VPN setup in Ubuntu – General introduction

VPN client for ubuntu
Rerouting communications When an application on your box asks linux to send a packet to some destination host e. I tried using this, but couldn't save it. What is a VPN? We'll also add the SSH port in case you forgot to add it when following the prerequisite tutorial:. This must be set to "1" to work with the server:.


How to install Cisco VPN client on Ubuntu 13.04, 13.10

A VPN Virtual Private Network is very effective to keep our privacy in internet so nobody will sniff our IP address or block our connection to the internet. Overview By using OpenVPN connection, you basically "force" all applications to connect to the internet via that connection.

It means, different applications such as web browser, IRC client, mail client, torrent, even CLI programs such as apt and wget will automatically "forced" to connect via that OpenVPN connection. The global topology is you connect to the OpenVPN server first, then the server forwards you into the internet. Similar to proxy connection but VPN is encrypted and has more features. It is encrypted securely so basically nobody will spy your connection. Ensure your internet connection is enabled.

Fortunately, we have many providers provide us free OpenVPN server. In OpenVPN terms, we need the configuration file. I will use my favorite provider vpngate. I like vpngate because I don't need to type password to use their files. A new tab download page opened. You download a file with. I give TCP option as an example only. The traffic emerges from the VPN server and continues its journey to the destination. When combined with HTTPS connections , this setup allows you to secure your wireless logins and transactions.

You can circumvent geographical restrictions and censorship, and shield your location and any unencrypted HTTP traffic from the untrusted network. This tutorial will keep the installation and configuration steps as simple as possible for these setups. If you plan to set up an OpenVPN server on a DigitalOcean Droplet, be aware that we, like many hosting providers, charge for bandwidth overages. For this reason, please be mindful of how much traffic your server is handling.

See this page for more info. You will need to configure a non-root user with sudo privileges before you start this guide. You can follow our Ubuntu The linked tutorial will also set up a firewall , which we will assume is in place during this guide.

When you are ready to begin, log into your Ubuntu server as your sudo user and continue below. To start off, we will install OpenVPN onto our server. OpenVPN is available in Ubuntu's default repositories, so we can use apt for the installation. We will also be installing the easy-rsa package, which will help us set up an internal CA certificate authority for use with our VPN.

This means that it utilizes certificates in order to encrypt traffic between the server and clients. In order to issue trusted certificates, we will need to set up our own simple certificate authority CA. To begin, we can copy the easy-rsa template directory into our home directory with the make-cadir command:.

To configure the values our CA will use, we need to edit the vars file within the directory. Open that file now in your text editor:. Inside, you will find some variables that can be adjusted to determine how your certificates will be created. We only need to worry about a few of these. Towards the bottom of the file, find the settings that set field defaults for new certificates.

It should look something like this:. To keep this simple, we'll call it server in this guide:. Now, we can use the variables we set and the easy-rsa utilities to build our certificate authority. This will initiate the process of creating the root certificate authority key and certificate. Since we filled out the vars file, all of the values should be populated automatically. Next, we will generate our server certificate and key pair, as well as some additional files used during the encryption process.

If you choose a name other than server here, you will have to adjust some of the instructions below. Once again, the prompts will have default values based on the argument we just passed in server and the contents of our vars file we sourced.

Do not enter a challenge password for this setup. Towards the end, you will have to enter y to two questions to sign and commit the certificate:. Next, we'll generate a few other items. We can generate a strong Diffie-Hellman keys to use during key exchange by typing:. Next, we can generate a client certificate and key pair. Pass in a unique value to the script for each client. Because you may come back to this step at a later time, we'll re-source the vars file. To produce credentials without a password, to aid in automated connections, use the build-key command like this:.

If instead, you wish to create a password-protected set of credentials, use the build-key-pass command:. Leave the challenge password blank and make sure to enter y for the prompts that ask whether to sign and commit the certificate. Next, we can begin configuring the OpenVPN service using the credentials and files we've generated.

We can start with all of the files that we just generated. Next, we need to copy and unzip a sample OpenVPN configuration file into configuration directory so that we can use it as a basis for our setup:. First, find the HMAC section by looking for the tls-auth directive. Remove the " ; " to uncomment the tls-auth line.

Below this, add the key-direction parameter set to "0":. Next, find the section on cryptographic ciphers by looking for the commented out cipher lines. Below this, add an auth line to select the HMAC message digest algorithm. For this, SHA is a good choice:. Finally, find the user and group settings and remove the " ; " at the beginning of to uncomment those lines:. The settings above will create the VPN connection between the two machines, but will not force any connections to use the tunnel.

If you wish to use the VPN to route all of your traffic, you will likely want to push the DNS settings to the client computers. You can do this, uncomment a few directives that will configure client machines to redirect all web traffic through the VPN. Find the redirect-gateway section and remove the semicolon " ; " from the beginning of the redirect-gateway line to uncomment it:.

Just below this, find the dhcp-option section. Again, remove the " ; " from in front of both of the lines to uncomment them:. If you need to use a different port because of restrictive network environments that your clients might be in, you can change the port option. If you are not hosting web content your OpenVPN server, port is a popular choice since this is usually allowed through firewall rules. Often if the protocol will be restricted to that port as well.

If you have no need to use a different port, it is best to leave these two settings as their default. If you selected a different name during the. If you used the default server , this should already be set correctly:. Next, we need to adjust some aspects of the server's networking so that OpenVPN can correctly route traffic.

First, we need to allow the server to forward traffic. This is fairly essential to the functionality we want our VPN server to provide. Inside, look for the line that sets net.

Remove the " " character from the beginning of the line to uncomment that setting:. If you followed the Ubuntu Regardless of whether you use the firewall to block unwanted traffic which you almost always should do , we need the firewall in this guide to manipulate some of the traffic coming into the server. We need to modify the rules file to set up masquerading, an iptables concept that provides on-the-fly dynamic NAT to correctly route client connections.

Before we open the firewall configuration file to add masquerading, we need to find the public network interface of our machine. To do this, type:. Your public interface should follow the word "dev".

For example, this result shows the interface named wlp11s0 , which is highlighted below:. This file handles configuration that should be put into place before the conventional UFW rules are loaded. Towards the top of the file, add the highlighted lines below. We need to tell UFW to allow forwarded packets by default as well.

We'll also add the SSH port in case you forgot to add it when following the prerequisite tutorial:. We need to start the OpenVPN server by specifying our configuration file name as an instance variable after the systemd unit file name.

Since our client configuration files will have the client keys embedded, we should lock down permissions on our inner directory:. Next, let's copy an example client configuration into our directory to use as our base configuration:.

First, locate the remote directive. This points the client to our OpenVPN server address. If you changed the port that the OpenVPN server is listening on, change to the port you selected:. Next, uncomment the user and group directives by removing the " ; ":. Find the directives that set the ca , cert , and key. Comment out these directives since we will be adding the certs and keys within the file itself:. Next, add the key-direction directive somewhere in the file.

This must be set to "1" to work with the server:.

Your Answer

I'm trying to setup OpenVPN using NetworkManager. The GUI seems buggy and unresponsive. Are there any other tools for setting up a VPN client? Mar 26,  · Connecting to a VPN in Ubuntu. This document was originally written for Ubuntu (Edgy Eft), running the GNOME desktop, by freeatlast. It describes connecting to a VPN as a client. A VPN (or Virtual Private Network) is a way of connecting to a local network over the internet. For example, say you want to connect to the local network at your workplace while you’re on a business trip. You would find an internet connection somewhere (like at a hotel) and then connect to your.