Install Your Own VPN Server with OpenVPN on Ubuntu 10.04 Server
ATTENTION
After a while without posting I bring you this guide of how to create your own VPN on Ubuntu Server, either to connect to the home PC or to use the internet safely in insecure Wi-Fi networks.
openvpn It is a Software that acts as a client and server according to how we configure it, I clarify that there are 2 versions of this:
* OpenVPN Community Software: It is the version that we will use and it is 100% Open Source
* OpenVPN AccessServer: It is the paid version, you can use for free only up to 2 users, the additional users are very cheap, it also has extras such as a web administration panel, it is super easy to configure and more.
Introduction
OpenVPN is a software product created by James Yonan in 2001 and has been improving since then.
No other solution offers such a blend of enterprise-grade security, security, ease-of-use, and rich features.
It is a multiplatform solution that has greatly simplified the configuration of VPNs, leaving behind the times of other difficult solutions to configure such as IPsec and making it more accessible for inexperienced people in this type of technology.
Suppose we need to communicate different branches of an organization. Below we will see some solutions that have been offered in response to these types of needs.
In the past, communications were made by mail, telephone or fax. Today there are factors that make it necessary to implement more sophisticated connectivity solutions between the offices of organizations throughout the world.
These factors are:
* The acceleration of business processes and its consequent increase in the need for flexible and rapid exchange of information.
* Many organizations have several branches in different locations as well as remote teleworkers from home, who need to exchange information without any delay, as if they were physically together.
* The need for computer networks to meet high security standards that ensure authenticity, integrity and availability.
Source: Wikipedia
The server:
This guide is for Ubuntu 10.04 Server, I imagine it works in other versions and distros, we have a ubuntu server already installed and working.
We install OpenVPN and also OpenSSL, since the security is based on ssl.
sudo apt-get -y install openvpn sudo apt-get -y install openssl
We configure the OpenVPN Daemon to Not Auto Start with the System
We comment everything by adding # to the beginning of each line.
sudo nano / etc / default / openvpn
also remove the startup script, to prevent it from starting if you configure
sudo update-rc.d -f /etc/init.d/openvpn remove
Now we create the file openvpn.conf in / etc / openvpn /
sudo nano /etc/openvpn/server.conf
and we put this configuration
dev tun proto tcp port 1194 ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key dh /etc/openvpn/keys/dh2048.pem user nobody group nogroup server 10.6.0.0 255.255.255.0 ifconfig-pool-persist /etc/openvpn/clients.txt status /etc/openvpn/status.txt persist-key persist-tun push "redirect-gateway def1" push "route 192.168.0.0 .255.255.255.0 10 "keepalive 120 3 verb 3 comp-lzo max-clients XNUMX
as you can see it can be customized, this is an example that was tested
If you do not want to use the vpn for secure internet, that is, do not surf the internet from the vpn, remove the line "redirect-gateway".
Other data that can be modified:
* ca, cert, key and dh = are the entity, the certificates, the key and the Diffie Hellman of the server, we will create them later.
* server 10.6.0.0 255.255.255.0 = is the IP range that the vpn will use, use another but, not use the same as the real network.
* ifconfig-pool-persist ipp.txt = save who was assigned each ip in the vpn
* proto and port = protocol and port, you can use tcp and utp, in utp it did not give me good results, the port is you can change it.
* duplicate-cn = allows the same certificate and key to be used in several clients at the same time, I recommend not activating it.
* up /etc/openvpn/openvpn.up = is a script that loads openvpn at startup, it is used for ROUTING and FORWARDING, we will create it later.
* client-to-client = is to prevent vpn users from seeing each other, depending on the case it is useful.
* comp-lzo = compression, compresses all VPN traffic.
* verb 3 = increases or decreases the error details on the server.
* max-clients 30 = maximum number of users simultaneously connected to the server, it can be increased or decreased.
* push route = allows you to see or be on the network behind the vpn server, be careful not to activate client-to-client.
