Today i am going to show you how to install OpenVPN on Ubuntu VPS . In this post i will be omitting some very basic steps like installing putty and openvpn client on Windows , editing files with vi text editor etc and transferring files through winscp . Here is what you will require to accomplish this installation of OpenVPN on Ubuntu :
Step One: Connect to your computer through putty as root and issue the following commands ( one by one ) to update your Ubuntu installation and packages.
apt-get update
apt-get upgrade –show-upgraded
Step Two: Install OpenVPN server by issuing the following command in Putty Window.
apt-get install openvpn udev
Step Three : OpenVPN comes with encryption tool called Easy RSA and we need to copy relevant files to the OpenVPN directory. Issue the following command in the Putty Window.
cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn
Step Four: Next we are going to initiate the Public Key Infrastructure (PKI) and build Certificate Authority which we will use to create keys and certificates for Server and clients of OpenVPN. Issue the following commands.
cd /etc/openvpn/easy-rsa/2.0/
. /etc/openvpn/easy-rsa/2.0/vars
. /etc/openvpn/easy-rsa/2.0/clean-all
. /etc/openvpn/easy-rsa/2.0/build-ca
The last command will initiate a script that will ask for values. Just keep on hitting the Enter button on your computer and accept the default values except the email which you would like to change , though it is not very critical.
Step Five: Next we need to create Server Key using the Certificate Authority we built in Step Four. Issue the following command in the putty window and just keep on hitting Enter button at prompts ( optionally you might want to change the email ) :
. /etc/openvpn/easy-rsa/2.0/build-key-server server
Similarly we also need to create client key by using the following command in Putty terminal window:
. /etc/openvpn/easy-rsa/2.0/build-key client1
Step Six : We need to generate Deffie Hellman Parameters which will be governing the key exchanges between the client and the server of OpenVPN. Issue the following command in Putty Terminal window.
. /etc/openvpn/easy-rsa/2.0/build-dh
Step Seven : Next we need to relocate the keys from /etc/openvpn/easy-rsa/2.0/keys to /etc/openvpn directory by using the following commands in the Putty window :
cd /etc/openvpn/easy-rsa/2.0/keys
cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn
Step Eight : In this step we are going to configure the Virtual Private Network by altering certain configuring files that come as default with the the OpenVPN installation. Here we will need to use the linux text editor named vi . It is very easy to use all you have to remember is that in order to enter Insert Mode ( editing mode ) , you will need to press i on your keyboard. To come out of the insert mode and save the changes you will press Escape button your keyboard and then type :wq and press enter. Issue the following commands one by one in the Putty Window :
cd /usr/share/doc/openvpn/examples/sample-config-files
gunzip -d server.conf.gz
cp server.conf /etc/openvpn/
cp client.conf ~/
cd ~/
vi client.conf
Edit the client.conf file at two locations :
Enter the IP address of your Ubuntu VPS and rename client.crt an client.key files to client1.crt and client1.key .
Step Nine : Now is the time to start the OpenVPN Server . Use the following command in the Putty terminal window :
/etc/init.d/openvpn start
Step Ten : In this step we are going to do necessary amendments to tunnel all traffic through the OpenVPN server on the VPS. We need to amend certain files .
First issue the following command and edit server.conf file.
vi /etc/openvpn/server.conf
uncomment the following line
push “redirect-gateway def1 bypass-dhcpâ€
and then add the following line
push “dhcp-option DNS 10.8.0.1″
Step Eleven : Next we need to edit /etc/sysctl.conf file .
Issue the following command
vi /etc/sysctl.conf
and uncomment the following line
net.ipv4.ip_forward=1
Next we issue the following command in the
echo 1 > /proc/sys/net/ipv4/ip_forward
Next issue the following commands to configure Iptables one by one:
iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to-source YourVPSIP
(Insert your vps Ip in place of red text before issuing last command.)
Next issue the following command to edit /etc/rc.local file and add the iptables rules in there :
vi /etc/rc.local
iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to-source YourVPSIP
(Again remember to Insert your vps Ip in place of red text before issuing last command.)
Finally restart the OpenVPN server by the following command in putty terminal window :
/etc/init.d/openvpn restart
Step Twelve : Next we transfer the following four files from VPS OpenVPN server to client machine where you would install openvpn client and transfer those files to config directory of OpenVPN .With these minor steps of transferring key files to your client computer , we have successfully installed OpenVPN on Ubuntu VPS .
This was all about it . And believe you me , it is as simple as it gets and you wont find any tutorial on the internet simpler than this to install OpenVPN on Ubuntu VPS .
