Configure Linux Clients to Connect to OpenVPN Server – Linux.com

If you configured an openvpn server to provide secure access to remote workers, you won half the battle. the next step is to prepare your users’ systems (or your own) to reconnect to the mothership. Don’t worry, it’s easy to configure linux to connect to an openvpn server, it only takes a few steps.

Although not as easy as a point-and-click GUI, the openvpn client is not that difficult to configure and get up and running. that will be the main focus of this article; but, for good measure, we’ll add a mention of some good gui tools that can handle the task as well. For information on how to configure the openvpn server, see the previous installment, “Installing and configuring the openvpn server on linux”.

installation

openvpn needs to be installed on the client. the package to install is, unsurprisingly, openvpn. To install on ubuntu, follow these simple steps:

1. Open a terminal window.
2. Run sudo apt-get install openvpn.
3. Type the sudo password and press enter.
4. accept any necessary dependencies and allow the installation to complete.

Believe it or not, that’s it for the openvpn installation.

client configuration

As discussed in the previous article, certificates will have been created (on the server) specifically for the client machine. The files that need to be safely copied to the client’s /etc/openvpn directory are:

• /etc/openvpn/ca.crt
• /etc/openvpn/ta.key
• /etc/openvpn/easy-rsa/keys/hostname.crt (where hostname is the hostname of the client).
• /etc/openvpn/easy-rsa/keys/hostname.key (where hostname is the hostname of the client).

copy those files using a tool like scp from the server to the client. if the server doesn’t have direct access to the client, just put them on a flash drive and copy from there.

The first step in configuring the client is to copy the sample client configuration file to the appropriate directory with the command sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf / etc/openvpn. With that file in place, it’s time to do some editing. open /etc/openvpn/client.conf with a text editor (such as nano or vi) and take a look at the following section:

make changes where:

• vpn.example.com is the address of the openvpn server.
• 1194 is the port configured on the openvpn server.
• hostname.* is the real name of the certificate and key file names.

Believe it or not, that’s it. the only step left is to restart openvpn with the command sudo /etc/init.d/openvpn restart. once this service has been restarted the remote lan should be accessible. try to make sure by pinging a known address on the lan behind the vpn.

GUI tools to connect to openvpn

Both kde and gnome offer plugins for their network manager applets that allow vpn connection to an openvpn server. the necessary plugins are:

• kde: openvpn-kde-networkmanager
• gnome: openvpn-gnome-networkmanager

Those plugins are most likely not installed in the distribution by default. a quick search using the add/remove software utility will allow installation of any of the plugins. once installed, using the network manager applet is pretty simple, just follow these steps (I’ll demonstrate using the kde network manager applet):

1. open the network manager applet by clicking the network icon in the notification area (also known as the system tray).
2. click the manage connections button.
3. select the vpn tab.
4. click the add button to open the vpn type dropdown menu.
5. select openvpn from the list.
6. fill in the necessary information in the openvpn tab (connection name, gateway, connection type, certificate file locations), see figure 1 for an illustration of this tab.
7. if a static ip address is required, configure it by selecting manual from the dropdown method (in the ip address tab).
8. click ok to save the settings and close the connection settings window.

If this client is to always be connected, the Connect Automatically check box can be checked.

Now, to connect to the openvpn server, using the kde network manager applet, do the following:

1. click the network manager applet.
2. click the virtual private network button from the popup menu.
3. select the newly created openvpn connection.
4. allow the connection to negotiate authentication.

once authentication has been negotiated, the vpn connection will appear as connected in the network management applet. the vpn network should now be accessible.

gadmin openvpn client

if an alternative desktop is being used, or if the kde or gnome network administration tool doesn’t meet the requirements, there is another tool that does a great job of connecting to an openvpn server. that tool is the gadmin openvpn client. this tool can be easily installed from synaptic, ubuntu software center, packagekit and more. once installed, it’s just a matter of starting the tool (if it can’t be found within your desktop menu structure, gadmin openvpn client can be started with the command sudo gadmin-openvpn-client).

When the tool is opened, the first thing to do is fill in the information for the connection (see figure 2).

Don’t hit the Add button first!

Be sure to scroll down and fill in all the necessary information, including:

• connection name: human-readable name for the connection.
• server address: address of the openvpn server.
• server port: the port configured on the server.
• ca cert/cert/key/dh key/ta key: location of the certificates generated on the server and then placed on the client. this setting is located at the bottom of the settings screen.

after setting all this up, click the add button and the connection will be added. to open the connection, select the vpn connection to use and then click the activate button, which will start the certificate negotiation process. once the negotiation process is complete, the vpn network should be available.

Unsurprisingly, there are many ways to connect to an openvpn server. and while it’s not an exhaustive resource (there are more GUI tools that can be found in your add/remove software tool), with the help of the tutorial above, a connection can be established from both the command line and from a graphical user interface. Note that if you have users on windows and mac, the openvpn folks have clients for them as well.