* push «redirect = forces the client to use the VPN as a gateway.
now we create the script for it to configure and start the vpn server.
sudo nano /etc/init.d/vpnserver
and we paste this code, change the ip range according to the configuration of the previous step
#! / bin / sh # vpnserver_start () {echo "VPN Server [OK]" echo 1> / proc / sys / net / ipv4 / ip_forward /etc/init.d/networking restart> / dev / null / sbin / iptables -t nat -A POSTROUTING -s 10.6.0.0/24 -o eth0 -j MASQUERADE / usr / sbin / openvpn --config /etc/openvpn/server.conf 2 >> /etc/openvpn/error.txt 1 >> /etc/openvpn/normal.txt &} vpnserver_stop () {echo "VPN Server [NO]" / usr / bin / killall "openvpn" iptables -F iptables -X /etc/init.d/networking restart> / dev / null} vpnserver_restart () {vpnserver_stop sleep 1 vpnserver_start} # case "$ 1" in 'start') vpnserver_start ;; 'stop') vpnserver_stop ;; 'restart') vpnserver_restart ;; *) vpnserver_start ;; that C
now we assign executable permissions to it
sudo chmod + x /etc/init.d/vpnserver
also and what to configure to auto start with the system
sudo update-rc.d vpnserver defaults
Well, we already configured OpenVPN, now we have to activate the TUN module in the kernel, with these lines, we load it and that's it
sudo modprobe tun sudo echo "tun" >> / etc / modules
As you will see, the configuration was not so difficult, but now comes the slowest:
* Create 2048bit Diffie Hellman
* Create the Certification Authority.
* Create the Certificates and keys of the server.
* Create certificates and keys for each user.
We copy the easy-rsa examples to create the entity, the certificates, keys and encryption, which use OpenVPN,
sudo cp -R / usr / share / doc / openvpn / examples / easy-rsa / / etc / openvpn /
now you have to enter the folder where the utilities that we copied are located and create the keys folder
sudo cp -R / usr / share / doc / openvpn / examples / easy-rsa / / etc / openvpn / cd /etc/openvpn/easy-rsa/2.0 sudo mkdir keys
We only have to edit the vars file that is in /etc/openvpn/easy-rsa/2.0
sudo nano /etc/openvpn/easy-rsa/2.0/vars
and we modify these values
export KEY_DIR = "$ EASY_RSA / keys"
by
export KEY_DIR = "/ etc / openvpn / easy-rsa / 2.0 / keys"
is to generate yes or yes in /etc/openvpn/easy-rsa/2.0/keys
we continue, we also modify the parameters for Diffie Hellman of 2048bits
export KEY_SIZE = 1024
by
export KEY_SIZE = 2048
we are only missing the data for the issuing entity
export KEY_COUNTRY = "US" export KEY_PROVINCE = "CA" export KEY_CITY = "SanFrancisco" export KEY_ORG = "Fort-Funston" export KEY_EMAIL = "me@myhost.mydomain"
modify each value for those of your country, province, city, company and mail
An example
export KEY_COUNTRY = "AR" export KEY_PROVINCE = "SF" export KEY_CITY = "Armstrong" export KEY_ORG = "LAGA-Systems" export KEY_EMAIL = "info@lagasystems.com.ar"
As you see AR = Argentina, SF = Santa Fe (my province) and the others understand each other.
Well now we are ready to start, follow these steps to the letter, because a mistake and everything is ruined.
we execute
source ./vars
and asks us to clean in case there are entities, certificates and keys, we do it with pleasure
./clean-all
now we generate the Diffie Hellman security of 2048bits
./build-dh
now we generate the certification authority it will ask them for the same data as in the vars files, I recommend completing each one, although they are already there, it does not matter
./build-ca
We are now to be able to generate the certificates and keys first the server, change the server to the name that you like, it will ask for the same data as in the vars files, I recommend completing each one, although they are already there, it does not matter.
./build-key-server server
We already have the certificates and server keys, now the client, change the client to whatever name you like,
It will ask for the same data as in the vars files. I recommend completing each one, although they are already there, it does not matter.
