Home‎ > ‎

OpenVPN Setup on Ubuntu 12.04 LTS (precise)

A few guides:






First install openvpn and easy-rsa
$ sudo -s
$ wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg | apt-key add -
$ echo "deb http://swupdate.openvpn.net/apt precise main" >
    /etc/apt/sources.list.d/swpudate.openvpn.net.list
$ apt-get update && apt-get install openvpn
$ apt-get install easy-rsa

easy-rsa gets installed to /usr/share/easy-rsa

Copy the sample server config file to /etc/openvpn
$ cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn
$ cd /etc/openvpn
$ gunzip server.conf.gz
$ nano server.conf

Uncomment the lines:
user nobody
group nobody

Save the file.

Further reading: /usr/share/doc/openvpn/README.Debian.gz

$ cp -R /usr/share/easy-rsa /etc/openvpn
$ cd /etc/openvpn/easy-rsa
$ mkdir keys
ln -s /etc/openvpn/easy-rsa/keys /etc/openvpn/keys
$ source ./vars
$ ./clean-all
$ ./build-ca
Country Name [US]:ES
State or Province Name (full name) [CA]:Madrid
Locality Name (eg, city) [SanFrancisco]:Alcorcon
Organization Name (eg, company) [Fort-Funston]:Calcmaster
Organizational Unit Name (eg, section) [changeme]:IT
Common Name (eg, your name or your server's hostname):minecraft.calcmaster.com
Name [changeme]:minecraft.calcmaster.com
Email Address [mail@host.domain]:gmail addr
You'll now have a ca.crt and ca.key in your keys subdirectory
$ ./build-dh
you should now have a dh1024.pem file in your keys folder

Now generate a key for the server.  Enter "server" for common name.
$ ./build-key-server server
answer the questions... you should now have a server.crt, server.csr, server.key in your keys folder.

Now generate a key for your client computer that will connect from a remote location
$ ./build-key client1

$ cd /etc/openvpn
$ nano server.conf

Update these three params:
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key

change dh dh2048.pem to dh /etc/openvpn/keys/dh1024.pem

otherwise create a different diffie hellman file with
openssl dhparam -out dh2048.pem 2048

Create your client ovpn file and you're good to go.

Fire up openvpn on your server:
$ cd /etc/openvpn
$ openvpn server.conf

To ssh to your box, fire up your client-side vpn connection (right-clicking the ovpn file and running it with openvpn client) use Putty.exe to connect to 10.8.0.1 which maps to your server and you're good to go.
Comments