, DROP or REJECT by changing this will most likely want to adjust your rules as follow. root@ubuntu-X:~# vim /etc/default/ufw #DEFAULT_FORWARD_POLICY="DROP" DEFAULT_FORWARD_POLICY="ACCEPT” • Now, we will add some additional `ufw` rules for network address translation and IP masquerading of connected clients by adding some rules in `ufw` `before.rules` file as below. root@ubuntu-14:~# vim /etc/ufw/before.rules 33
Firewall Rules to Connect VPN Server 34
Firewall Rules to Connect VPN Server • After adding the new rules, enable the `ufw` and then check its status as shown in below. You will be able to see the status of newly added allowed ports. 35
Firewall Rules to Connect VPN Server • We have almost done the OpenVPN Server and Client setup. • Now, finally make sure your routes are working on either your default gateway or your clients. You can use wireshark or tcpdump to check that whether your incoming traffic is fine. • You can also manually check the routes on Linux or Windows by issuing the command “route”. 36
Conclusion • In this detailed article, you have learned about OpenVPN Server and Client setup with installation and configurations using Ubuntu 14.04. • You can also install OpenVPN client profiles on the cross platform. 37 https://vexxhost.com/

Recommended

How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...
How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...
How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...VEXXHOST Private Cloud
 
Openvpn
OpenvpnOpenvpn
Openvpnmato2012
 
FreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 serverFreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 serverTomaz Muraus
 
Lamp Server With Drupal Installation
Lamp Server With Drupal InstallationLamp Server With Drupal Installation
Lamp Server With Drupal Installationfranbow
 
Tutorial CentOS 5 untuk Webhosting
Tutorial CentOS 5 untuk WebhostingTutorial CentOS 5 untuk Webhosting
Tutorial CentOS 5 untuk WebhostingBeni Krisbiantoro
 
Free ipa installation and cluster configuration, freeipa client connection
Free ipa installation and cluster configuration, freeipa client connectionFree ipa installation and cluster configuration, freeipa client connection
Free ipa installation and cluster configuration, freeipa client connectionRustam Sariyev
 
Drupal Continuous Integration with Jenkins - The Basics
Drupal Continuous Integration with Jenkins - The BasicsDrupal Continuous Integration with Jenkins - The Basics
Drupal Continuous Integration with Jenkins - The BasicsJohn Smith
 
Install nginx on ubuntu 21.04 server
Install nginx on ubuntu 21.04 serverInstall nginx on ubuntu 21.04 server
Install nginx on ubuntu 21.04 serverLinuxConcept
 

Recommended

How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...
How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...
How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...VEXXHOST Private Cloud
 
Openvpn
OpenvpnOpenvpn
Openvpnmato2012
 
FreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 serverFreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 serverTomaz Muraus
 
Lamp Server With Drupal Installation
Lamp Server With Drupal InstallationLamp Server With Drupal Installation
Lamp Server With Drupal Installationfranbow
 
Tutorial CentOS 5 untuk Webhosting
Tutorial CentOS 5 untuk WebhostingTutorial CentOS 5 untuk Webhosting
Tutorial CentOS 5 untuk WebhostingBeni Krisbiantoro
 
Free ipa installation and cluster configuration, freeipa client connection
Free ipa installation and cluster configuration, freeipa client connectionFree ipa installation and cluster configuration, freeipa client connection
Free ipa installation and cluster configuration, freeipa client connectionRustam Sariyev
 
Drupal Continuous Integration with Jenkins - The Basics
Drupal Continuous Integration with Jenkins - The BasicsDrupal Continuous Integration with Jenkins - The Basics
Drupal Continuous Integration with Jenkins - The BasicsJohn Smith
 
Install nginx on ubuntu 21.04 server
Install nginx on ubuntu 21.04 serverInstall nginx on ubuntu 21.04 server
Install nginx on ubuntu 21.04 serverLinuxConcept
 
DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...
DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...
DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...Simplilearn
 
Open-VPN Server
Open-VPN ServerOpen-VPN Server
Open-VPN ServerManish Kc
 
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical NagiosNagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical NagiosNagios
 
