Braincoke

A collection of notes taken when tinkering with technology. I also have another website (link below) to record personal solutions to security challenges.

OpenVPN client on Ubuntu

1 minute read

You might want to read this post first to know how to create your client certificate and how to create your OpenVPN server.

Install OpenVPN

Multiple clients are available. We use the command line interface client.

sudo apt-get install openvpn

Copy the certificates

You will need the following files:

File name Secret Description
ca.crt No The CA certificate, distributed to all clients
client.crt No The client certificate generated by the CA
client.key Yes The client key required to start the connection

Place these files in /etc/openvpn/.

Configure OpenVPN

Copy the client.conf sample config file to /etc/openvpn/

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/
/etc/openvpn/client.conf
client
dev tap
proto udp

# Change this line to use your openvpn server address
remote myopenvpnserver.net 1194

resolv-retry infinite
nobind
persist-key
persist-tun

# Here we reference the files we copied earlier
ca ca.crt
cert client.crt
key client.key

remote-cert-tls server
verb 3

Start the client

sudo systemctl start openvpn@client

Check that the connection was successful with:

sudo systemctl status openvpn@client
. openvpn@client.service - OpenVPN connection to client
   Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
   Active: active (running) since Tue 2016-04-12 08:50:50 UTC; 3s ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
 Process: 1677 ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writep
Main PID: 1679 (openvpn)
   Tasks: 1 (limit: 512)
  CGroup: /system.slice/system-openvpn.slice/openvpn@client.service
          |-1679 /usr/sbin/openvpn --daemon ovpn-client --status /run/openvpn/client.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/client.conf --wr

Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: OPTIONS IMPORT: --ifconfig/up options modified
Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: OPTIONS IMPORT: route options modified
Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: ROUTE_GATEWAY 192.168.122.1/255.255.255.0 IFACE=eth0 HWADDR=52:54:00:89:ca:89
Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: TUN/TAP device tun0 opened
Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: TUN/TAP TX queue length set to 100
Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: /sbin/ip link set dev tun0 up mtu 1500
Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: Initialization Sequence Completed

Check if a tap0 interface was created:

ifconfig tap0
tap0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

Check if you can ping the OpenVPN server (10.0.8.1 in our case):

ping 10.0.8.1

Resource

You May Also Enjoy