5
Posted March 29, 2010 by Spyros in General Tips & Tricks
 
 

How to Set Up a Virtual Private Network (VPN) Using OpenVPN

idsvlan
idsvlan

Imagine that in your office’s computer, there are lots of interesting files that you have saved. As long as you are in your office, you have access to all of them, but when you go home, you can’t access it. The reason is that although your office computer has internet, it’s behind NAT and therefore you cannot access it directly. This is where a VPN can really be helpful.

A Virtual Private Network is a way to access a private network (your office lan in this occasion) through a larger network (the internet in this and actually most cases). What you would do in this occasion is install openvpn in both your computers and set your office computer to be the server and your home computer to be the client. Let’s take a look on the steps that you need to take in order to create the vpn.

Generate The Master CA certificate, the Server Certificate and The Clients Certificates

After you install openVPN on your machines (installation is trivial, there are packages available or you can even compile from sources), go to your server and locate the openVPN configuration files. It should be under /etc/openvpn/. Inside the easy-keys/2.0/ directory, execute these commands to initialize the Public Key Infrastructure :


./vars
./clean-all
./build-ca

After executing build-ca, you will be asked for some information. Changing the Common Name is a good idea if you like to. You can leave the rest as they are. After completion, the Master CA Certificate is now generated.

Let’s now generate the certificate and private keys for our server, using the command :


./build-key-server server

Sign and commit the certificate, while also provide a meaningfull Common Name, like “officeServer”. Our server is set and we just need to configure our client(s).  Again, this is almost the same as the server key and certificate generation :


build-key homeClient

You could create more clients if you like, but in this case we just need one for our home. In the end, you also need to generate the Diffie-Hellman public key scheme parameters using :


build-dh

This will create a *.pem file that we need for our server. In the end of the process, you will have a bunch of different files in easy-keys/2.0/ . The ca.crt file is needed by both the server and the client(s), it is the master certificate. The server has 3 more files. The *.pem file, the server.crt and server.key file (or however you named them). A client has 2 files, the client.crt and client.key file.

The next thing that you would need to do is create a tarball with the client files, client.crt, client.key AND the ca.crt, which is needed by every computer.

Sample Configuration Files For OpenVPN Clients and Server

Now, both your server and client(s) need to have config files in /etc/openvpn/ . This is actually pretty easy to do and you can follow the official openvpn sample files to do so. Once you’re done, just restart both openvpns using “/etc/init.d/openvpn restart” and your virtual private network is now working !


Spyros