Configure openvpn server in linux

Installing OpenVPN Access Server on a Linux system

The following information will help you launch OpenVPN Access Server on a Linux operating system.

Tips for installing OpenVPN Access Server on a Linux system:

Operating systems supported

We distribute OpenVPN Access Server via our software repository on a number of popular Linux distributions. Refer to OpenVPN Access Server system requirements for the compatible Linux operating systems.

To install the repository and install Access Server:

Choose the platform from our download page and get the instructions for installing the repository and Access Server.

  • Refer to the software repository download page.
  • Find and click on the platform you’re using.
  • Use the commands to install the repository and software.

We provide quick start guides for all supported operating systems as well; refer to OpenVPN Access Server installation options.

Our quick start guides step you through launching OpenVPN Access Server on:

Installation requirements and preparation

The following will help you prepare your platform for installation.

Verify that your server is ready

  • You need a supported Linux OS with root level access. You can connect directly through the console or through an SSH session using a tool like PuTTY.
  • If you need to sign in as an unprivileged user, sudo up to gain root privileges.
  • Ensure your server has the correct time and date, required for certificate generation and verification as well as implementing multi-factor authentication.
  • To check the current time, date and time zone on a Debian/Ubuntu system:
    apt update
    apt -y install tzdata
    dpkg-reconfigure tzdata

Using the OpenVPN software repository

We distribute OpenVPN Access Server via a software repository.

For a system without internet access:

  • You must download software packages separately.
  • OpenVPN Access Server comes in two packages:
    • OpenVPN Connect client software bundle
    • OpenVPN Access Server

    Install repository, then upgrade

    Check your operating system

    You need to know the correct operating system to use the appropriate commands for adding the repository and installing OpenVPN Access Server.

    • Determine your operating system.
      • Run these commands to find the necessary OS information:
        cat /etc/issue
        lsb_release -a
        uname -a

      Select your OS from our software repository page

      • From the software repository page, click on the appropriate OS to open up the instructions for installing the repository.
      • Ensure you select the correct version of your OS as well.
      • The instructions work for upgrades and new installations of OpenVPN Access Server.
      • Run the commands on your server’s command line as a root user.
        • After adding the repository, when you run apt update and apt upgrade, you update Access Server when there’s a new version.

        Note: If your operating system version is no longer listed on our software repository page you should not try to force instructions for a newer operating system onto your outdated system. In this situation you should consider either upgrading your operating system or migrating your Access Server configuration to a more up-to-date installation.

        Finishing configuration and using the product

        Verify configuration completes

        Once OpenVPN Access Server installs, it automatically runs an initial configuration with default settings.

        When the initial configuration completes, review the output for the admin account and addresses to access your Admin Web UI.

        • Get the username and password for your admin user.
          • Take note of the randomly generated password for the administrative account openvpn. Access Server versions older than 2.10 do not automatically generate a password. On older versions you set the password manually by typing passwd openvpn on the command line.
          • The output provides the URL to connect to your Admin Web UI to configure your VPN server. From the Admin Web UI you can manage the configuration, certificates, users, and more settings in a web-based GUI. An example address: https://192.168.70.222/admin.
          • The output also provides the URL to connect to your Client UI for downloading pre-configured OpenVPN Connect as well as connection profiles. An example address: https://192.168.70.222/.
          • For more details about the web service, refer to OpenVPN Access Server web services.
          • Enter the URL for your Admin Web UI into your web browser and sign in with your openvpn admin account.
          • When you first sign in, you encounter a browser warning due to the self-signed certificate. This is expected and you can accept the warning and continue. To resolve this you can install a properly signed web SSL certificate.
          • Once signed in, you can activate your Access Server with an activation key, set up authentication systems such as RADIUS or LDAP, add users to the local authentication database, manage access control, and so on.

          Refer to further documentation to configure specific functions and configuration options for the OpenVPN Access Server:

          Limitations of an unlicensed OpenVPN Access Server

          OpenVPN Access Server launches with two free connections.

