Install openvpn server on debian

Kerim Teboulbi

Switzernet

2008-12-15

 

This document explains how to configure an openvpn server on debian.

 

Install

Generate certificate

Configure

Restart the server

References

 

Install

We can find a debian package of openvpn. You just need to install with aptitude.

 

# aptitude update

# aptitude install openssl

# aptitude install openvpn

 

Generate certificate

Before configuring openvpn, you should generate the certificate witch will identify the server (for the client) and the client (for the server). Go to this folder:

 

#cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/

 

Edit the vars file with the corresponding informations (no informations should be empty and you shouldn't delete anyone). It will be useful when generating all certificates. Here is our local version [txt].

 

We start by initializing the key.

 

# . ./vars

 

We clean old certificate that we generate from this folder and the current CA. You will loose all your distributed certificate if you delete the CA.  

 

# ./clean-all

 

We built the ca (certificate authority). It assures that we not using false certificate (user and server certificate).

 

# ./build-ca

 

Now we build the certificate for the vpn server.

 

# ./build-key-server server

 

It's one client certificate (for support user).

 

# ./build-key support

 

We build the diffie-hellman key for the server

 

# ./build-dh

Configure

We should copy all certificates we need for the server (ca.crt, ca.key, server.crt, server.key, dh1024.pem)

 

# cp ca.crt /etc/openvpn

# cp ca.key /etc/openvpn

# cp server.crt /etc/openvpn

# cp server.key /etc/openvpn

# cp dh1024.pem /etc/openvpn

 

The configuration file is not difficult to build. We can almost use the example configuration file (/usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz). There are just three parameters to change. First we add an IP address where the server is listing (not necessary, but suitable if we have more than one IP address). We should uncomment the line "client-to-client", otherwise clients are not visible from each other. We also should uncomment the line duplicate-cn, because we want use one certificate for all support users. And they should be able to connect in the same time. Download here the configuration file [txt] or [txt] (company). Here are all the certificate and the configuration file that we need to start the server to replace the actual server if there are any problems [zip] (company).

Restart the server

Just restart the openvpn deamon

 

# /etc/init.d/openvpn restart

 

If you make ifconfig you should see a new interface (if the configuration is correct).

 

# ifconfig

eth0      ...

 

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

 

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

          RX packets:1958 errors:0 dropped:0 overruns:0 frame:0

          TX packets:230 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100

          RX bytes:112672 (110.0 KiB)  TX bytes:23860 (23.3 KiB)

 

References

Install OpenVPN server:

http://switzernet.com/public/081215-openvpn-server (this document)

http://unappel.ch/public/081215-openvpn-server  (this document)

 

Asterisk Project Main Page

http://switzernet.com/public/081216-asterisk-main

http://unappel.ch/public/081216-asterisk-main

 

Asterisk product description:

http://switzernet.com/public/081216-asterisk-description

http://unappel.ch/public/081216-asterisk-description

 

All process for asterisk product:

http://switzernet.com/company/081215-doc-install-asterisk

http://unappel.ch/company/081215-doc-install-asterisk

 

Install debian:

http://switzernet.com/public/081201-install-debian-alix1d/

http://unappel.ch/public/081201-install-debian-alix1d/

 

Install asterisk + freepbx:

http://switzernet.com/public/081210-install-freepbx/

http://unappel.ch/public/081210-install-freepbx/

 

Install OpenVPN client:

http://switzernet.com/public/081215-openvpn-client

http://unappel.ch/public/081215-openvpn-client

 

SCP:

http://switzernet.com/public/081212-use-scp

http://unappel.ch/public/081212-use-scp

 

Manage Asterisk through VPN:

http://switzernet.com/company/081216-manage-asterisk-openvpn

http://unappel.ch/company/081216-manage-asterisk-openvpn

 

Debian OS configuration files (company):

http://switzernet.com/company/081212-install-debian-alix1d-secure

 

VPN configuration files (company):

http://switzernet.com/company/081216-openvpn-secure

 

 

OpenVPN french howto:

http://www.my1.fr/blog/2008/03/27/creer-son-serveur-vpn-sous-debian/

 

 

 

*   *   *

Copyright © 2008 Switzernet