Ftp configuration in rhel7
Ftp configuration in rhel7Ftp configuration in rhel7
Ftp configuration in rhel7Balamurugan M
 
Site to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authSite to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authChanaka Lasantha
 
Practical solutions for connections administrators
Practical solutions for connections administratorsPractical solutions for connections administrators
Practical solutions for connections administratorsSharon James
 
Configuration of Self Signed SSL Certificate For CentOS 8
Configuration of Self Signed SSL Certificate For CentOS 8Configuration of Self Signed SSL Certificate For CentOS 8
Configuration of Self Signed SSL Certificate For CentOS 8Kaan Aslandağ
 
Calico with open stack and chef
Calico with open stack and chefCalico with open stack and chef
Calico with open stack and chefD.Rajesh Kumar
 
Apache Street Smarts Presentation (SANS 99)
Apache Street Smarts Presentation (SANS 99)Apache Street Smarts Presentation (SANS 99)
Apache Street Smarts Presentation (SANS 99)Michael Dobe, Ph.D.
 
How To Install & Configure Varnish with Apache on Ubuntu
How To Install & Configure Varnish with Apache on UbuntuHow To Install & Configure Varnish with Apache on Ubuntu
How To Install & Configure Varnish with Apache on UbuntuVEXXHOST Private Cloud
 
Cl221
Cl221Cl221
Cl221Juliette Ponnet
 
Your own minecraft server on a linode vps
Your own minecraft server on a linode vpsYour own minecraft server on a linode vps
Your own minecraft server on a linode vpsCleo Morisson
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixDiana Tkachenko
 
Linux
LinuxLinux
LinuxKavi Bharathi R
 
Chef: Smart infrastructure automation
Chef: Smart infrastructure automationChef: Smart infrastructure automation
Chef: Smart infrastructure automationJohannes H. P. Skov Frandsen
 
Presentación1
Presentación1Presentación1
Presentación1davidalbanc
 
R hive tutorial supplement 1 - Installing Hadoop
R hive tutorial supplement 1 - Installing HadoopR hive tutorial supplement 1 - Installing Hadoop
R hive tutorial supplement 1 - Installing HadoopAiden Seonghak Hong
 
Backend Server Validation
Backend Server ValidationBackend Server Validation
Backend Server ValidationYu Tao Zhang
 
lamp technology
lamp technologylamp technology
lamp technologyDeepa
 
Deepa ppt about lamp technology
Deepa ppt about lamp technologyDeepa ppt about lamp technology
Deepa ppt about lamp technologyDeepa
 
10 Essential Laravel 4 Packages Everyone Should Use.pptx
10 Essential Laravel 4 Packages Everyone Should Use.pptx10 Essential Laravel 4 Packages Everyone Should Use.pptx
10 Essential Laravel 4 Packages Everyone Should Use.pptxVEXXHOST Private Cloud
 
How To Install Rails & Nginx with Passenger on Ubuntu
How To Install Rails & Nginx with Passenger on UbuntuHow To Install Rails & Nginx with Passenger on Ubuntu
How To Install Rails & Nginx with Passenger on UbuntuVEXXHOST Private Cloud
 

More Related Content

Similar to How to setup OpenVPN Server and Client on Ubuntu 14.04

DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...
DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...
DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...Simplilearn
 
Open-VPN Server
Open-VPN ServerOpen-VPN Server
Open-VPN ServerManish Kc
 
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical NagiosNagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical NagiosNagios
 
Ftp configuration in rhel7
Ftp configuration in rhel7Ftp configuration in rhel7
Ftp configuration in rhel7Balamurugan M
 
Site to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authSite to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authChanaka Lasantha
 
Practical solutions for connections administrators
Practical solutions for connections administratorsPractical solutions for connections administrators
Practical solutions for connections administratorsSharon James
 
Configuration of Self Signed SSL Certificate For CentOS 8
Configuration of Self Signed SSL Certificate For CentOS 8Configuration of Self Signed SSL Certificate For CentOS 8
Configuration of Self Signed SSL Certificate For CentOS 8Kaan Aslandağ
 
Calico with open stack and chef
Calico with open stack and chefCalico with open stack and chef
Calico with open stack and chefD.Rajesh Kumar
 
Apache Street Smarts Presentation (SANS 99)
Apache Street Smarts Presentation (SANS 99)Apache Street Smarts Presentation (SANS 99)
Apache Street Smarts Presentation (SANS 99)Michael Dobe, Ph.D.
 
