Installation


Upgrades


DTC-Xen Installation


DTC-Xen / Dom0 Howtos

DTC-Xen / DomU Howtos

FAQ


DTC Howtos


Manuals


Features


Roadmap


Devel docs


Wiki - i18n


Wiki - Meta


How to setup Open VPN quickly

0. Lazy setup fully automated

If you have GPLHost repository in your apt/sources.list:

   deb ftp://ftp.gplhost.com/debian stable main

then simply do:

   apt-get install gplvpn

This package will setup every dependency, and it's postinst script will do the work for you: generate the server keys and config files, and generate keys for 20 clients. Now see the rest to have more details (you can skip chapter 1. if you did like above).

1. Setup the sever manually

Install openvpn and the needed utils:

   apt-get install openvpn openssl udev

Get this file:

   http://dtcsupport.gplhost.com/openvpn-setup.tar.gz

Move the content of openvpn-setup in the archive in the /etc/openvpn. Start the "setup" script. That should be enough to have a working setup. This setup script will create a key for 20 clients, which should be enough for most users. It guesses the IP address using netstat -rn, as most chances that your gateway interface is the one that is your public IP address.

2. Client setup

The configuration files for the client are in a generated folder client-config. You should send the files corresponding to the client in each computers. Note that the file is to be used with OpenVPN GUI client under windows, as this is the most common setup. It should be quite easy to change the config file for Unix (simply rename with .conf extention instead of .ovpn, and edit the path so OpenVPN can find it's keys).

3. Windows client(s) setup with OpenVPN GUI

http://www.openvpn.net/release/openvpn-2.1_rc15-install.exe

The OpenVPN GUI is available within the 2.1 release packages.

4. How to fix the user access control problem under Vista

Please follow any of the steps at the following URL to disable UAC. This allows a simpler use of OpenVPN, since the extra security controls in place interfere with OpenVPN: http://www.petri.co.il/disable_uac_in_windows_vista.htm

5. Please edit the client.ovpn file (in wordpad in case notepad doesn't contain the carriage returns correctly), and add the following to entries, to ensure that it works correctly with Vista

route-method exe
route-delay 2

6. In case you can connect, but browsing does not seem to work, you will probably need to fix the DNS setting in the server configuration

push "dhcp-option DNS 203.2.192.124" 

7. Setup a bridge to route between 2 locations

If you need to have one network from a data center connected to let's say your home, then you might need this scrip:

   http://dtcsupport.gplhost.com/bridge-start

What id does is create a bridge between your tap0 interface and your eth0. Note that you should use tap, and NOT the tun device in your OpenVPN configuration file. This script is taken from the OpenVPN bridge howto, but we have added the management of the network gateway and it has start / stop options, so it can be put in /etc/init.d

Note that you HAVE to AT LEAST use a screen session to start this script, as you WILL get disconnected from ssh when you run it. Indeed, the bridge will go in the "learning state" for a while (maybe from 5 to 20 seconds) before you get connectivity back. Best is to use the physical console of a VPS or a KVM if you can.

Also, do NOT forget to edit the IPs in the script...

8. In case you want many clients with many public IPs

Then follow this script.

Please change the IP address to a DNS server that is accessible by the server running the VPN.

Enjoy! :)

Editing this page means accepting its license.

Page last modified on April 14, 2009, at 06:39 PM EST