- An OpenVZ VPS with minimum 64 MB ( preferably 128 MB ) RAM with vanilla install of Ubuntu 11.04 OS. I tested this tuotorial with Ubuntu 11.04 , though i have all the reasons to believe that it should work for other ubuntu versions as well. You must be having root access to the VPS. You can get cheap VPS under $20 per year easily . For some very cheap offers you can find thissite very useful.
- Putty for connecting remotely with your VPS
- Winscp for tranferring certificates and key files to your computer.
- OpenVPN client for your computer.
Step One: Connect to your computer through putty as root and issue the following commands ( one by one ) to update your Ubuntu installation and packages.
apt-get update
apt-get upgrade –show-upgraded
Step Two: Install OpenVPN server by issuing the following command in Putty Window.
apt-get install openvpn udev
Step Three : OpenVPN comes with encryption tool called Easy RSA and we need to copy relevant files to the OpenVPN directory. Issue the following command in the Putty Window.
cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn
Step Four: Next we are going to initiate the Public Key Infrastructure (PKI) and build Certificate Authority which we will use to create keys and certificates for Server and clients of OpenVPN. Issue the following commands.
cd /etc/openvpn/easy-rsa/2.0/
. /etc/openvpn/easy-rsa/2.0/vars
. /etc/openvpn/easy-rsa/2.0/clean-all
. /etc/openvpn/easy-rsa/2.0/build-ca
The last command will initiate a script that will ask for values. Just keep on hitting the Enter button on your computer and accept the default values except the email which you would like to change , though it is not very critical.
Step Five: Next we need to create Server Key using the Certificate Authority we built in Step Four. Issue the following command in the putty window and just keep on hitting Enter button at prompts ( optionally you might want to change the email ) :
. /etc/openvpn/easy-rsa/2.0/build-key-server server
Similarly we also need to create client key by using the following command in Putty terminal window:
. /etc/openvpn/easy-rsa/2.0/build-key client1
Step Six : We need to generate Deffie Hellman Parameters which will be governing the key exchanges between the client and the server of OpenVPN. Issue the following command in Putty Terminal window.
. /etc/openvpn/easy-rsa/2.0/build-dh
Step Seven : Next we need to relocate the keys from /etc/openvpn/easy-rsa/2.0/keys to /etc/openvpn directory by using the following commands in the Putty window :
cd /etc/openvpn/easy-rsa/2.0/keys
cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn
Step Eight : In this step we are going to configure the Virtual Private Network by altering certain configuring files that come as default with the the OpenVPN installation. Here we will need to use the linux text editor named vi . It is very easy to use all you have to remember is that in order to enter Insert Mode ( editing mode ) , you will need to press i on your keyboard. To come out of the insert mode and save the changes you will press Escape button your keyboard and then type :wq and press enter. Issue the following commands one by one in the Putty Window :
cd /usr/share/doc/openvpn/examples/sample-config-files
gunzip -d server.conf.gz
cp server.conf /etc/openvpn/
cp client.conf ~/
cd ~/
vi client.conf
Edit the client.conf file at two locations :
Enter the IP address of your Ubuntu VPS and rename client.crt an client.key files to client1.crt and client1.key .
Step Nine : Now is the time to start the OpenVPN Server . Use the following command in the Putty terminal window :
/etc/init.d/openvpn start
Step Ten : In this step we are going to do necessary amendments to tunnel all traffic through the OpenVPN server on the VPS. We need to amend certain files .
First issue the following command and edit server.conf file.
vi /etc/openvpn/server.conf
uncomment the following line
push “redirect-gateway def1 bypass-dhcpâ€
and then add the following line
push “dhcp-option DNS 10.8.0.1″
Step Eleven : Next we need to edit /etc/sysctl.conf file .
Issue the following command
vi /etc/sysctl.conf
and uncomment the following line
net.ipv4.ip_forward=1
Next we issue the following command in the
echo 1 > /proc/sys/net/ipv4/ip_forward
Next issue the following commands to configure Iptables one by one:
iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to-source YourVPSIP
(Insert your vps Ip in place of red text before issuing last command.)
Next issue the following command to edit /etc/rc.local file and add the iptables rules in there :
vi /etc/rc.local
iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to-source YourVPSIP
(Again remember to Insert your vps Ip in place of red text before issuing last command.)
Finally restart the OpenVPN server by the following command in putty terminal window :
/etc/init.d/openvpn restart
Step Twelve : Next we transfer the following four files from VPS OpenVPN server to client machine where you would install openvpn client and transfer those files to config directory of OpenVPN .With these minor steps of transferring key files to your client computer , we have successfully installed OpenVPN on Ubuntu VPS .
This was all about it . And believe you me , it is as simple as it gets and you wont find any tutorial on the internet simpler than this to install OpenVPN on Ubuntu VPS .