Running OpenVPN on Ubuntu 8.10 Server June 19th, 2009
Running OpenVPN on Ubuntu 8.10 Server
When I’m attending classes i can access the internet using the wireless network at my school. Unfortunately you can only do generic tasks like browsing the web, receiving and sending e-mail and MSN chat, everything else is blocked: no RDP, VNC, secure SMTP (port 587), games or anything that uses custom ports/protocols.
I can’t get to my servers unless i run SSH on allowed ports like 25, 80, 443, etc. To get around this I’ve been looking into running my own OpenVPN server on an allowed port so i can get unrestricted access to the internet using my server as a gateway. I’ll be connecting to the OpenVPN server using Viscosity.
OpenVPN
Get the OpenVPN binaries using the apt-get command:
You’ll find everything you need in/usr/share/doc/openvpn/examples/
Copy ./sample-config-files/server.conf.gz and ./easy-rsa/2.0/ to /etc/openvpn
Go to /etc/openvpn
Rename the 2.0 folder into easy-rsa and unpack the config file:
Certificates
OpenVPN needs a number of certificates, you can create them using the easy-rsa tools.
Optional: Edit the vars file so it contains the correct default fields, this will save some time later.
Edit the values at the bottom of the file to whatever you want.
Save the vars file.
Generate the master Certificate Authority (CA) certificate and keys
Generate the certificate and key for the server
Leave the common name set to its default value (server)
Generate the certificates and keys for clients
Leave the common name set to its default value.
Generate Diffie Hellman parameters
Creating the server configuration file
Edit /etc/openvpn/server.conf
This is what i use (# = comment):
Copy the server certificates and keys to /etc/openvpn
Copy the client certificates and keys to wherever you want (you need them on your clients)
Restart the OpenVPN service
Any .conf file in /etc/openvpn will be automatically loaded.
Making routes work
Before you can actually access the internet over your VPN you need to enable IPv4 forwarding and add some iptables rules.
Edit /etc/sysctl.conf
Uncomment net.ipv4.ip_forward=1 and save your changes.
At this point you can either reboot or run the following command.
Confirm that ip_forward is actually enabled.
Add the following rules to /etc/rc.local before the exit 0 statement
The address (10.8.0.0/24) is the default network used by the OpenVPN sample config, eth0 is the interface connected to the internet (change this if needed).
Run the rules manually, restart or /etc/init.d/rc.local start.
You’re done configuring the OpenVPN server. Make sure its running:
Thanks to Author, source http://nielsvz.com/2009/02/running-openvpn-on-ubuntu-810-server/
