In principle it can be installed on any OS, as both server or client. But the process varies, and I decided only to write instructions for Linux here.
A simple way to achieve that is to use NAT networking on the Client machine, and Bridged networking on the Server machine.
On your Linux Server, execute these commands:
dhclient
ifconfig
Make a note of your IP address.
In my example below, it was
192.168.3.10
On your Linux Client, execute these commands:
dhclient
ifconfig
Make a note of your IP address.
In my example below, it was
192.168.198.144
You should see replies, as shown below:
Press Ctrl+C to stop the pings.
On your Linux Server, ping the Linux Client.
You should see no replies, as shown below:
Press Ctrl+C to stop the pings.
sudo apt-get install openvpn -y
sudo mkdir /etc/openvpn/easy-rsa/
sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
sudo chown -R $USER /etc/openvpn/easy-rsa/
On your Linux Server,
execute this command:
sudo nano /etc/openvpn/easy-rsa/vars
Scroll to the bottom of the file.
Here the location preferences are set.
You can adjust them if you want, but the
defaults are OK,
as shown below:
Close the file with Ctrl+X.
cd /etc/openvpn/easy-rsa
sudo ln -s openssl-1.0.0.cnf openssl.cnf
source vars
./clean-all
./build-ca
You are now prompted for Country Name
and other such details. I just pressed
Enter several times to accept the
defaults.
On your Linux Server, execute this command:
./build-key-server myservername
You are now prompted for Country Name
and other such details. I just pressed
Enter several times to accept the
defaults. The last two questions,
"Sign the certificate? [y/n]:" and
"1 out of 1 certificate requests certified, commit? [y/n]",
require an answer of y
On your Linux Server, execute these commands:
./build-dh
cd keys
sudo cp myservername.crt myservername.key ca.crt dh1024.pem /etc/openvpn/
On your Linux Server, execute these commands:
cd /etc/openvpn/easy-rsa/
source vars
./build-key client1
You are now prompted for Country Name
and other such details. I just pressed
Enter several times to accept the
defaults. The last two questions,
"Sign the certificate? [y/n]:" and
"1 out of 1 certificate requests certified, commit? [y/n]",
require an answer of y
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
sudo gzip -d /etc/openvpn/server.conf.gz
sudo nano /etc/openvpn/server.conf
Scroll down to find the section with these lines:
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
In the second line,
change "server.crt" to "myservername.crt"
In the third line, change "server.key" to "myservername.key" as shown below:
ca ca.crt
cert myservername.crt
key myservername.key # This file should be kept secret
Save the file with Ctrl+X, Y, Enter.
sudo /etc/init.d/openvpn start
ifconfig tun0
You should see a tun0 interface,
as shown below:
If you are using a firewall, open port UDP 1194 on the server.
sudo apt-get install p7zip-full -y
sudo apt-get install apache2 -y
On your Linux Server,
execute these commands:
mkdir /tmp/cert
cp /etc/openvpn/ca.crt /tmp/cert
cp /etc/openvpn/easy-rsa/keys/client1.crt /tmp/cert
cp /etc/openvpn/easy-rsa/keys/client1.key /tmp/cert
On your Linux Server,
execute this command. When you are
prompted to, enter a secure password
of your choice, twice.
7z a -p /tmp/client1.7z /tmp/cert
On your Linux Server,
execute this command:
mv /tmp/client1.7z /var/www
This serves a password-protected file
from your server that you can download
with a Web browser.
sudo apt-get install p7zip-full -y
cd /tmp
wget http://192.168.3.10/client1.7z
7z e client1.7z
Enter your zip password when
you are prompted to.
sudo apt-get install openvpn -y
cp /tmp/client1.key /etc/openvpn
cp /tmp/client1.crt /etc/openvpn
cp /tmp/ca.crt /etc/openvpn
sudo nano /etc/openvpn/client.conf
Paste in this code, replacing
the IP address in the fourth line with
the IP address of your Linux Server:
client
dev tun
proto udp
remote 192.168.3.10 1194
resolv-retry infinite
nobind
user nobody
#group nobody
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
pull dhcp-options
Save the file with Ctrl+X,
Y, Enter.
On your Linux Client, execute these commands:
cd /etc/openvpn
openvpn /etc/openvpn/client.conf
You see several messages, ending with
"Initialization Sequence Completed"
as shown below:
On your Linux Client, open a new Terminal window, and execute this command:
ifconfig
You now have a new adapter named
"tun0" that connects the client
and server machines, starting with
10.8.0,
as shown below:
ping 10.8.0.1
You should see replies.
Press Ctrl+C to stop the pings.
On the Server machine,
execute this command:
ping 10.8.0.6
You should see replies.
Press Ctrl+C to stop the pings.
This is one benefit of VPNs--the two machines are now directly connected, punching through NAT.
sudo cat /etc/openvpn/openvpn-status.log
You should see a connection to
"Client1",
as shown below:
Save a screen shot of this image with the filename
Proj 13 from Your Name
Proj 13 from Your Name
Last modified 2:40 pm 11-1-12