./build-key client
This step must be repeated for each client or user who wants to connect to the VPN, we already have everything to work, no, we need to copy the files that we generate to the place that we configure in openvpn.conf
since copy the keys folder to / etc / openvpn /
sudo cp -R /etc/openvpn/easy-rsa/2.0/keys / etc / openvpn /
now we check that everything is in its place, we enter the / etc / openvpn / keys folder
cd / etc / openvpn / keys
and with a ls we check if the files are there
now we generate one more file, this is generated by openvpn
sudo openvpn --genkey --secret ta.key
You only need to copy the files ca.crt, client.crt, client.key, if you created more clients copy the crt and key of each a pendrive or other means, do not use email to send them, it is like giving your house key to a stranger .
Ready, everything is on the server, now we start it to test that everything is correct
sudo /etc/init.d/vpnserver start
If there are no errors, we already have our vpn running, only the client is missing.
The client:
This guide is for Ubuntu 10.04 Desktop, I imagine it works in other versions and distros, we have a ubuntu already installed and working.
We install OpenVPN and also OpenSSL, since the security is based on ssl
and as we will use the Ubuntu Network Manager, we must install the plugins for OpenVPN
sudo apt-get -y install openvpn sudo apt-get -y install openssl sudo aptitude -y install network-manager-openvpn
Now we are able to configure our client a configuration example:
With a text editor, gedit can be, paste this code
client dev tun proto tcp remote IP-OF-SERVER PORT resolv-retry infinite nobind #user nobody #group nobody persist-key persist-tun ca ca.crt client cert.crt key client.key comp-lzo tun-mtu 1500 keepalive 10 120 verb 4
They modify the data, IP-DEL-SERVER this is the public or internet IP of the server and PORT by which they assigned on the server, the files ca.crt, client.crt and client.key are the ones we generated and copied before in a pendrive or whatever.
If you have a dynamic public IP, I recommend using a DDNS service (DyDNS, NO-IP, CDMon), and don't forget to open and redirect port 1194 or the one you chose for the server.
They save the code with the name they want but with a .conf extension and in the same folder as the ca.crt, client.crt and client.key files
Now open the Ubuntu Network Manager and in the VPN tab there is an Import button, they look for the .conf file that we saved before and that's all.
I hope it helps you, since to make openvpn work I went through all the guides and manuals that I found.
Thank you for your Comments, If there is any ERROR it is the product of your imagination, hahaha
Very good guide! I always wanted to install a VPN but it never worked out. Thanks!
Thank you, I tell you that I also had that problem with the VPN, but for work I began to investigate.
in case anyone is interested there is another method to mount a vpn, super simple with ssh.
I am interested in that method !!!
could you pass the data XD
Hi,
If you are looking for a VPN, you can find a VPN Providers List on this website
http://www.start-vpn.com/
woww, I am going to approve all these steps is just what I was looking for, well I hope that all this comes out and then see if you can also comment on the process by ssh that would also be great and if you have more documentation about opsvpn to continue moving to this, you I comment later on what happened and thank you for your contribution
hello, perfect, I have some modifications to do, I already updated the post, there are changes and improvements.
I tried but I did not have the keys or I do not know if a step is needed in the post
I am very interested in this topic I beg you to answer me soon I use ubuntu 10.04 (I am new to this)
Hello, you followed the steps well, because if you skip one or do it wrong, the certificates and keys are not generated, check if you edited the vars file well and when you generate respect the values, do not use strange characters and / or assents or eñes, this happened to a friend in another forum. whatever you need, call me
Hello, you could already do something or you still cannot generate the certificates and keys, let me know so I will help you.
In this line
./build-key-server server
where it says to change the name of the server for the one you want for example:
./build-key-server pepito
(at least for me) it produces an error that is reflected in the normal.txt file where it says that the server key was not found and it does not raise the tun either.
I go back and create the key
./build-key-server server
with that name and there is a gem.
I have tested it on two different servers
Did someone else happen?
Hello, if you change the name to the general certificate you have to change it in the configuration files, because the server will not find the file if you do not specify what it is called.
AAhh, ready, thank you very much, I can barely taste it.
Hello to configure the client in windows as or where do I copy the certificates?
Solved;)
I downloaded the wrong client. From the web openvpn.net, the OpenVPN Community Software Windows Client, already explains how to do it in the installation in a README.
