Installing OpenVPN
-
Upload
palimarium -
Category
Documents
-
view
51 -
download
2
description
Transcript of Installing OpenVPN
Knowledge Base & Forums / Articles' Factory / Draft
Installing and configuring an OpenVPN client
Author: Stefano
Applies to platform: any Linux, Windows, or Mac OSX box.
This lessons guides you through the installation and setup of a VPN Client to connecto to your Endian UTM Appliance. While any client may be used, we show here the
installation of Endian's VPN Client. The setup is however the same for any client at your choice.
Installing Endian VPN Client
The only requirement for installing the Endian VPN client is a minimal, working installation of python 2.6.
The Endian VPN client for the most popular operating systems can be downloaded from the Endian Network. Linux versions, for which both .rpm and .deb files are available,
require that the following packages be installed on the system: openvpn, python 2.6, python-wxgtk2.8, pyro, python-pycryptopp. To install the client, on MAC and Windows
systems, use explorer to go to the folder where the file has been downloaded and double click on the file's icon.
To install the client, on MAC and Windows systems, use explorer to go to the folder where the file has been downloaded and double click on the file's icon.
On Linux boxes, open a shell prompt, go to the download folder, and as root write :
root@endian:~ # dpkg -i endian-vpn-software-2.2.1.1.linux-all.deb
for debian boxes or
root@endian:~ # rpm -i endian-vpn-software-2.2.1.1.linux-all.noarch.rpm
for Red Hat, Centos boxes.
Setup of the connection to the Endian UTM Appliance.
To be able to connect to the OpenVPN server, you need the following:
VPN client: You should already have installed one.1.
A username and a password, which must be created on the Endian UTM Appliance's OpenVPN server.2.
A certificate file, that can be downloaded from the Endian UTM Appliance under Menubar > VPN > VPN Server > Download CA Certificate and should be saved locally, say
as C:\Program Files\Openvpn\config\cacert.pem on Windows systems.
3.
A configuration file, optional on Linux, which should also be saved locally, e.g., in the same directory where the certificate is stored. A sample file can be found at the end of
the lesson. It should be saved along with the certificate as C:\Program Files\Openvpn\config\clientcert.ovpn on Windows systems.
4.
Endian Support Teamposted this on Apr 10 13:04
Installing and configuring an OpenVPN client : Endian http://help.endian.com/entries/21260676-installing-and-c...
1 of 4 11/05/2012 05:01 PM
To configure the connection, you should have administrative rights. We will make use of the Endian VPN Client's GUI. To launch it, double click on the icon to launch the GUI.
For Linux boxes, see some additional note below.
When you first open the GUI, no connection has been configured. To create a new one, click on the small "+" (1) in the GUI's main window. The Profile Editor will open, where you
can enter all the data necessary to set up the connection: A name for the connection (2) and the server's hostname or IP address (3), the certificate dowloaded from the server (4)
that can be picked up from the filesystem by clicking on (5), and the username and password. You can specify who can use this connection (7) and how/when should this
connection be established (8).
It should not be necessary to modify the advanced settings (10), unless the server has a very specific configuration, while the global settings (11) allow to protect with password
the connection(s).
Finally, you can save the setup (9). You will be brought back to the main window, where you will see that the newly set up connection will show up with the Profile name and
credentials: Simply click on "Connect" (12) to establish the connection. This will open a new, small window like the following one:
Here you can end the connection, view some info or the logs, establish a new connection, or even configure another connection.
Linux Notes
On Linux, you should launch the daemon before the client:
root@endian:~ # python2.6 /usr/local/bin/endian-vpn-daemon start
root@endian:~ # python2.6 /usr/local/bin/endian-vpn-software
Alternatively, you can simply launch openvpn from the Command Line Interface (CLI):
root@endian:~ # openvpn --client --pull --comp-lzo --nobind --dev tap0 --ca /path/to/cacert.pem --auth-user-pass --remote my.Endian.UTM.com
Here, /path/to/cacert.pem is the full path to where the Endian UTM Appliance's certificate has been saved, and my.Endian.UTM.com is the hostname or IP address of the
OpenVPN server.
Configuration File
Here is the sample configuration file. Before using it, make sure you replace my-server below with the correct server's hostname or IP address.
Installing and configuring an OpenVPN client : Endian http://help.endian.com/entries/21260676-installing-and-c...
2 of 4 11/05/2012 05:01 PM
Views (2) Votes (0) Subscriptions (0) Comments (0)
#
# Sample client-side OpenVPN 2.0 config file
# for connecting to multi-client server.
#
# This configuration can be used by multiple
# clients, however each client should have
# its own cert and key files.
#
# On Windows, you might want to rename
# this file so it has a .ovpn extension
#
client
dev tap
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
proto udp
remote my-server 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca cacert.pem
auth-user-pass
comp-lzo
verb 3
vpn-client.png (quick view)
vpn3.png (quick view)
0 people found this useful. Be the first!
Comments | Stats
Article Stats (created in last 30 days)
Luca GiovenzanaEndian
root@endian:~ should be used only on endian system
maybe root@linux:~ can be used to differentiate a random linux pc not endian (if standardized this should be placed in template as well :D )
April 11, 2012 18:34
BenEndian
We should not post the direct links to the Endian VPN client software (Win, Mac, Linux) as these are publicly accessible without logging into Endian Network!!
We either should fix this or change the article to advise users to log into EN and click the “Downloads” tab to download their client.
Also we may need to mention either here or in a FAQ that there is a known issue in using the Mac client that requires users to download the tuntaposx driver
before the VPN client will work properly
July 12, 2012 20:30
@Ben: shit... they shouldn't be downloadable without login!!! At least not in my opinion.. what you think guys?
Installing and configuring an OpenVPN client : Endian http://help.endian.com/entries/21260676-installing-and-c...
3 of 4 11/05/2012 05:01 PM
Add a comment
Save commentSave comment
Luca GiovenzanaEndian
@Stefano what you think about a more actual DE for linux? ;) those screenshots seem coming from 90's :D
July 18, 2012 12:40
Endian SupportTeam
Endian
@ben, luca: fixed. lemme know if this is ok for you.
@luca: send me better screenshots if you wish :)
July 26, 2012 16:39
Paragraph
Installing and configuring an OpenVPN client : Endian http://help.endian.com/entries/21260676-installing-and-c...
4 of 4 11/05/2012 05:01 PM