VPN services are a good way of ensuring internet security and unlimited access to any website. With a good VPN connection, you can be sure that no one can hack into your systems. A VPN connection protects everything that you do on the internet; you are free from any monitoring and censorship.
VPN services grant access to all websites, even the websites that have been geographically restricted like iTunes and Netflix. All this freedom and security for just a few dollars per month!
Linux is not a very common operating system to come across. However, its minimal popularity does not mean that it is substandard. On the contrary, Linux is a good choice when it comes to operating systems.
This operating system is extremely stable and has a higher level of security compared to other operating systems. The fact that Linux is not a common has already been highlighted. For this reason, once you install this operating system you might be wondering how you will configure your computer to a virtually private network.
With VPN, there are two options that a client has. There is Open VPN and there PTTP VPN. Both of these options can be configured with Linux operating system to provide you with the full services of the VPN plan you subscribed. The method covered in this article will work with the derivatives of Linux OS such as Linux Mint and Ubuntu.
Configuration for Linux with Open VPN
Open VPN is a very versatile VPN plan. This VPN plan is compatible with all major operating systems, and it can be shared with a huge number of clients. Like in any other operating system, you have to configure both the client side and the server side.
Step 1 – Install the package for the Open VPN. You will have to provide the name of the package distributor.
$ sudo apt-get install openvpn
Step 2 – You should then come up with a directory in ‘etc/openvpn’. Paste the contents of ‘easy-rsa’ to this directory; this is a precautionary measure that will protect any update on the package will not result in loss of script changes. Make the owner the current user.
$ sudo mkdir /etc/openvpn/easy-rsa $ sudo cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa $ sudo chown -R $USER /etc/openvpn/easy-rsa/
Step 3 – Specify your locality in the directory- ‘etc/openvpn/easy rsa/vars.
export KEY_COUNTRY="IN" export KEY_PROVINCE="TN" export KEY_CITY="CHN" export KEY_ORG="tgs" export KEY_EMAIL="firstname.lastname@example.org"
Step 4 – Come up with the root certificate.
$ cd /etc/openvpn/easy-rsa/ $ source vars $ ./clean-all $ ln -s openssl-1.0.0.cnf openssl.cnf $ ./build-ca Generating a 1024 bit RSA private key ........++++++ ......++++++ unable to write 'random state' writing new private key to 'ca.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [IN]: State or Province Name (full name) [TN]: Locality Name (eg, city) [CHN]: Organization Name (eg, company) [tgs]: Organizational Unit Name (eg, section) [changeme]: Common Name (eg, your name or your server's hostname) [changeme]: Name [changeme]:lakshmanan Email Address [email@example.com]:firstname.lastname@example.org
Step 5 – Then create the certificate for Open VPN for the server.
$ /etc/openvpn/easy-rsa/build-key-server vpnserver ... ... Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y
Step 6 – Come up with the certificate for the client. Certificates have to be created for all clients. This command will prompt the creation of key files for the client.
$ ./build-key vpnclient1 ... ... Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y
Step 7 – After the creation of client certificates, Diffie-Hellman parameters follow.
Step 8 – Copy all certificates (the server, client and root certificates) from directory to their respective locations.
$ cd /etc/openvpn/easy-rsa/keys/ $ sudo cp ca.crt vpnserver.crt vpnserver.key dh1024.pem /etc/openvpn/ $ scp ca.crt vpnclient1.key vpnclient1.crt [email protected]:/etc/openvpn
Step 9 – After copying the certificates, you will be given a server.conf that will allow you to make the necessary changes to configure the server.
$ sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/ $ sudo gzip -d /etc/openvpn/server.conf.gz
Step 10 – Edit the directory accordingly; /etc/openvpn/server/conf.
... ca ca.crt cert vpnserver.crt key vpnserver.key dh dh1024.pem ...
Step 11 – You can now launch the Open VPN server.
$ sudo /etc/init.d/openvpn start * Starting virtual private network daemon(s)... * Autostarting VPN 'server' $ ifconfig tun0 tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
Client side configuration
Step 1 – On the client’s side, the configuration files have to setup; this is achieved by first copying the client.conf to the directory; /etc/openvpn.
$ sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/
Step 2 – You will then make the necessary changes to the /etc/openvpn/client.conf.
... # Specify that this is openvpn client client remote vpnserver 1194 ca ca.crt cert vpnclient1.crt key vpnclient1.key ...
Step 3 – You can now launch the Open VPN on the client’s side.
$ /etc/init.d/openvpn start * Starting virtual private network daemon(s)... * Autostarting VPN 'client' $ ifconfig tun0 tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255
Step 4 – To test if the VPN is working, ping the vpnserver. If the ping is a success, the configuration has been done the right way, and you can enjoy the VPN connection and its array of benefits.
$ ping 10.8.0.1 PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. 64 bytes from 10.8.0.1: icmp_req=1 ttl=64 time=2.14 ms
To add other clients
If you have the intention to add other users to the server, you only have to repeat the procedure. Connecting one user does not mean that there will be a shorter procedure for connecting other users.
The procedure outlined above will have a Linux computer configured to an Open VPN. It will work for Debian based operating systems including Ubuntu. VPN connections are important for unblocking restricted websites without anyone noticing.