This is a quick note on how to install OpenVPN as a Ethernet tunnel (not a bridge) on ubuntu 10.04
install
sudo apt-get install openvpn |
Server Certificates
First, copy the easy-rsa directory to /etc/openvpn.
sudo mkdir /etc/openvpn/easy-rsa/ sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/ |
You may also wish to adjust permissions in the easy-rsa directory to allow the current user permission to create files.
sudo chown -R $USER /etc/openvpn/easy-rsa/ |
Next, edit /etc/openvpn/easy-rsa/vars but make sure you adjust at least the following values to values make sense to you:
export KEY_COUNTRY="SE" export KEY_PROVINCE="Blekinge" export KEY_CITY="Karlskrona" export KEY_ORG="My organization" export KEY_EMAIL="vpnhelp@example.com" |
Enter the following to create the server certificates:
cd /etc/openvpn/easy-rsa/ source vars ./clean-all ./build-dh ./pkitool --initca ./pkitool --server server cd keys openvpn --genkey --secret ta.key sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/ |
Server Configuration
Lets start by copying the example config.
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/ sudo gunzip /etc/openvpn/server.conf.gz |
Edit /etc/openvpn/server.conf changing (at least) the following options (change to values that make sense to you):
#Change the VPN subnet address to one that makes sense to you (and don't collide with any other net) server 10.9.0.0 255.255.255.0 #If you wish the computers on the VPN to be able to connect to each other then uncomment client-to-client # You can uncomment this out on # non-Windows systems. user nobody group nogroup #If this is uncommented then a separate log will be written for OpenVPN (If both log lines are uncommented, then syslog is used) log-append openvpn.log #To enable per client configurations uncomment: client-config-dir client-configs |
Restart the VPN:
/etc/init.d/openvpn restart |
If the server failed to start:
/etc/init.d/openvpn restart * Stopping virtual private network daemon(s)... * No VPN is running. * Starting virtual private network daemon(s)... * Autostarting VPN 'server' [fail] |
Then you should check out the log (either syslog or the log you set in the config file) and solve the issues.
It should look like this:
/etc/init.d/openvpn restart * Stopping virtual private network daemon(s)... * No VPN is running. * Starting virtual private network daemon(s)... * Autostarting VPN 'server' [ OK ] |
I am having issues with this bigtime, i have been working on this for days yet, I am not getting anywhere. I am at the point where i went through all steps over and over, can you please help guide me through this process. I am in Canada and yes, restrictions are a pain in the ass. Thank you for any advice or guidance you might be willing to provide.
I keep getting fail fail fail at the end of the process.
Walter
What does the log file say?
Normally what I have done wrong is naming of files or misspelling some config param, and that the log (usually) tells me.
Thank you!! I had so many problems with setting up openvpn, I could get it to work on centos but never ubuntu for some reason, this guide worked perfectly! I can confirm it working on micronetvps.com’s VPS’s (they have 6 locations so good for vpn), I also got it to work on a vps from ovh (france only i think).
Thanks again and keep up the good work!