April 23, 2014
 
 
RSSRSS feed

Secure Networking For Linux, Windows, and Mac With OpenVPN (part 2)

Installation and First Steps

  • February 18, 2009
  • By Paul Rubens

OpenVPN is famously difficult to get up and running, but the truth is that it needn't be. In this second and concluding OpenVPN article I am going to go through what it takes to get an OpenVPN Ethernet tunnel set up between a laptop computer and an office or home machine acting as an OpenVPN server.

Downloading and Installing OpenVPN

Before you can get OpenVPN running on any computer you need to download and install it:

Creating a Public Key Infrastructure

  • OpenVPN Locks Down the WLAN
  • OpenVPN Provides Security Wherever You Go
  • Tips and Tricks for Linux Admins: OpenVPN & PKI
  • Once you've got OpenVPN successfully installed, it's time to build the public key infrastructure needed for certificate-based authentication. If you don't know what this means, don't worry: just follow the instructions. A fuller explanation can be found at http://openvpn.net/index.php/documentation/howto.html#pki

    To get started, you'll need to use the Easy-RSA PKI suite.

    On Windows machines you'll find it at: C:Program FilesOpenVPNeasy-rsa

    On Linux machines this will probably be installed in an easy-rsa directory machines at /usr/share/doc/packages/opevpn or /usr/share/doc/openvpn-2.0, but it's a good idea to move this to /etc/openvpn to prevent it getting overwritten by future updates.

    Generating the Master Certificate Authority (CA) Certificate & Key

    Windows: From the Start button select cmd, and in the command window type:

    cd "C:Program FilesOpenVPNeasy-rsa

    Linux/BSD/UNIX: Open a terminal window and type

    cd /etc/openvpn/easy-rsa

    (assuming you have moved the easy-rsa directory to this location)

    Then type the following commands, followed by return:

    Windows:

    init-config
    vars
    clean-all
    build-ca
    

    Linux/BSD/UNIX:

    ./init-config
    ./vars
    ./clean-all
    ./build-ca
    

    Figure 1The last command will invoke a window which will ask for a series of values. You can press the return key to enter the default values for all of these except the value for Common Name. For this, type: TestVPN

    Generating the Server and Client Certificates and Keys

    Then next step is to generate a server certificate and key, again using the Easy-RSA suite. The command for this is:

    In the interactive session that follows, simply press Enter to provide the default value each time, until you are asked for a Common Name. For Common Name enter "server" , then continue entering the default values until prompted to sign the certificate. Answer "y" to this question and to the following one to finish.

    Then generate the certificate and key for your client machine. The process is similar to the one for building the server certificate and key, but this time enter client1 as the common name.

    If you think you may want to access the OpenVPN server from more than one laptop, repeat the process, replacing client2 or client3 for client1 each time.

    Most Popular LinuxPlanet Stories

    Sitemap | Contact Us