Adding a OpenVPN client on ubuntu 10.04

First the certificate (key) should be created on the server.

cd /etc/openvpn/easy-rsa/
source vars
./pkitool hostname

Copy the certificate files to the client
* /etc/openvpn/ca.crt
* /etc/openvpn/easy-rsa/keys/hostname.crt
* /etc/openvpn/easy-rsa/keys/hostname.key

Then the client should be setup

apt-get install openvpn
cd /etc/openvpn
cp /usr/share/doc/openvpn/examples/sample-config/client.conf client.conf

Edit the client.conf file (edit all that you need to fit your config, the following are those I recommend):
The fix for Vista I add (commented out) since I am lazy and usually just copy a old config file to the next client

remote 1194
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
ca ca.crt
cert clientName.crt
key clientName.key
#fix for vista being stuid...
;route-method exe
;route-delay 2

Restart OpenVPN on the client:

 /etc/init.d/openvpn restart
 * Stopping virtual private network daemon(s)...                                
 *   No VPN is running.
 * Starting virtual private network daemon(s)...                                
 *   Autostarting VPN 'myVPN'                                         [ OK ]

Same as with the server, the above means that is went well, a [fail] means that the logs should be read for details.

A word of caution: [ OK ] only means that the OpenVPN was started ok – no errors in config etc.
There might still be issues with firewalls, wrong hostname (to the server) etc.
Check ifconfig and ping the server to make sure it is working.

2 thoughts on “Adding a OpenVPN client on ubuntu 10.04

  1. Thanks for the guide.

    When I run OpenVPN with a config copied from a windows machine to a standard 32 bit Lucid install, this seems to work. But now I can’t ssh into the Lucid machine running the VPN from another machine on the internet (not local LAN) while the VPN is running. Is this normal and is there a way round this?

  2. That is not what I am used to 🙁
    As long as you ssh to the public ip of the linux machine and there is no firewall blocking access on the machine I don’t see why there should be a problem – and unfortunately I can’t help with a solution; other than checking firewall rules on the Linux machine.

    UPDATE: Also make sure that the server is having client-to-client enabled as that is not a default setting.

Comments are closed.