How To Install & Configure Varnish with Apache on Ubuntu
How To Install & Configure Varnish with Apache on UbuntuHow To Install & Configure Varnish with Apache on Ubuntu
How To Install & Configure Varnish with Apache on UbuntuVEXXHOST Private Cloud
 
Your own minecraft server on a linode vps
Your own minecraft server on a linode vpsYour own minecraft server on a linode vps
Your own minecraft server on a linode vpsCleo Morisson
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixDiana Tkachenko
 
R hive tutorial supplement 1 - Installing Hadoop
R hive tutorial supplement 1 - Installing HadoopR hive tutorial supplement 1 - Installing Hadoop
R hive tutorial supplement 1 - Installing HadoopAiden Seonghak Hong
 
Backend Server Validation
Backend Server ValidationBackend Server Validation
Backend Server ValidationYu Tao Zhang
 
lamp technology
lamp technologylamp technology
lamp technologyDeepa
 
Deepa ppt about lamp technology
Deepa ppt about lamp technologyDeepa ppt about lamp technology
Deepa ppt about lamp technologyDeepa
 

Similar to How to setup OpenVPN Server and Client on Ubuntu 14.04 (20)

DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...
DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...
DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...
 
Open-VPN Server
Open-VPN ServerOpen-VPN Server
Open-VPN Server
 
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical NagiosNagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
 
Ftp configuration in rhel7
Ftp configuration in rhel7Ftp configuration in rhel7
Ftp configuration in rhel7
 
Site to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authSite to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory auth
 
Practical solutions for connections administrators
Practical solutions for connections administratorsPractical solutions for connections administrators
Practical solutions for connections administrators
 
Configuration of Self Signed SSL Certificate For CentOS 8
Configuration of Self Signed SSL Certificate For CentOS 8Configuration of Self Signed SSL Certificate For CentOS 8
Configuration of Self Signed SSL Certificate For CentOS 8
 
Calico with open stack and chef
Calico with open stack and chefCalico with open stack and chef
Calico with open stack and chef
 
Apache Street Smarts Presentation (SANS 99)
Apache Street Smarts Presentation (SANS 99)Apache Street Smarts Presentation (SANS 99)
Apache Street Smarts Presentation (SANS 99)
 
How To Install & Configure Varnish with Apache on Ubuntu
How To Install & Configure Varnish with Apache on UbuntuHow To Install & Configure Varnish with Apache on Ubuntu
How To Install & Configure Varnish with Apache on Ubuntu
 
Cl221
Cl221Cl221
Cl221
 
Your own minecraft server on a linode vps
Your own minecraft server on a linode vpsYour own minecraft server on a linode vps
Your own minecraft server on a linode vps
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch Fix
 
Linux
LinuxLinux
Linux
 
Chef: Smart infrastructure automation
Chef: Smart infrastructure automationChef: Smart infrastructure automation
Chef: Smart infrastructure automation
 
Presentación1
Presentación1Presentación1
Presentación1
 
R hive tutorial supplement 1 - Installing Hadoop
R hive tutorial supplement 1 - Installing HadoopR hive tutorial supplement 1 - Installing Hadoop
R hive tutorial supplement 1 - Installing Hadoop
 
Backend Server Validation
Backend Server ValidationBackend Server Validation
Backend Server Validation
 
lamp technology
lamp technologylamp technology
lamp technology
 
Deepa ppt about lamp technology
Deepa ppt about lamp technologyDeepa ppt about lamp technology
Deepa ppt about lamp technology
 

