OpenVPN client on Ubuntu
You might want to read this post first to know how to create your client certificate and how to create your OpenVPN server.
Install OpenVPN
Multiple clients are available. We use the command line interface client.
sudo apt-get install openvpn
Copy the certificates
You will need the following files:
File name | Secret | Description |
---|---|---|
ca.crt | No | The CA certificate, distributed to all clients |
client.crt | No | The client certificate generated by the CA |
client.key | Yes | The client key required to start the connection |
Place these files in /etc/openvpn/
.
Configure OpenVPN
Copy the client.conf
sample config file to /etc/openvpn/
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/
client
dev tap
proto udp
# Change this line to use your openvpn server address
remote myopenvpnserver.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
# Here we reference the files we copied earlier
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
verb 3
Start the client
sudo systemctl start openvpn@client
Check that the connection was successful with:
sudo systemctl status openvpn@client
. openvpn@client.service - OpenVPN connection to client
Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
Active: active (running) since Tue 2016-04-12 08:50:50 UTC; 3s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 1677 ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writep
Main PID: 1679 (openvpn)
Tasks: 1 (limit: 512)
CGroup: /system.slice/system-openvpn.slice/openvpn@client.service
|-1679 /usr/sbin/openvpn --daemon ovpn-client --status /run/openvpn/client.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/client.conf --wr
Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: OPTIONS IMPORT: --ifconfig/up options modified
Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: OPTIONS IMPORT: route options modified
Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: ROUTE_GATEWAY 192.168.122.1/255.255.255.0 IFACE=eth0 HWADDR=52:54:00:89:ca:89
Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: TUN/TAP device tun0 opened
Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: TUN/TAP TX queue length set to 100
Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: /sbin/ip link set dev tun0 up mtu 1500
Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: Initialization Sequence Completed
Check if a tap0
interface was created:
ifconfig tap0
tap0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
Check if you can ping the OpenVPN server (10.0.8.1 in our case):
ping 10.0.8.1