http://www.linuxplanet.com/linuxplanet/tutorials/6672/1

Secure Networking For Linux, Windows, and Mac With OpenVPN (part 2)

Installation and First Steps

February 18, 2009

OpenVPN is famously difficult to get up and running, but the truth is that it needn't be. In this second and concluding OpenVPN article I am going to go through what it takes to get an OpenVPN Ethernet tunnel set up between a laptop computer and an office or home machine acting as an OpenVPN server.

Downloading and Installing OpenVPN

Before you can get OpenVPN running on any computer you need to download and install it:

Windows: Download the OpenVPN GUI installation package from http://openvpn.se/download.html
Red Hat, Fedora, CentOS: Download RPM packages from http://dag.wieers.com/rpm/packages/openvpn/
Ubuntu: Download and install OpenVPN using Synaptic Package Manager
Mac OS X: Download and install Tunnelblick OpenVPN GUI client installation package from http://code.google.com/p/tunnelblick/
Source code: Download source code from http://www.openvpn.net/index.php/downloads.html, compile and install it.

Creating a Public Key Infrastructure

OpenVPN Locks Down the WLAN

OpenVPN Provides Security Wherever You Go

Tips and Tricks for Linux Admins: OpenVPN & PKI

Once you've got OpenVPN successfully installed, it's time to build the public key infrastructure needed for certificate-based authentication. If you don't know what this means, don't worry: just follow the instructions. A fuller explanation can be found at http://openvpn.net/index.php/documentation/howto.html#pki

Other Stories on LinuxPlanet

To get started, you'll need to use the Easy-RSA PKI suite.

On Windows machines you'll find it at: C:Program FilesOpenVPNeasy-rsa

On Linux machines this will probably be installed in an easy-rsa directory machines at /usr/share/doc/packages/opevpn or /usr/share/doc/openvpn-2.0, but it's a good idea to move this to /etc/openvpn to prevent it getting overwritten by future updates.

Generating the Master Certificate Authority (CA) Certificate & Key

Windows: From the Start button select cmd, and in the command window type:

cd "C:Program FilesOpenVPNeasy-rsa

Linux/BSD/UNIX: Open a terminal window and type

cd /etc/openvpn/easy-rsa

(assuming you have moved the easy-rsa directory to this location)

Then type the following commands, followed by return:

Windows:

init-config
vars
clean-all
build-ca

Linux/BSD/UNIX:

./init-config
./vars
./clean-all
./build-ca

The last command will invoke a window which will ask for a series of values. You can press the return key to enter the default values for all of these except the value for Common Name. For this, type: TestVPN

Generating the Server and Client Certificates and Keys

Then next step is to generate a server certificate and key, again using the Easy-RSA suite. The command for this is:

Windows: build-key-server server
Linux/BSD/UNIX: ./build-key-server server

In the interactive session that follows, simply press Enter to provide the default value each time, until you are asked for a Common Name. For Common Name enter "server" , then continue entering the default values until prompted to sign the certificate. Answer "y" to this question and to the following one to finish.

Then generate the certificate and key for your client machine. The process is similar to the one for building the server certificate and key, but this time enter client1 as the common name.

If you think you may want to access the OpenVPN server from more than one laptop, repeat the process, replacing client2 or client3 for client1 each time.

Windows: build-key client1
Linux/BSD/UNIX: ./build-key client1

Sitemap | Contact Us