Configure openvpn on Ubuntu

Source: Internet
Author: User
Directory
    1. Install
    2. Set up a serious organization to generate a certificate
    3. Configure the server
    4. Configure the client

1. Install
Install in UbuntuOpenvpnExtremely simple:

Code:
Sudo apt-Get installOpenvpn


We recommend that you useOpenvpnGUI for Windows installation package, which includesOpenvpnAnd a user-friendly GUI in windows.

2. Set up a serious organization to generate a certificate
ReferenceOpenvpnIn general, there is no problem.
In ubuntu, the directory/usr/share/doc/Openvpn/Examples/easy-RSA/2.0 copy your home directory and modify vars to conform to your actual situation (country, province, city, company, institution, email address ), then run

Code:
./Vars
./Clean-all
./Build-ca
./Build-key-server <servername>
./Build-key <clientname>
./Build-DH


Note: This is only the first time the certificate is generated. In this case, Build-Ca creates the root certificate. If you have not cleared all VPN certificates
Server/client, you should not run this command again; all the certificates and private keys created are under the keys of the current directory, and the command clean-all
All contents under the keys are cleared, so cliean-all runs only once before build-ca.
Then add the server certificate or client certificate to run

Code:
./Vars
./Build-key-server <servername>
Or
./Build-key <clientname>

3. Configure the server
Extract server. conf from the example

Code:
Sudo CP/usr/share/doc/Openvpn/Examples/sample-config-files/server.conf.gz/etc/Openvpn/
Sudo gzip-D/etc/Openvpn/Server.conf.gz


/Etc/copy the certificate and Private Key/Openvpn

    CA. CRT
    Server. CRT
    Server. Key
    Dh1024.pem

Modify server. conf
Key 1: uncomment push "route A. B. C. d route 255.255.0" and replace the address and mask with the address and mask of the office network.
Contents
Is to add a route for the client, so that the client can access the office network out of the VPN
Other hosts outside the server (many VPN clients directly add default routes, so that all client connection requests are routed to the VPN
In the channel, the result is that the client cannot access the VPN at this time, but adding the route with the specified address will not cause this problem)
Key 2: Fetch
Push "DHCP-option dns a. B. C. D" and push "DHCP-option wins a. B. C. D ",
And replace the address with the actual DNS address and the address of the WINS server. It is best that the DNS server can forward the external DNS server that requires external domain name resolution
The purpose is that the client can still access the Internet after connecting to the VPN. (If the pushed DNS cannot resolve the external domain name, it is impossible to access the Internet even if the client's route configuration is correct)
Other server settings
Configure the server and run packet forwarding:

Code:
Echo 1 | sudo tee/proc/sys/NET/IPv4/ip_forward


Key 3: If the VPN Server is not the default gateway of the office network, you can add it to the route entry 10.8.0.0/24 on the default gateway. The Gateway is the internal IP address of the server.
Key 1 only allows the client to know how to Route packets to the company's network, and key 3 is to let the host in the company's network know how to Route packets to the VPN Client.
Pair
On netscreen 25 (screnos 5.3.0r3.0), network-routing-destination-
[Trust-VR] New-IP/mask [10.8.0.0]/[24]-select [gateway], Interface
[Ethernet1], gateway IP Address [internal IP of VPN Server]

4. Configure the client
In ubuntu,
4.1.1 copy client. conf from the example

Code:
Sudo CP // usr/share/doc/Openvpn/Examples/sample-config-files/client. CONF/etc/Openvpn/


4.1.2 copy the certificate and private key to/etc/Openvpn:

    CA. CRT
    Client. CRT
    Client. Key

4.1.3 Modify/etc/Openvpn/Client. conf:
In the remote my-server-1 1194 line, replace my-server-1 with the external IP address of the VPN Server.
Key 4: Add two lines at the end

Code:
Up/etc/Openvpn/Update-resolv-Conf
Down/etc/Openvpn/Update-resolv-Conf


The purpose is to update domain name resolution settings based on DHCP-option pushed by the server.

4.1.4 other settings:
Key 5: Installing resolvconf

Code:
Sudo apt-Get install resolvconf

The script set in key 4 needs to use this software.

In Windows,
4.2.1 copy client. ovpn to the config directory
4.2.2 copy the certificate and related private keys to the config directory

    CA. CRT
    Client. CRT
    Client. Key

4.2.3 Change My-server-1 in client. ovpn to the external IP address of the VPN Server.

From: http://hi.baidu.com/pc10/blog/item/a720502c6e14fee88b1399a7.html

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.