Guide to OpenVPN on Ubuntu 9.04 Jaunty Jackalope
This is a quick and easy guide for OpenVPN on Ubuntu that will get you up and running with minimal configs. With some persistence this is not hard to do and opens up a world of possibilities. Eg, Full encrypted access from remote locations to your home network, or if you really want to go nuts you can even do the ssh tunnelling of openvpn over a http proxy using corkscrew.
This configuration works for a single client connecting to a single server.
## Note Server Config (its tunnel interface will be 172.20.0.1 and eth0 is 192.168.1.10 and its Public IP is that of your router): apt-get install openvpn cd /etc/openvpn openvpn --genkey --secret mystatickey.key vi /etc/openvpn/openvpn.conf =======snip=========== dev tun ifconfig 172.20.0.1 172.20.0.2 secret mystatickey.key keepalive 10 60 ping-timer-rem persist-tun persist-key ======snip============ echo 1 > /proc/sys/net/ipv4/ip_forward /etc/init.d/openvpn start
ifconfig command- should show a tun interface with an IP of 172.20.0.1
###Client Config (its tunnel interface will be 172.20.0.2) apt-get install openvpn cd /etc/openvpn scp publicIPofyourRouter:/etc/openvpn/mystatickey.key . vi /etc/openvpn/openvpn.conf ===== snip ============= remote publicIPofyourRouter dev tun ifconfig 172.20.0.2 172.20.0.1 secret mystatickey.key keepalive 10 60 ping-timer-rem persist-tun persist-key ===== snip ============= /etc/init.d/openvpn start
ifconfig - should show a tun interface with an IP of 172.20.0.2
Time to test. From your client you should be able to ping 172.20.0.1 (the server tunnel interface).
If ping works your tunnel is up and openvpn is running sweetly. 🙂
You will probably need to add a static route to your local router (server end) so that the route to 172.20.0.0 goes to your openvpn server and not out the gateway. Also the ip_forward line is required to allow your server to route traffic between interfaces.
* Firewall and port forwarding are the first things to check. UDP 1194 must be open on the server.
* You can use no-ip.com or dyndns.org to get a home DNS entry if you are a dynamic IP. Then use this as your remote IP in the client config.
* You will need to forward UDP 1194 from your router to the internal host. This is configured on your router.
* If you only want to access local lan addresses at your server end and have your public traffic not go over the vpn from your client use routes on the client such as route add -net 192.168.1.0/24 gw 172.20.0.1
Sometimes you want to do funky things, like push your VPN tunnel through an ssh tunnel. This allows you to get full access to a remote LAN over a single open port (ssh).
Edit openvpn.conf on both client and server as below, note you are no longer using UDP and you also don't need to forward UDP or TCP 1194 anymore as you everything is inside SSH. Add to server: proto tcp-server Change remote line to: remote localhost Add to client: proto tcp-client Now on your client you want to port forward 1194 TCP to your local machine. ssh -L 1194:127.0.0.1:1194 you@yourpublicip Test by telnet to 127.0.0.1 1194 on client - you should get a connection. Break the connection and start openvpn on client. /etc/init.d/openvpn start