Thanks for the tutorial.
regards
Hello, I am just starting with this linux thing and I have to set up a VPN for a local area network, and I have followed your tutorial and I have reached the part of the installation on the server and the client ...... but after that, no I know how to do the tests to see if there is a connection, if I have implemented it well.
Hello, thanks for the information
I have a server with a running openvpn, the server is linux-fedora, I also have a running Windows 7 installation, that is, I have communication from linux-fedora to Windows 7.
My problem right now is that I want to install openvpn as a client on Ubuntu 10.04 lucid and I have not been able to, I have followed the information you provide using the Network-connections graphical handler, but it does not seem to respond, Do you have any idea?
Thanks in advance
James
Hello,
I have a problem trying to connect from the Linux client. Unable to connect, giving me this error in the syslog:
Feb 3 21:50:06 jesus NetworkManager [1298]: Starting VPN service 'org.freedesktop.NetworkManager.openvpn'…
Feb 3 21:50:06 jesus NetworkManager [1298]: VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 2931
Feb 3 21:50:06 jesus NetworkManager [1298]: VPN service 'org.freedesktop.NetworkManager.openvpn' exited with error: 1
Feb 3 21:50:06 jesus NetworkManager [1298]: Policy set 'Auto eth0' (eth0) as default for IPv4 routing and DNS.
Feb 3 21:50:11 jesus NetworkManager [1298]: VPN service 'org.freedesktop.NetworkManager.openvpn' did not start in time, canceling connections
Feb 3 21:50:33 jesus kernel: [119.324287] lo: Disabled Privacy Extensions
I've tried this but it doesn't work either:
http://sergiodeluz.wordpress.com/2010/06/21/openvpn-fallo-porque-no-habia-secretos-vpn-validos-solucion/
Any idea where to look?
Hello! I have followed your instructions to the letter until executing "source ./vars", as you indicate, it asks me to do the "./clean-all", but when doing so it tells me that it cannot do the rm by permission denied or the mkdir because the file already exists; I go ahead and in the "./build-dh" and after many lines of. and +, ends with: /etc/openvpn/easy-rsa/2.0/keys/dh2048. pem: Permission denied.
And the same for "./build-ca", writing new private key to 'ca.key', ca.key: Permission denied.
I assumed that I would have to do it with super user privileges, but in all cases it tells me to make sure I have executed "source ./vars ... I'm stuck."
Many for your time!
I will answer myself, until now I could continue doing a «chmod 777» to the 2.0 folder and it seems that now if I am going to continue ...
How can I know the IP of the server to assign it to the VPN client? Thank you very much Luciano for your help and your post! 100101001
THANK YOU, THANK YOU, THANK YOU, finally a tutorial that you do "just this" and IT WORKS.
Well, until there we go .. now I have the following problem, which is surely because they are an asshole .. 😉
I explain: I have followed the GUIDE perfectly, I have downloaded a client for MAC from openvpn, and reading your client configuration, I have configured mine and I CONNECTED.
I'll tell you the infrastructure first.
server: ubuntu 10.4
eth0 = 192.168.1.40
(I have left the OPENVPN configuration file EXACTLY the same as you suggest, which I DO NOT UNDERSTAND, is ...
My computer (mac client) was assigned the ip 10.6.0.5 and if I ping 10.6.0.1 I ARRIVE without problems.
What I DO NOT understand is that I need a VPN to access my office LAN, and my office LAN is 192.168.1.x (as in my home, I also have 192.168.1.x)
Office:
OPENVPN server: 192.168.1.40
Web development server: 192.168.1.107
My question is ... what would I have to change so that from my house, I can connect to the OPENVPN server so that it gives me an IP of the appropriate subnet to be able to enter my web development server .. ???
it gives me, maybe that in the open vpn server.cfg I have to replace 10.6.xx with something suitable for 192.168.1.x and change the subnet of my house, so that it IS ANOTHER EXAMPLE: 10.0.XX so that they do not stick between 192.168.xx from my home and office?
