VPN technology is well known as a way to secure access to private resources of companies, as well as a variety of content, be it audio, video or archived documents. It allows you to create a private network by redirecting documents to one computer with resources of another or several. Virtual Private Network is widely used in all modern browsers. Without it, remote work by an employee of a large and important organization is rarely complete. Setting up OpenVPN Ubuntu is relevant not only for technicians and high security advocates, but also for all those who do not want to put up with the high cost of licensed content in countries where access to it is restricted.
In Linux, the configuration of virtual networks is subtle.
With this technology, you can easily access content on Chinese file storages, say, from Russia, known for its widespread Internet censorship. Or use it to gain many other important benefits of free online use. In organizations, the issue of using VPN has matured due to the difficulty of setting up firewalls. Their use required to constantly change the parameters of the connected equipment and access settings. Previously, this led to considerable time and financial costs.
Installing OpenVPN is an application of freely available virtual private network technology. It is possible both in Windows and in Linux-shaped OS. Since it is easier to tune all the parameters of this function in the Linux environment, we’ll look at it. The topic of Virtual Private Networks is widely covered on many thematic sites and forums, thanks to which both professionals and new adherents of security technologies all over the world were able to join it. Installing OpenVPN Ubuntu allows you not only to increase the security of your personal data, but also to organize your online activities correctly.
Why use the VPN, and not other ways to protect personal information? This method is enough to configure only once. All data will automatically pass through a private network server, immediately in an encrypted form.
What you need to know in theory?
OpenVPN is quite functional, fast and flexible software that allows you to work with SSL VPN. It has open source. This means that everyone can use its capabilities separately, as well as modify the program code for their own needs.
In fact, this technology offers the use of unsafe networks as if they had powerful protection. This will be very relevant if:
- You use to access an Internet connection with weak security.
- At your place of residence there is censorship for access to information.
- You are in a place with Wi-Fi access points for public use.
- You need to hide your location well from other network users.
- You want even better to protect your personal data and passwords.
It is private because no one can access it. This can be done only by individual participants who have created such a connection between themselves. Each network element must contain security information. This information allows you to easily access the network to some Internet users, and also simply denies access to others.
Basic concepts
A tunnel is a secure, secure connection that uses the resources of an insecure network (in this case, the Internet) and allows you to exchange information over a private channel that is configured only on trusted devices.
A client is a program that is installed on equipment where you need to provide a channel for exchanging data with a server. This channel is protected.
Server - a computer or a place where user accounts of a virtual private network are stored. Using the server allows you to speed up the programs and reduce traffic (the amount of data transmitted).
Public keys and certificates are special data used to encrypt information. When exchanging data, they get to the certification center, where they sign. They later return to the original network element.
Go to practice
To configure your OpenVPN Ubuntu server, you will need to purchase your own server with Ubuntu Linux installed. It needs to get root. Currently, you can purchase a solution at a low price, and the number of companies that offer such services is increasing. By itself, installing OpenVPN Ubuntu does not require a significant investment of time.
We start installation and setup
First you need to connect to the server and give it the following commands:
"Apt-get update
apt-get install openvpn »
These instructions will begin installing OpenVPN. Next, you need to install and prepare for work the utility for creating keys and certificates:
"Cd / tmp
wget //github.com/OpenVPN/easy-rsa/archive/master.zip
apt-get install unzip
unzip master.zip
cd easy-rsa-master
./build/build-dist.sh
tar xvzf ./EasyRSA-git-development.tgz
cd EasyRSA-git-development »
Next you need to generate keys and certificates:
"./Easyrsa init-pki
./easyrsa build-ca
./easyrsa build-server-full server
./easyrsa build-client-full client1
./easyrsa gen-dh
After generation, you need to transfer the data to / etc / openvpn /:
"Mv ./pki/dh.pem /etc/openvpn/dh.pem
mv ./pki/private/client1.key / etc / openvpn /
mv ./pki/private/server.key / etc / openvpn /
mv ./pki/ca.crt / etc / openvpn /
mv ./pki/issued/client1.crt / etc / openvpn /
mv ./pki/issued/server.crt / etc / openvpn / "
Create a server.conf file with the following parameters in the same directory:
"Mode server
dev tun
server 10.128.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
tls-server
ca ca.crt
cert server.crt
key server.key
dh dh.pem
proto tcp-server
port 1194
client-to-client
comp-lzo
keepalive 10 120
verb 4
cipher AES-256-CBC
user nobody
group nogroup
max-clients 10 »
Conduct launch
"Service openvpn start"
Next, you need to enter data for the client side. You will need to create several new files.
"Mkdir vpn
cd vpn
scp vpn-server: /etc/openvpn/client1.crt ./
scp vpn-server: /etc/openvpn/client1.key ./
scp vpn-server: /etc/openvpn/ca.crt ./ "
Here, in the remote line, you need to write the IP address of the server as shown in the example.
“Client
proto tcp
dev tun
123.45.67.89 1194 remote
persist-key
persist tun
ca ca.crt
cert client1.crt
key client1.key
cipher AES-256-CBC
comp-lzo
verb 3 "
Next, you need to examine the log files on the server for errors:
“Sudo openvpn —config client.conf”
In the next terminal window, enter the command:
"Ping 10.128.0.1
traceroute mail.ru »
If everything was done correctly, you will find that 10.128.0.1 pinged successfully. However, sending packets to the recipient will not occur, since NAT is not configured on the server. We still need to complete this step.
On the server, you must open a file called /etc/sysctl.conf and remove the comment characters from the line “net.ipv4.ip_forward = 1”, making it active.
Then you can restart the computer, or enter the line:
"Echo1 >> / proc / sys / net / ipv4 / conf / all / forwarding"
Then you must enter:
"Iptables -A FORWARD -s 10.128.0.0/24 -j ACCEPT
iptables -A FORWARD -d 10.128.0.0/24 -m state \
—State ESTABLISHED, RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.128.0.0/24 \
-j SNAT —to-source (server address) ”
Next, try to go to the IP check service. If everything went well, save the rules on the server:
"Iptables-save> /etc/iptables.rules"
You also need to check that the file “pre-up iptables-restore </etc/iptables.rules” is written in the file “/ etc / network / interfaces”. Restart the OpenVPN server to configure it further.
You must complete VPN configuration through Network Manager. To do this, enter the command “sudoapt-get install network-manager-openvpn-gnome”. You can write to the configuration all the files specified earlier in text form.
This completes the configuration of the OpenVPN server in Ubuntu! If you have any problems - do not hesitate to ask in the comments or look for details on the subject forums! Linux is a complex and multifaceted system that is rarely amenable to beginners right away. But with proper zeal, it is possible to master it. And then a million new opportunities are open to the user that were previously out of sight.