Page 1 of 1
Using OpenVPN with Ubuntu
Posted: Mon Jul 08, 2013 2:16 pm
by innogen
I am new to using Ubuntu and OpenVPN.
Below are my questions:
1. In Microsoft Windows, the files in the config folder have the file extension ovpn. I understand that in Ubuntu, I will have to change it to conf. Is that correct?
2. What are the sudo commands to launch OpenVPN service, supposing I open and use a terminal window?
3. During the time when OpenVPN program connects to a gateway/exit node, I would like to see the verbose log as in the following example (part of the log is displayed):
Code: Select all
Sat Jul 06 21:50:38 2013 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Jun 3 2013
Sat Jul 06 21:50:38 2013 MANAGEMENT: TCP Socket listening on [AF_INET]
Sat Jul 06 21:50:38 2013 Need hold release from management interface, waiting...
Sat Jul 06 21:50:38 2013 MANAGEMENT: Client connected from [AF_INET]
Sat Jul 06 21:50:38 2013 MANAGEMENT: CMD 'state on'
Sat Jul 06 21:50:38 2013 MANAGEMENT: CMD 'log all on'
Sat Jul 06 21:50:38 2013 MANAGEMENT: CMD 'hold off'
Sat Jul 06 21:50:38 2013 MANAGEMENT: CMD 'hold release'
Sat Jul 06 21:50:38 2013 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Jul 06 21:50:38 2013 MANAGEMENT: >STATE:1234567890,RESOLVE,,,
Sat Jul 06 21:50:42 2013 Attempting to establish TCP connection with [AF_INET]123.456.789.012:443
Sat Jul 06 21:50:42 2013 MANAGEMENT: >STATE:1234567890,TCP_CONNECT,,,
Sat Jul 06 21:50:45 2013 TCP connection established with [AF_INET]123.456.789.012:443
Sat Jul 06 21:50:45 2013 TCPv4_CLIENT link local: [undef]
Sat Jul 06 21:50:45 2013 TCPv4_CLIENT link remote: [AF_INET]123.456.789.012:443
Sat Jul 06 21:50:45 2013 MANAGEMENT: >STATE:1373291445,WAIT,,,
Sat Jul 06 21:50:46 2013 MANAGEMENT: >STATE:1373291446,AUTH,,,
Sat Jul 06 21:50:46 2013 TLS: Initial packet from [AF_INET]123.456.789.012:443, sid=6c8b3036 7002cb48
What sudo command should I use?
Re: Using OpenVPN with Ubuntu
Posted: Mon Jul 08, 2013 7:05 pm
by mwandelaar
innogen wrote:
1. In Microsoft Windows, the files in the config folder have the file extension ovpn. I understand that in Ubuntu, I will have to change it to conf. Is that correct?
For autostart[*], yes. For manual start: It does not matter
2. What are the sudo commands to launch OpenVPN service, supposing I open and use a terminal window?
For manual start:
For autostart[*]:
3. During the time when OpenVPN program connects to a gateway/exit node, I would like to see the verbose log as in the following example (part of the log is displayed):
Code: Select all
sudo openvpn --verb 4 --config <configfile>
[*]autostart: Means all configfiles are correctly placed in /etc/openvpn
Re: Using OpenVPN with Ubuntu
Posted: Mon Jul 08, 2013 8:14 pm
by innogen
mwandelaar wrote:[*]autostart: Means all configfiles are correctly placed in /etc/openvpn
Thanks for taking the time to answer my questions.
4. What do you mean by "all config files are correctly placed...."? Is there a correct order or rules of hierarchy of placing config files?
5. Suppose I have two sets of config files, the reason being that each set is provided by a different commercial VPN service provider. What is a neat way of accommodating the two sets of config files in Ubuntu? (In Microsoft Windows, whenever I need to change to a different VPN service provider, I will access C:\Program Files\OpenVPN\ and manually rename the folder to config whose VPN I wish to connect to.)
6. When I first install OpenVPN on Ubuntu, does OpenVPN autostart by default? If yes, what are the ways to disable it?
Re: Using OpenVPN with Ubuntu
Posted: Mon Jul 08, 2013 8:35 pm
by mwandelaar
innogen wrote:
4. What do you mean by "all config files are correctly placed...."? Is there a correct order or rules of hierarchy of placing config files?
Please see my postings in
this topic for that.