More from VEXXHOST Private Cloud

10 Essential Laravel 4 Packages Everyone Should Use.pptx
10 Essential Laravel 4 Packages Everyone Should Use.pptx10 Essential Laravel 4 Packages Everyone Should Use.pptx
10 Essential Laravel 4 Packages Everyone Should Use.pptxVEXXHOST Private Cloud
 
How To Install Rails & Nginx with Passenger on Ubuntu
How To Install Rails & Nginx with Passenger on UbuntuHow To Install Rails & Nginx with Passenger on Ubuntu
How To Install Rails & Nginx with Passenger on UbuntuVEXXHOST Private Cloud
 
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxHow To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxVEXXHOST Private Cloud
 
How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOS
How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOSHow To Securely Set Up Shipyard 2.0.10 with TLS on CoreOS
How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOSVEXXHOST Private Cloud
 
How to deploy a MariaDB Galera cluster on Ubuntu 14.04
How to deploy a MariaDB Galera cluster on Ubuntu 14.04How to deploy a MariaDB Galera cluster on Ubuntu 14.04
How to deploy a MariaDB Galera cluster on Ubuntu 14.04VEXXHOST Private Cloud
 
How To Mitigate & Fix OpenSSL Heartbeat on CentOS or Ubuntu
How To Mitigate & Fix OpenSSL Heartbeat on CentOS or UbuntuHow To Mitigate & Fix OpenSSL Heartbeat on CentOS or Ubuntu
How To Mitigate & Fix OpenSSL Heartbeat on CentOS or UbuntuVEXXHOST Private Cloud
 
How To Install Ruby on Rails on Ubuntu
How To Install Ruby on Rails on UbuntuHow To Install Ruby on Rails on Ubuntu
How To Install Ruby on Rails on UbuntuVEXXHOST Private Cloud
 
How To Run Nginx in a Docker Container on Ubuntu 16.04
How To Run Nginx in a Docker Container on Ubuntu 16.04How To Run Nginx in a Docker Container on Ubuntu 16.04
How To Run Nginx in a Docker Container on Ubuntu 16.04VEXXHOST Private Cloud
 
CentOS 6 to CentOS 7 Upgrade Procedure
CentOS 6 to CentOS 7 Upgrade ProcedureCentOS 6 to CentOS 7 Upgrade Procedure
CentOS 6 to CentOS 7 Upgrade ProcedureVEXXHOST Private Cloud
 
How To Deploy a Clojure Web Application on Ubuntu 14.04
How To Deploy a Clojure Web Application on Ubuntu 14.04How To Deploy a Clojure Web Application on Ubuntu 14.04
How To Deploy a Clojure Web Application on Ubuntu 14.04VEXXHOST Private Cloud
 
How To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub CloneHow To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub CloneVEXXHOST Private Cloud
 

More from VEXXHOST Private Cloud (15)

10 Essential Laravel 4 Packages Everyone Should Use.pptx
10 Essential Laravel 4 Packages Everyone Should Use.pptx10 Essential Laravel 4 Packages Everyone Should Use.pptx
10 Essential Laravel 4 Packages Everyone Should Use.pptx
 
How To Install Rails & Nginx with Passenger on Ubuntu
How To Install Rails & Nginx with Passenger on UbuntuHow To Install Rails & Nginx with Passenger on Ubuntu
How To Install Rails & Nginx with Passenger on Ubuntu
 
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxHow To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
 
How to Add Swap on Ubuntu
How to Add Swap on UbuntuHow to Add Swap on Ubuntu
How to Add Swap on Ubuntu
 
Getting Started with MEAN Stack
Getting Started with MEAN StackGetting Started with MEAN Stack
Getting Started with MEAN Stack
 
How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOS
How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOSHow To Securely Set Up Shipyard 2.0.10 with TLS on CoreOS
How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOS
 
Fixing 403 Forbidden Nginx Errors
Fixing 403 Forbidden Nginx ErrorsFixing 403 Forbidden Nginx Errors
Fixing 403 Forbidden Nginx Errors
 
WordPress App on Ubuntu 14.04 LTS
WordPress App on Ubuntu 14.04 LTSWordPress App on Ubuntu 14.04 LTS
WordPress App on Ubuntu 14.04 LTS
 
