home based job being this kind of popular draw to numerous industries, it is always necessary to have the ability to access company folders and hardware that exists in the LAN. When over and above that LAN, among the best ways to gain that access is using the help of a VPN. Many VPN solutions are very pricey, and/or tough to set up and manage. Fortunately, with the open source/Linux community, there's a solution that is certainly actually very easy to setup, configure, and manage. OpenVPN is the fact solution and here you will see how to create the server end of these system.
What Is Needed ?
I will probably be setting OpenVPN on a Ubuntu 11.04, using Public Key Infrastructure that has a bridged Ethernet interface. This setup allows for that quickest option to getting OpenVPN working, whilst a modicum of security.
- The initial step (outside having the os installed) is usually to install the essential packages. Since I will installing on Ubunutu, cellular phone is fairly straightforward:
- Open up a terminal window.
- Run sudo apt-get install openvpn to set up the OpenVPN package.
- Type the sudo password striking Enter.
- Accept any dependencies.
There is package left to set up - the package that permits the enabling of bridged networking. Setting within the bridge is straightforward, knowing how. But before the interface might be configured to manage bridged networking, just one package need to be installed. Do the following:
- Install the required package while using command sudo apt-get install bridge-utils.
- Edit the /etc/network/interfaces file to reflect the required changes (see below).
- Restart networking together with the command sudo /etc/init.d/networking restart .
Open within the /etc/network/interfaces file and make the mandatory that affect your networking interface, in accordance with the sample below:
iface lo inet loopback
iface br0 inet static
Make sure to configure the bridge section (shown above) to fit the correct information to your network. Save that file and restart networking. Now it's time to start out configuring the VPN server.
Install Configure OpenVPN Server on Linux
The OpenVPN server will make use of certificate authority for security. Those certificates must first be created and after that placed in the correct directories. To do this, adopt these measures:
- Create a whole new directory with all the command sudo mkdir /etc/openvpn/easy-rsa/.
- Copy the mandatory files while using command sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/.
- Change the ownership from the newly copied directory while using command sudo chown -R $USER /etc/openvpn/easy-rsa/.
- Edit the file /etc/openvpn/easy-rsa/vars and change the variables the following.
The variables to edit are :
Once the file continues to be edited and saved, we'll run several commands need to be entered to create the certificates :
./pkitool --server server
sudo openvpn --genkey --secret ta.key
sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/
The clients should have certificates so as to authenticate for the server. To create these certificates, perform following:
- cd /etc/openvpn/easy-rsa/
- source vars
- ./pkitool hostname
Here the hostname could be the actual hostname on the machine that is to be connecting for the VPN.
Now, certificates must be created for each host having to connecting to your VPN. Once the certificates have already been created, they'll need to be copied for the respective clients. The files that need to be copied are :
- /etc/openvpn/easy-rsa/keys/hostname.crt (Where hostname is the hostname of the client).
- /etc/openvpn/easy-rsa/keys/hostname.key (Where hostname is the hostname of the client).
Copy the above mentined using a secure method, ensuring that they are copied for the /etc/openvpn directory.
Configuring VPN Server
It is time to configure the specific VPN server. The first step is always to copy a sample configuration file to cooperate with. This is done while using command sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/. Now decompress the server.conf.gz file with all the command sudo gzip -d /etc/openvpn/server.conf.gz. The configuration options to edit have been in this file. Open server.conf up in a very text editor (with administrative privileges) and edit these options:
up "/etc/openvpn/up.sh br0"
down "/etc/openvpn/down.sh br0"
server-bridge 192.168.100.101 255.255.255.0 192.168.100.105 192.168.100.200
push "route 192.168.100.1 255.255.255.0"
push "dhcp-option DNS 192.168.100.201"
push "dhcp-option DOMAIN example.com"
tls-auth ta.key 0 # This file is secret
If you're undecided about any with the options, here:
- The local address will be the IP address from the bridged interface.
- The server-bridge is essential in the case of a bridged interface.
- The server will push out of the IP address array of 192.168.100.105-200 to clients.
- The push directives are options deliver to clients.
Bringing The VPN Up And Down
Before the VPN commences (or restarted) a few scripts is going to be necessary to add the tap interface on the bridge (If bridged networking is just not being used, these scripts are certainly not necessary.) These scripts are able to be used by the executable for OpenVPN. The scripts are /etc/openvpn/up.sh and /etc/openvpn/down.sh.
#This is /etc/openvpn/up.sh
/sbin/ifconfig $DEV mtu $MTU promisc up
/usr/sbin/brctl addif $BR $DEV
/usr/sbin/brctl delif $BR $DEV
/sbin/ifconfig $DEV down
Both of the scripts must be executable, that is done while using chmod command :
sudo chmod 755 /etc/openvpn/down.sh
sudo chmod 755 /etc/openvpn/up.sh
Finally, restart OpenVPN using the command sudo /etc/init.d/openvpn restart. The VPN server is actually ready to accept connections from clients .
Tag : Other