It is necessary to install OpenVPN on the client. The package to be installed is, as expected, openvpn. To install on Ubuntu, follow these easy steps:
- Open up a terminal window.
sudo apt-get install openvpn.
- Type the sudo password and hit Enter.
- Accept any dependencies necessary and allow the install to complete.
Believe it or not, that’s it for the installation of OpenVPN.
Configuration of the Client
As discussed in the previous article, there will have been certificates created (on the server) specifically for the client machine. The files that need to be securely copied to the client’s
/etc/openvpn directory are:
/etc/openvpn/easy-rsa/keys/hostname.crt(Where hostname is the hostname of the client).
/etc/openvpn/easy-rsa/keys/hostname.key(Where hostname is the hostname of the client).
Copy those files over using a tool like
scp from the server to the client. If the server doesn’t have direct access to the client, just put them on a flash drive and copy from there.
The first step in the configuration of the client is to copy the sample client configuration file to the proper directory with the command
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn. With that file in place, it’s time to make a few edits. Open up
/etc/openvpn/client.conf with a text editor (such as Nano or vi) and take a look at the following section:
dev tap remote vpn.example.com 1194 cert hostname.crt key hostname.key tls-auth ta.key 1
Make the changes where:
- vpn.example.com is the address to the OpenVPN server.
- 1194 is the port configured on the OpenVPN server.
- hostname.* is the actual name of the certificate and keyfile names.
Believe it or not, that’s it. The only step that is remaining is to restart OpenVPN with the command
sudo /etc/init.d/openvpn restart. Once this service has restarted, the remote LAN should be accessible. Test to make sure by pinging a known address on the LAN behind the VPN.