JEJEJEJEJEJ excuse me, but I have tried to express my doubt in the most understandable way possible, but maybe because I do not know how to ask it, or what, but I have reread it and my mother, I do not understand myself, but hey, let's see what you think, if you understand me a little and help me. 😉
Regards,
Well, there we go .. now I have the following problem, which is surely because they are assholes .. 😉
I WANTED TO PUT THAT I AM, I AM AN ASSHOLE 😉 heheheej NO BAD INTERPRET PLEASE.
Hello .. did you solve your impasse? The same thing happens to me and I don't know how to solve it ... will you help me please? Thank you
Hello dears,
To tell you that by navigating a little bit I get to answer myself and I already solved my problem, what's more, in this GREAT guide they were already answering me! 🙂
What was said by all, the best openvpn guide that I have read, with which I was encouraged and with which I am working perfectly,
THANKS AND CONGRATULATIONS.
PS: One day it could be expanded with the connection and configuration web interface! 🙂
How about someone who can guide me since if I have many doubts as Gabrielcz says I AM AN ASSHOLE
Hi Luciano, thank you very much for the tutorial, Excellent! If you think it's fine, complement it by adding these lines:
1. Restart OpenVPN on both client and server machines to execute the changes
pending.
2. Run ifconfig and route -n in terminal to check if there is a new interface,
tun0, on the client and on the server.
3. Check the connection by pinging the IPs of the tun0 interfaces, (client and
server). Type in the terminal: ping 10.8.0.1, if you receive a response like:
PING 10.8.0.1 (10.8.0.1) 56 (84) bytes or data.
So congratulations, the client is connected to the server via OpenVPN and now
you can surf safely.
Greetings to all from Colombia.
Hello, in the last part of the tutorial where it is indicated that you must create and edit a file with a .conf extension and complete the IP-DEL-SERVER PORT, put: 192.168.0.0: 1194
and save the file with the name: keyConfiguracionCliente1.conf
I use an ADSL connection for internet service and the IP it handles is dynamic.
I understand that to connect a client to the VPN the following command is used:
root @ user ~ # openvpn keyname.conf, in my case it would be:
root @ user ~ # openvpn CustomerConfigurationKey1.conf
After executing this command the following message is displayed:
"Options error: remote: bad protocol associated with host 192.168.0.0: 1194
Use –help for more information. »
Can you please guide me clearly how to correct this error, thank you.
in the client's conf you have to put the server's ip. If your server has a dynamic ip you would have to make an account in dyndns or no-ip to transform the server's ip into a "myserver.dnsalias.net" question of configuring the client with this last address.
regards
Hello, ulises already answered you, if you have a dynamic IP you have to use some ddns (DynDNS, NoIP, whatever you want), I tell you that a month ago I created a vpn server for a friend but in winbugs and as he used adsl we used noip, it remains Perfect, the steps are the same, just remember to open and redirect port 1194 or the one you choose in the router where the server is connected, also keep in mind that with an adsl much can not be done, because being adsl it is asynchronous. that has more download than upload and a server uses both but more the upload.
Luciano thank you for this tutorial, one of the clearest I have ever read. I was able to connect client1 to server and client2 to server but client1 and client2 are not seen. do you have any idea? Thank you again
Hello, if this method is like this there is no contact between clients, but it can be modified so that if they can interact, for security it is better than not since it is a network like any other and if an individual or software intervenes they can generate great damage . Thank you
Thank you gentlemen for the responses, greetings.
Hi, look, I'm a newbie to vpn, how do I change addresses in the tun0 adapter?
and how to create a public ip in the vpn thanks
hello, the «tun» interface is created on both the server and the client, the server will always have the same ip in tun because it is assigned by openvpn, the client can be sure that you always have the same if in the server config and from the client you put "persist-tun" that ensures that the ips in each client.
You always have the public ip, but if it is dynamic you can use some ddns, type no-ip, dydns or cdmon, those services give you a subdomain that points to your ip and with a soft or from a web you update the ip and that's it Of course this goes only on the server, and you have to open the port on the router.
