openvpn 2.0 on ubuntu 7.04

I recently stood up an OpenVPN server at home. I’ve done SSH forwarding to protect my hotspot browsing habits in the past, but I thought I would try something new. I installed this on an Ubuntu 7.04 system that was running as a VMWare guest OS. I opted to go with a routed VPN solution. The alternative is a tunneled connection which makes it seem like my VPN client system is right on my home network. My routed solution will rely on the Ubuntu server and my home Linksys router to route traffic from my VPN network ( to my home network ( I also make sure that I force my traffic through my VPN, rather than let it seep out in the clear at the hotspot (the push commands in the server.conf file later on). From bare start to finish, this entire setup can be done in under 15 minutes.

I am not going to detail what each command does except in passing, because there is excellent documentation already available for OpenVPN. What I rarely see, however, is a quick walkthrough on how to set it all up on Ubuntu.

I start out by installing the packages that I need. OpenSSL may not be needed, but I included it anyway.

sudo -s
apt-get install openvpn openssl bridge-utils dnsmasq
mkdir /etc/openvpn/keys
mkdir /etc/openvpn/configs
nano /etc/openvpn/server.conf

Server.conf is the server configuration file. The contents describe that I will run my server on the IP and port 1194 udp. My VPN “network” will be in the network. OpenVPN will grab as the server, and my client will be given a similar address. Once my client is connected to my OpenVPN server, I should be able to ping and verify I can talk to my server.

port 1194
proto udp
dev tun0
ca keys/ca.crt
cert kets/server.crt
key keys/server.key
dh keys/dh1024.pem
push “route”
push “redirect-gateway def1”
push “dhcp-option DNS”
ifconfig-pool-persist client-adresses.txt
keepalive 10 120
cipher AES-128-CBC
user nobody
group nogroup
status openvpn-status.log
log openvpn
verb 3
mute 20

The client-addresses.txt file is just a convenient way for me to track who gets what IP.

nano /etc/openvpn/client-addresses.txt


Next I take care of the keys I need, along with some other setup. When creating the keys, I don’t assign a password, and I do select yes to sign and commit changes.

cd /usr/share/doc/openvpn/examples/easy-rsa/2.0
nano ./vars
#change values at the bottom and save
source ./vars
./build-key-server server
./build-key client1
cd keys
cp ca.key ca.crt dh1024.pem server.key server.crt /etc/openvpn/keys
cp client1.crt client1.key ca.crt /etc/openvpn/configs
cd /etc/openvpn/configs
nano client1.conf

The file client1.conf is the client config file that needs to be given to the connecting client box. LVVPN is the name of my network adapter on the client. After installing the OpenVPN client on the Windows client, create a new TAP and give it this name.

dev-node LVVPN
proto udp
dev tun
remote 1194
ca ca.crt
cert client1.crt
key client1.key
cipher AES-128-CBC
verb 3
mute 20

I need to get the client files to the client. I do this by copying them to the client’s home directory, then connecting via SSH to get them. Since I’m running all of this as root, I need to adjust the client1.key file so the client can grab it via SSH, otherwise I’ll get a permission error. I then start the service.

cd /etc/openvpn
openvpn –genkey –secret ta.key
cd /etc/openvpn/configs
cp client1.crt client1.key client1.conf ca.crt /home/michael
chmod 604 /home/michael/client1.key
#copy files via SSH to client into openvpn/configs folder
openvpn /etc/openvpn/server.conf &

I’m never satisfied with just doing something, I usually need to verify it. I do this by making sure the service is running and that it is listening on the expected port.

netstat -a | grep 1194
ps -ax | grep vpn

Finally, I need two more commands to enable IP forwarding for my particular setup.

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE

Since my home Linksys router is limited to a GUI, it is a bit hard to detail what I did to set up my route. I just added a new route in the Advanced Routing section. Destination LAN IP is, subnet mask, and default gateway This was set up to let me talk to my internal systems. I also had to port forward my VPN port to this system. This means that after I’m connected, I can ping to verify I am on my VPNs network. I can then ping (or a valid, responsive host on my home network) and I should get a response if forwarding is working.

From here, start up the client’s VPN however you like. Many people start it up by right-clicking the client1.ovpn file (rename client1.conf to client1.ovpn) and choosing to start it as an openvpn connection. I like the tool OpenVPN GUI for Windows. This is merely a personal preference since I like the sys tray interface.

One thought on “openvpn 2.0 on ubuntu 7.04

  1. Thanks for the tip.
    One issue tho – I’m using OpenVPN on Ubuntu 7.04 like you. I do this whole routine and I can only hit my server – I can’t hit anything outside the server. It appears that what’s going on is that the packets coming back aren’t being routed correctly to my OpenVPN client. I’m guessing that I need to work some IPTables mojo with this as well.
    Any ideas?

Comments are closed.