How to deploy a MariaDB Galera cluster on Ubuntu 14.04
How to deploy a MariaDB Galera cluster on Ubuntu 14.04How to deploy a MariaDB Galera cluster on Ubuntu 14.04
How to deploy a MariaDB Galera cluster on Ubuntu 14.04
 
How To Mitigate & Fix OpenSSL Heartbeat on CentOS or Ubuntu
How To Mitigate & Fix OpenSSL Heartbeat on CentOS or UbuntuHow To Mitigate & Fix OpenSSL Heartbeat on CentOS or Ubuntu
How To Mitigate & Fix OpenSSL Heartbeat on CentOS or Ubuntu
 
How To Install Ruby on Rails on Ubuntu
How To Install Ruby on Rails on UbuntuHow To Install Ruby on Rails on Ubuntu
How To Install Ruby on Rails on Ubuntu
 
How To Run Nginx in a Docker Container on Ubuntu 16.04
How To Run Nginx in a Docker Container on Ubuntu 16.04How To Run Nginx in a Docker Container on Ubuntu 16.04
How To Run Nginx in a Docker Container on Ubuntu 16.04
 
CentOS 6 to CentOS 7 Upgrade Procedure
CentOS 6 to CentOS 7 Upgrade ProcedureCentOS 6 to CentOS 7 Upgrade Procedure
CentOS 6 to CentOS 7 Upgrade Procedure
 
How To Deploy a Clojure Web Application on Ubuntu 14.04
How To Deploy a Clojure Web Application on Ubuntu 14.04How To Deploy a Clojure Web Application on Ubuntu 14.04
How To Deploy a Clojure Web Application on Ubuntu 14.04
 
How To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub CloneHow To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub Clone
 