Luciano: very good tutorial. A question, please, can you confirm that a VPN can also be mounted from a router and not by installing this program on my ubuntu server? If so, what are the advantages of doing it with OpenVPN compared to buying a router with OS (of course, my question goes beyond the price). I am referring to security benefits and other performances. I tell you that I want to install a VPN to access and raise multiple desktops simultaneously to manage the local applications of my Ubuntu server. Can you explain to me how I do this from remote desktops and what is its relationship with the VPN? . Thanks
Hello, the truth is, I will make myself a vpn with a client on routers but they are von ipsec cisco, this is something else, I think that in some of the firmware type tomato, openwrt and others it has the openvn integrated, I would not use it because it is more secure than each computer has the client and so you do not give pn to the entire network and also you have a vpn ip for each computer.
Hello Luciano, excellent your Tutorial, the truth is that it helped me a lot and everything worked for me until I got to the part of importing the .conf file in the case of the server the "server.conf" file that we created, the problem is that when I choose the file after clicking on «import» I put in accept and it throws me a poster that tells me the following:
"Can't import VPN connection"
The file "server.conf" could not be read or does not contain recognizable VPN connection information
Error: unknown error.
Well the thing is that I already tried with a solution that was looking for the example file in "/usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz> server.conf" this is the example file that provides openvpn which is the one with the correct format, modify the file with the configuration shown in the tutorial but when I go to load it gives me the same error, then I tried what the link that I leave "Jesus Gascon Gomez" says
that is, the solution that this page shows «http://sergiodeluz.wordpress.com/2010/06/21/openvpn-fallo-porque-no-habia-secretos-vpn-validos-solucion/»
but the same thing keeps happening to me, I don't know what it can be! If you know or someone can give me a hand with this I would be infinitely grateful since I need to establish a vpn for very important work issues, thank you very much in advance
Hello, this is for those who cannot import the config in the client, if you use ubuntu remember to install the openvpn support in network-manager, otherwise it will not work, it is detailed in the post. Thanks
Thank you, the VPN works 100% for me.
It would be nice to see the configuration for a windos client
Hi Luciano, the following appears on the console when I go to activate the "tun":
cello @ cellodromo: ~ $ sudo modprobe tun
cello @ cellodromo: ~ $
cello @ chelodromo: ~ $ sudo echo "tun" >> / etc / modules
bash: / etc / modules: Permission denied
until here I come with the tutorial until I solve this I do not want to continue with the following steps
What do you think is due?
my OS is Ubuntu 10.04.2 (LTS) desktop
from already thank you
Hello, from what I see it does not take sudo, you may not have permissions to use sudo, try to enter as root (sudo su) and do the steps in the guide.
Yes, it is something that everyone should already know but it is not too much,
Hello, I have followed the steps in the guide and it connects well, but I do not have access to the local computers on the network, I mean I do not ping 192.168.1.1 and I do not know where to locate it to take that segment. Another question? If I have several VLANs in the ren, how do I configure which one to connect to and which one not ???…. I would appreciate your response! Thank you
Hello, I clarified that the configuration of this guide is for a vpn if I contact the server's lan network, for that you have to change the scheme, what if you can is to use ip tables to redirect ports to the lan network. I use that option, so as not to expose the network.
It helps when I do the client side the following command to check the connection
sudo openvpn client.conf
I get the following message
Options error: In [CMD-LINE]: 1: Error opening configuration file: client.conf
Use --help for more information.
Curiously, I was able to connect a client with 32-bit ubuntu but this happens to me with clients that have 64-bit ubuntu, will it have something to do with it? thanks in advance
Very good guide, thank you very much you saved me hours of documentation
Thank you first for the guide.
I have done the steps several times without getting errors and in the end I always get the same problem. When trying to connect the VPN I get the message:
The "vpn to server" network connection failed because the VPN service was unexpectedly interrupted.
Could you tell me what I'm doing wrong?
Hello, I guided me through your manual and I thought the first part was fine, but the second part that I am using two servers on the client, the second on the client is console mode, like aria, I create a file for the client and inside that file I write the second part of the code and how will I know if you work what ago thanks
Hello, clarify well where you get stuck and as I always tell you, follow the steps to the letter and if they get stuck check, because you can skip a step and then it does not work
Good afternoon !!