5. Suppose I have two sets of config files, the reason being that each set is provided by a different commercial VPN service provider. What is a neat way of accommodating the two sets of config files in Ubuntu? (In Microsoft Windows, whenever I need to change to a different VPN service provider, I will access C:\Program Files\OpenVPN\ and manually rename the folder to config whose VPN I wish to connect to.)
I suggest to not place them in /etc/openvpn as they will start automatically. You can consider using the
openvpn-networkmanager-plugin for this, or start the required vpn using the commandline.
6. When I first install OpenVPN on Ubuntu, does OpenVPN autostart by default? If yes, what are the ways to disable it?
Yes, it starts automatically. But when there are no configfiles, it actually doesn't do a thing, other then looking for configfiles. So don't bother about it too much.
Re: Using OpenVPN with Ubuntu
Posted: Mon Jul 08, 2013 10:21 pm
by innogen
mwandelaar wrote:Code: Select all
sudo openvpn --verb 4 --config <configfile>
In your last post at
topic12714.html, you wrote:
sudo openvpn --verb 3 --config your-config-file.conf
What is the difference between --verb 4 and --verb 3 ?
Re: Using OpenVPN with Ubuntu
Posted: Mon Jul 08, 2013 10:36 pm
by innogen
Hi mwandelaar,
Thanks for answering my questions.
Please have a look at one of my config files:
Code: Select all
setenv FORWARD_COMPATIBLE 1
setenv UV_SERVERID 123
client
dev tun
proto udp
remote 123.456.789.012 1194
nobind
persist-key
persist-tun
ns-cert-type server
key-direction 1
push-peer-info
comp-lzo
explicit-exit-notify
verb 3
mute 20
reneg-sec 86400
mute-replay-warnings
max-routes 1000
<ca>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END OpenVPN Static key V1-----
</tls-auth>
The above config file is to be used only for Microsoft Windows platform. (According to some forum members, the above config file contains inline authentication keys.)
Below are my questions:
8. If I wish to use the above config file on Ubuntu, I would have to extract the authentication keys into separate files such as ca.crt, username.crt, ta.key and/or tls-auth.key, am I right?
9. Based on the above sample config file, am I right to state that:
Code: Select all
<ca>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</ca>
belongs to ca.crt
Code: Select all
<cert>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</cert>
belongs to username.crt
Code: Select all
<key>
-----BEGIN RSA PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----
</key>
belongs to ta.key and
Code: Select all
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END OpenVPN Static key V1-----
</tls-auth>
belongs to tls-auth.key
10. What are the locations (file paths) in Ubuntu of these authentication keys?
Re: Using OpenVPN with Ubuntu
Posted: Tue Jul 09, 2013 6:43 am
by mwandelaar
innogen wrote:
8. If I wish to use the above config file on Ubuntu, I would have to extract the authentication keys into separate files such as ca.crt, username.crt, ta.key and/or tls-auth.key, am I right?
Ubuntu (as all other OS-es) work fine with inline certificates. If you wish you can extract them but there's no need for that.
Code: Select all
setenv FORWARD_COMPATIBLE 1
setenv UV_SERVERID 123
The above config file is to be used only for Microsoft Windows platform. (According to some forum members, the above config file contains inline authentication keys.)
I'm not familiair with these 2 settings and would remove them first from my config. I don't think you need to change anything else in the configfile.
9. Based on the above sample config file, am I right to state that:
Code: Select all
<ca>
-----BEGIN CERTIFICATE-----
<snip>
-----END OpenVPN Static key V1-----
</tls-auth>
belongs to tls-auth.key
10. What are the locations (file paths) in Ubuntu of these authentication keys?
Your assumptions are right. As i wrote in
my other topic there are no predefined paths in openvpn.
You could point to (for example) the ca-certificate using:
or whatever path you wish to use.
For the difference between --verb 3 and --verb 4, please review
the manpage. it's slight more verbose
Re: Using OpenVPN with Ubuntu
Posted: Tue Jul 09, 2013 1:59 pm
by innogen
mwandelaar wrote:
Ubuntu (as all other OS-es) work fine with inline certificates. If you wish you can extract them but there's no need for that.
The reason for extracting authentication data from inline certificates and creating individual authentication key files is when I wish to use the network-manager-openvpn-gnome plugin. Apparently the plugin requires one to specify the locations of the ca.crt, username.crt, ta.key and tls-auth.key files.
Re: Using OpenVPN with Ubuntu
Posted: Tue Jul 09, 2013 5:13 pm
by mwandelaar
OK, that's specific for the network-manager plugin. In that case you need to make files for the certs and key to make this work.
If you follow the earlier mentioned steps, it will work.