Recently uploaded

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 

How to setup OpenVPN Server and Client on Ubuntu 14.04

  • 1. 1
  • 2. • OpenVPN is one of the most popular and widely used open source software application that implements virtual private network (VPN) technologies for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. • It uses a custom security protocol that utilizes SSL/TLS for key exchange. • The purpose of OpenVPN is simple; it allows connecting to other devices within one secure network. • It allows to keep online data safe by tunneling them through encrypted servers. • So if you’re looking for a reliable, easy-to-use system that is adaptable enough to deal with any operating system, then OpenVPN is a no-brainer. 2
  • 3. System Preparation • We are going to setup OpenVPN on the base operating system of Ubuntu Server 14.04. Let’s prepare the base environment before the startup of OpenVPN installation. • The only prerequisite is that you have installed Ubuntu 14.04 Operating System and you have sufficient root level privileges for performing general maintenance on your server. 3
  • 4. System Preparation • Update your system to refresh the local repository database with the command below. root@ubuntu-14:~# apt-get update • If you are using an old version of your operating system and need to upgrade all of your installed packages with Operating system, then run the command below. root@ubuntu-14:~# apt-get upgrade 4
  • 5. OpenVPN and RSA Installation • Once your system is updated with the latest updates then install Open VPN and Easy-RSA by running the following command with root user. root@ubuntu-14:~# apt-get install openvpn easy-rsa • The command will install the new packages with its dependencies. • Before the installation process starts, you will be asked to confirm the installation process by typing `Y` for yes and `N` for no. 5
  • 6. OpenVPN and RSA Installation 6
  • 7. OpenVPN Server Configuration • There are some sample VPN server configuration files that can be extracted to `/etc/openvpn` folder for further usage. • Now, point to the directory where these example VPN configurations are placed and extract the archive into the required directory with below command. root@ubuntu-14:~# gunzip -c /usr/share/doc/openvpn/examples/sample- config-files/server.conf.gz > /etc/openvpn/server.conf 7
  • 8. OpenVPN Server Configuration • Now, to configure its configuration parameters in the `server.conf` file, open with any editor and do the required changes. root@ubuntu-14:~# vim /etc/openvpn/server.conf • To configure the `Diffie Hellman parameters` in the configurations file, we will update its value to double the RSA key length used when generating server and client keys. #dh dh1024.pem dh dh2048.pem 8
  • 9. OpenVPN Server Configuration • To configure the parameters so that the VPN server can pass in the client’s web traffic to its destination, we will uncomment the below line in `server.conf` file. ;push "redirect-gateway def1 bypass-dhcp” push "redirect-gateway def1 bypass-dhcp” • To configure the Public DNS servers provided by opendns.com, uncomment the two line under this section that looks like this. push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 208.67.220.220" 9
  • 10. OpenVPN Server Configuration • OpenDNS is the default DNS resolvers used by OpenVPN, we can also use whichever DNS service we want to use. Once the necessary parameters have been configured, save the changes and close the file with `:wq!` in case you are using vim editor. 10
  • 11. Setup the Certificate Authority • We are going to setup certificate authority that allows your server to generate public and private certificates for other computers. • This is one the most important step to setup encrypted communication between the different computers. • We will use Easy RSA’s scripts and copy the Easy-RSA generation scripts into the `openvpn` directory. root@ubuntu-14:~# cp -r /usr/share/easy-rsa/ /etc/openvpn 11
  • 12. Setup the Certificate Authority • If you list the easy-rsa directory, you will see its different certificate files and directories. • Under the easy-rsa directory, we will make a new key storage directory. root@ubuntu-14:~#mkdir /etc/openvpn/easy-rsa/keys 12
  • 13. Setup the Certificate Authority • Next, edit `/etc/openvpn/easy-rsa/vars` adjusting the information to your environment, this information is copied to the certificates and keys, and will help identify the keys later. root@ubuntu-14:/etc/openvpn/easy-rsa# vim vars 13
  • 14. Setup the Certificate Authority # X509 Subject Field export KEY_NAME="EasyRSA” • The variables shown in red should be updated according to your own environment. You would also need to update the OpenVPN configuration files that reference to `server.crt` and `server.key` according to your `KEY_NAME` Otherwise, openvpn service will not start. root@ubuntu-14:/etc/openvpn# vim server.conf #cert server.crt cert EasyRSA.crt #key server.key # This file should be kept secret key EasyRSA.key 14
  • 15. Setup the Certificate Authority • Now we are going to generate the Diffie-Hellman parameters by executing the below command. It might take a few minutes to complete the process. root@ubuntu-14:/etc/openvpn/easy-rsa# openssl dhparam -out /etc/openvpn/dh2048.pem 2048 15
  • 16. Setup the Certificate Authority • We’ll clear the working directory of any possible old or test keys to make way for the new ones by executing the below command. root@ubuntu-14:/etc/openvpn/easy-rsa# ./clean-all • Now we build the certificate authority (CA) by invoking an interactive OpenSSL command. You can accept the default settings at the prompt as we have already configured in the previous steps so simply press `enter` to configure each of the option. If you need to update any of the option then you can also update the settings from here. root@ubuntu-14:/etc/openvpn/easy-rsa# ./build-ca 16