Simply congratulate the author of this blog, well, it has worked 100% for me on my new server that I bought.
Now I can connect from iPhone, iPad or any PC !!
Thank you from Spain
My second comment in the afternoon.
I the server, I have installed it under ubuntu server 11.04
Now, the client, I have installed it in Windows, and you simply have to have in the conf file, the correct path to the .key and .crt.
I only have a doubt…. I want to create for more clients (./build-key client2) and… it tells me the following message:
root @ ubuntu: /etc/openvpn/easy-rsa/2.0# ./build-key client2
Please edit the vars script to reflect your configuration,
then source it with "source ./vars".
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run "./clean-all".
Finally, you can run this tool (pkitool) to build certificates / keys.
Is it necessary to have to generate the server files again to generate another client? it would be crazy….
Hello, to generate more certificates you have to do the same but skipping the server part, I give you an example:
cd /etc/openvpn/easy-rsa/2.0
source ./vars
./clean-all
./build-key client
sudo cp -R /etc/openvpn/easy-rsa/2.0/keys / etc / openvpn /
is more I use something similar and I even have a vpn server that has the certificates created on another computer, so I have redundant vpn.
Hello everyone, first of all, thank you for this manual. I have started to do it on my Ubuntu 10.04 server but I have this error,
«Admin @ ks: ~ $ sudo modprobe tun
[sudo] password for admin:
FATAL: Could not load /lib/modules/2.6.38.2-grsec-xxxx-grs-ipv6-64/modules.dep: No such file or directory »
Can you help me,
Good morning Iñigo,
I for 3 days, I installed it on ubuntu-server 11.04 and NO PROBLEM. All the first time. Why don't you try 11.04? It seems that 10.04 doesn't have the module it is trying to load.
To the author of the tutorial, I have a question. Is it possible to restrict the server so that only the client can connect from a specific host? (via IP or a dyndns.org host for example)
If this is not possible, how do I configure it so that, regardless of whether the client needs the certificates, when it connects, it asks for login (user & password) in a window? Is the latter possible?
Thank you.
Good morning everyone again 🙂
After several weeks connecting to the VPN server, I have noticed that it does not give me DNS.
I connect, I access the resources writing the private IP, but, automatically, I stop browsing the web.
If I do an ipconfig, it gives me IP, GW, but the DNS is missing.
Could you add it to the openvpn daemon configuration file, or to the client config?
Thank you.
Thank you very much for the tuto !!! it goes great !!!
The only thing I have not achieved is to be able to navigate without all the traffic passing through the server.
I want to put 30 machines in the vpn to move files safely, but if the navigation (web, mail, etc etc) of the clients passes all through the server it will create a bottleneck and it will go slow.
As you say in the manual I have removed the line
push "redirect-gateway def1"
Restart the vpn and the traffic continues going through the server ...
Thank you very much in advance for the help !!!!
I find myself with the same problem that you have, I have read forums and websites, but nothing I find works for me.
All traffic goes through the VPN server.
Have if someone enlightens us 🙂
All the best
I have found the solution, very unorthodox and very unprofessional. But I have solved the problem….
As I also had problems connecting using the networks that come with Ubuntu, I googled over gui and openvpn and I found KVpnc (it is in the repositories) and there with loading the configuration file (I don't remember how, but it seemed very very easy) connected to the first one (although the traffic was still passing through the tunnel)
Changing only in settings-configure KVpnc-Network-Routes
select: Keep default route. in the 2nd dropdown
I hope you find it useful.
This is an excellent guide but I have a problem, it did all of this, create the client file and paste it into the / etc / openvpn / keys / folder where I also paste the ca .crt files and etc ..., well after importing that to the network manager I get the following message:
The VPN connection 'user' failed because there were no valid VPN secrets.