          If you use Access Server without a license or activation key

          • You can use these two free connections without a time limit.
          • You have full access to all of the functionality of OpenVPN Access Server.
          • You can’t have more than two simultaneous OpenVPN tunnel connections to your VPN server.

          To unlock more connections, purchase a subscription. Refer to our pricing page for details.

          Updates & Announcements

          Cyber Shield Released

          Cyber Shield protects you from cyber threats without requiring you to tunnel internet traffic. Turn Shield ON.

          Release Notes 2.12.0

          Access Server 2.12.0 comes with support for Data Channel Offload, a kernel accelerated method of encrypting/decrypting VPN traffic. It also allows setting unique global group subnets so routing in clustering mode is possible. Aside from this numerous fixes and improvements are included.

          Access Server

          Our popular self-hosted solution. Comes with two free connections. No credit card required.

          CloudConnexa™

          Cloud-delivered, as-a-service solution. Comes with three free connections. No credit card required.

          OpenVPN is a leading global private networking and cybersecurity company that allows organizations to truly safeguard their assets in a dynamic, cost effective, and scalable way.

          © Copyright 2023 OpenVPN | OpenVPN is a registered trademark of OpenVPN, Inc. |
          CloudConnexa is a trademark of OpenVPN, Inc.

          Источник

          Настройка и использование OpenVPN на Ubuntu

          Обновлено

          Обновлено: 05.03.2023 Опубликовано: 23.01.2019

          Тематические термины: VPN, Ubuntu, OpenVPN. В инструкции рассмотрим процесс установки и настройки VPN сервера OpenVPN на Linux Ubuntu.

          Подготовка Ubuntu

          * в данном примере московское время. Если в нашей системе используется брандмауэр, открываем порт, на котором будет слушать OpenVPN:

          * в данной инструкции предполагается, что мы настроим VPN-сервер на UDP-порту 443, однако, по-умолчанию, OpenVPN работает на порту 1194. Для сохранения правила используем iptables-persistent:

          Установка, настройка и запуск VPN-сервера

          Обязательные шаги для развертывания сервиса — установка программного обеспечения, генерация сертификатов, настройка OpenVPN. Рассмотрим эти процессы по шагам.

          Установка OpenVPN

          Создание сертификатов

          export KEY_COUNTRY=»RU»
          export KEY_PROVINCE=»Sankt-Petersburg»
          export KEY_CITY=»Sankt-Petersburg»
          export KEY_ORG=»DMOSK COMPANY»
          export KEY_EMAIL=»master@dmosk.ru»
          export KEY_CN=»DMOSK»
          export KEY_OU=»DMOSK»
          export KEY_NAME=»name-openvpn-server.dmosk.ru»
          export KEY_ALTNAMES=»name-openvpn-server»

          * где KEY_CN и KEY_OU: рабочие подразделения (например, можно указать название отдела); KEY_NAME: адрес, по которому будет выполняться подключение (можно указать полное наименование сервера); KEY_ALTNAMES — альтернативный адрес. Следующие действия будут записеть от версии OpenVPN. Более новая позволяет создавать сертификаты на основе Easy RSA 3, старая работает на базе 2-й версии. Понять, какой вариант наш можно посмотрев на содержимое каталога easy-rsa:

          Либо мы увидим в нем утилиту easyrsa (новая версия), либо набор утилит, начинающихся на build. Рассмотрим процесс формирования сертификата с использованием как RSA3, так и RSA2. а) Если используется новая версия (утилита easyrsa) 1. Инициализируем PKI:

          * после вводим дважды пароль, который хотим использовать для ключа центра сертификации. На запрос «Common Name» можно просто нажать Enter:

          * nopass можно упустить, если хотим повысить безопасность с помощью пароля на сертификат. На запрос «Common Name» можно просто нажать Enter:

          Источник

          Читайте также:  Linux start job is running
Оцените статью
Adblock
detector