  • 17. Setup the Certificate Authority 17
  • 18. Creating Server Certificate • Now, we are going to set up the public and private keys for the actual server. This allows the server to set up its end of the encrypted tunnel between itself and any other computer. root@ubuntu-14:/etc/openvpn/easy-rsa# ./build-key-server EasyRSA • So working in the same directory, we entered the command to build the server’s key with its export key name as we configured earlier. • This will be generating a 2048 bit RSA private key where we will be asked to enter the information that will be incorporated into your certificate request. 18
  • 19. Creating Server Certificate • In addition to the similar options that we had already configured previously, you will be asked to enter some extra attributes as shown. 19
  • 20. • The output shows that we have successfully installed and configured an operation openvpn server. Now in the next steps we will show you about its client setup. Creating Server Certificate • So, we had successfully created the new certificates for the server, now we have to copy these certificates into the `/etc/openvpn` directory. root@ubuntu-14:/etc/openvpn/easy-rsa/keys# cp EasyRSA.crt EasyRSA.key ca.crt /etc/openvpn/ 20
  • 21. OpenVPN Client Configurations • We are going to setup openvpn client that will be used to connect to the openvpn server, so we are starting with its package installation on the client machine which is also running with Ubuntu 14.04 operating system. • Use the following command to start the installation of OpenVPN as shown. root@ubuntu-client:~# apt-get install openvpn 21
  • 22. 22
  • 23. OpenVPN Client Configurations • Now copy the `client.conf` file from the openvpn example files into the `/etc/openvpn/` directory of your openvpn client host. root@ubuntu-client:~# cp /usr/share/doc/openvpn/examples/sample-config- files/client.conf /etc/openvpn/ • You can repeat this section for the new clients by replacing the name of each device with the appropriate client name. 23
  • 24. OpenVPN Client Key and Certs Building • As we did for OpenVPN servers key and certificates building, we will repeat the step for the new client certificates and keys generation. • So, to create separate authentication credentials for each device that we want to connect to the VPN, we will have to generate the new certificates with its separate name. root@ubuntu-14:/etc/openvpn/easy-rsa# ./build-key client1 24
  • 25. 25
  • 26. Transferring Certs and Keys to Client Device • Now we need to transfer the client certificate, key, and profile template files to a folder on our client device. • You can also use the below `scp` command to import the files from your server to client machine by giving the source path and destination path. root@ubuntu-14:/etc/openvpn/easy-rsa/keys# scp client1.crt client1.key root@xx.xx.xx.xx:/etc/openvpn/ 26
  • 27. Transferring Certs and Keys to Client Device 27
  • 28. Transferring Certs and Keys to Client Device • Let’s do some configuration changes in the `client.conf` with the correct certs and keys name as following. root@ubuntu-client:/etc/openvpn# vim client.conf ca ca.crt cert client1.crt key client1.key • Also change the following line with openvpn’s hostname or IP address with port to connect from the client device. remote xx.xx.xx.xx 1194 28
  • 29. • Transferring Certs and Keys to Client Device • Now, save the changes with `:wq!` and start `openvpn` service on client device. root@ubuntu-client:/etc/openvpn# service openvpn start 29
  • 30. Transferring Certs and Keys to Client Device • You should see in your ifconfig that a `tun` interface appeared. 30
  • 31. Transferring Certs and Keys to Client Device • Similarly, if you check in openvpn server side, there will also be a new `tun0` interface present. 31
  • 32. Firewall Rules to Connect VPN Server • In order to allow the VPN client to connect to machines behind the VPN server, we must add a couple of routes to the server. First, you’ll want to enable IP forwarding by running the following command. root@ubuntu-14:~# sysctl -w net.ipv4.ip_forward=1 root@ubuntu-client:~# sysctl -w net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1 • Now we only need to make few firewall rules and configuration changes and then re-enable the firewall. • So first we will allow the SSH and the port 1194 to both machines with following command. #ufw allow ssh #ufw allow 1194/udp 32
  • 33. Firewall Rules to Connect VPN Server • Set the default forward policy to ACCEPT, DROP or REJECT by changing this will most likely want to adjust your rules as follow. root@ubuntu-X:~# vim /etc/default/ufw #DEFAULT_FORWARD_POLICY="DROP" DEFAULT_FORWARD_POLICY="ACCEPT” • Now, we will add some additional `ufw` rules for network address translation and IP masquerading of connected clients by adding some rules in `ufw` `before.rules` file as below. root@ubuntu-14:~# vim /etc/ufw/before.rules 33
  • 34. Firewall Rules to Connect VPN Server 34
  • 35. Firewall Rules to Connect VPN Server • After adding the new rules, enable the `ufw` and then check its status as shown in below. You will be able to see the status of newly added allowed ports. 35
  • 36. Firewall Rules to Connect VPN Server • We have almost done the OpenVPN Server and Client setup. • Now, finally make sure your routes are working on either your default gateway or your clients. You can use wireshark or tcpdump to check that whether your incoming traffic is fine. • You can also manually check the routes on Linux or Windows by issuing the command “route”. 36
  • 37. Conclusion • In this detailed article, you have learned about OpenVPN Server and Client setup with installation and configurations using Ubuntu 14.04. • You can also install OpenVPN client profiles on the cross platform. 37 https://vexxhost.com/