I hope you can help me. Thank you very much in advance
Hello, can you help me? I follow everything to the letter, but on the other hand, editing this part marks a big mistake
root @ ubuntu: /etc/openvpn/easy-rsa/2.0# source ./vars
bash: ./vars: line 68: Unexpected EOF while searching for a matching `» '
bash: ./vars: line 69: syntactic error: the end of the file was not expected
root @ ubuntu: /etc/openvpn/easy-rsa/2.0# ./clean-all
Please source the vars script first (ie "source ./vars")
Make sure you have edited it to reflect your configuration.
What I can do
Hi, I don't know much about networks but I want to help my brother-in-law in Cuba, he works in a company as a network specialist or something like that
the truth is that he asked me to install a proxy in
my PC to set up a VPN and connect through my
I do not understand about this, please, if you could explain and enlighten me as to how much this would appreciate
session I am not the author of the post nor do I have any idea of the subject, but I understand that the tutorial of this post would be the one you have to follow to do what you want to do
regards
hello, the truth to do what you tell us, you have to have knowledge of computer science and networks. Following the guide to the letter you can create a server and a vpn client but also I don't know if they can bypass the blockade that this country has, I hope so but I can not assure which port it will pass. you will most likely have to use port 80 to simulate a web.
Thank you very much Luciano for your answer
And if I imagine that it will not be easy to get around the computer blockade of my country but I think I will try,
I will go deeper into this world of computer networks so wait for new concerns on my part,
please hope you have patience
thanks again
<> Albert Einstein
You don't really understand something unless you are able to explain it to your grandmother.
Albert Einstein
I have some questions. The first. Is it necessary to use network manager? I never really like it. I imagine there must be other better things. The other, In my case I have to use a noip account. The issue is that on that same server I already have an ssh running with a no ip account. As it is the hand there, I have to install again the same program that uses the no-ip or directly I have to get another dns of those of noip. And as for the ports it uses. Do I have to enable them with an iptable?
now I understand why it doesn't work for me. In the part you mention
«»
* up /etc/openvpn/openvpn.up = is a script that loads openvpn at startup, it is used for ROUTING and FORWARDING, we will create it later.
«»
No this. You can see that I am missing that.
I don't know in which folder these files are ..ca.crt, client.crt and client.key .. I have followed the steps in the manual, could you help me with that?
how do i connect from windows xp to the server
Thanks a lot !
Hi luciano,
Very good post. install the vpn and pull it well. from a cell phone to my pc. The problem now is that I no longer have a network on the pc. the eth0 module has stopped working. I think the problem was caused by the script to start the vpn at startup.
will you have any comments about it?
Thank you.
Luciano, again, managed to start the network with the command dhclient eth0. As you can see I have dhcp on the vpn server. In your script can you add the dhclient so that it takes eth0 again? what do you recommend? every time the vpn stops it will disconnect my eth0. and I will have to start it manually….? regards…
I would like to know how to connect from a Windows 7 to the ubuntu server through vpn
I have the same doubt as "mga informatica", and also how I do so that 3 more friends of mine connect to the same VPN, but, from windows of course, and choose to exchange files between them, and the other with another one. not with the first two ...
Tips before choosing a VPN is to compare the different provider to make the right decision (http://lavpn.es ). I can only advise you to use this price comparison
The best VPN that I know of is the VPN ninja, and you can download it from http://www.vpnninja.com,espero that it serves them!
I leave you the website of the vpn that I used when I lived in China, it is vpn ninja, it is the one that works best, http://www.vpnninja.com
hjp is not worth shit you contradict yourself
I get lost when I go to this section, it tells me that the file doesn't exist, I don't know what happens, it doesn't work for me.
Dear, I wanted to ask you how I can put a second pool of addresses, since the pool of 254 hosts is running out, and the clients continue to increase.
Thank you!
I got lost in source ./var how I run it, when I put it like this it does not work, it will be that a sudo or something like that goes before
hello I have errors in this step
nano / etc / default / openvpn
I am supposed to get code e, which one should I comment on but nothing appears
I think that is because it is not in the folder but in this case, how should I do it?
🙁
Hey friend, I come from the future and your post no longer works for later versions of Ubuntu, any solution? I swear that the error is not imaginary ...
Hi, I'm in 2018, does this tutorial still work?
I still come from the future, my dear Black Arreola, and it no longer works for versions after linux 10