Portal Home > Knowledgebase > Tutorials / Guides > Other OSes > OpenVPN for any Linux/*NIX OS (Mint, Fedora, CentOS, etc.)

OpenVPN for any Linux/*NIX OS (Mint, Fedora, CentOS, etc.)

If you are unable to use Safejumper on your Linux/*NIX system, or that your system lacks of any default OpenVPN client, you will need to install and configure an OpenVPN client manually on your system.

Although not as easy as a point and click GUI, the OpenVPN Client is not all that challenging to configure and start up. We will nonetheless mention few GUI options at the end of this article.

Installation

It is necessary to install the OpenVPN client. The package to be installed is, as expected, openvpn. To install on Ubuntu, follow these easy steps:

1. Open up a terminal window.

2. Run sudo apt-get install openvpn.

3. Type the sudo password and hit Enter.

4. Accept any dependencies necessary and allow the install to complete.

You're done.
 
Configuration of the Client

Begin by download the zip files including your OpenVPN configuration files (or you can use our configuration files generator). Make sure to select the Linux ones.

1. Move all configuration files to /etc/openvpn/

2. Rename the .ovpn config files to .conf e.g. server.ovpn => server.conf

3. Go to main OpenVPN directory: cd /etc/openvpn/

4. Launch OpenVPN with your desired configuration: openvpn server.conf

5. For stopping and starting the openvpn service, use the commands: sudo service openvpn start or stop or restart

GUI Tools for Connecting to OpenVPN (suggested by Linux.com)

Both KDE and GNOME offer plugins for their network manager applets that allow VPN connection to an OpenVPN server. The necessary plugins are:

    KDE: network-manager-openvpn-kde
    GNOME: network-manager-openvpn-gnome

More than likely, those plugins will not be installed on the distribution by default. A quick search using the Add/Remove Software utility will allow for the installation of either plugin. Once installed, the use of the network manager applets is quite simple, just follow these steps (I will demonstrate using the KDE network manager applet):

1. Open up the network manager applet by clicking on the network icon in the notification area (aka System Tray.)

2. Click on the Manage Connections button.

3. Select the VPN tab.

4. Click the Add button to open up the VPN type drop-down.

5. Select OpenVPN from the list.

6. Fill out the necessary information on the OpenVPN tab (Connection Name, Gateway, Connection Type, certificate file locations). You may wish to load an .ovpn file pre-configured by our system.



7. If a static IP address is necessary then set that by selecting Manual from the Method drop-down (in the IP Address tab). As for advanced options, The general tab does not have MTU or "restrict tunnel TCP MSS" options checked.
The security tab has the cipher auto-set as "AES-256-CBC", not "BF-CBC". The TLS Authentication tab has nothing for the subject match and verify peer cert usage sig checked. No additional TLS auth settings.

8. Click OK to save the settings and dismiss the Connection Settings window.

If this client is to always be connected, the Connect Automatically check box can be checked.

Now, to connect to the OpenVPN server, using the KDE network manager applet, do the following:

1. Click on the network manager applet.

2. Click on the Virtual Private Networking button from the popup menu.

3. Select the newly created OpenVPN connection.

4. Allow the connection to negotiate authentication.

Once the authentication has been negotiated, the VPN connection will be listed as Connected in the network management applet. The VPN LAN should now be accessible.

Gadmin OpenVPN Client (still suggested by Linux.com)

If an alternative desktop is in use, or either KDE or GNOME's network manager tool doesn't fit the bill, there is another tool that does a great job of connecting to an OpenVPN server. That tool is Gadmin OpenVPN Client. This tool can easily be installed from within Synaptic, Ubuntu Software Center, PackageKit, and more. Once installed it's just a matter of firing up the tool (if it can not be found within the menu structure of your desktop, Gadmin OpenVPN Client can be started with the command sudo gadmin-openvpn-client.)

When the tool opens the first thing that needs to be done is the information for the connection must be filled in.



Make sure to scroll down and fill in all of the necessary information, which includes:

1. Connection name: Human readable name for the connection.

2. Server address: Address of OpenVPN server.

3. Server port: The port configured on the server.

4. CA cert/Cert/Key/DH Key/TA key: Location of the certificates generated on the server and then placed on the client. This configuration is all the way at the bottom of the config screen.

After all of this is configured, click the Add button and the connection will then be added. To bring up the connection, select the VPN connection to use and then click the Activate button, which will start the process of certificate negotiation. After the negotiation process is complete, the VPN Network should be available.

Voilà, you should now be able to configure your Linux/*NIX system to be able to connect successfully to our network with OpenVPN.

NB: If you encounter difficulties to connect with OpenVPN, please try to connect to other servers or try alternative ports, especially more "discreet" ones such as TCP 443 or TCP 80. Please also make sure that the port you are connecting through is fully opened in your firewall/router/network. Below, you will find an aggregate of useful guides and articles that will help you troubleshoot your problems, should you have any.

I cannot find the .ovpn and .crt files necessary for OpenVPN. Where are they?
No matter how hard I try, I cannot succesfully connect to OpenVPN.
I can't access any website through my browser while connected to VPN.
I am connected to the VPN but my IP is not yet hidden. Help!
I am having some kind of other problem. Where can I find some help?
How can I find the local log files of my VPN client?

If you still cannot connect successfully, please open a support ticket and include either a copy of your logs or a screenshot of your configuration and encountered errors. Logs can usually be found in software menus or settings, as well as their directories of installation (.log or .txt files). If you do not include a log or a screenshot, it will be hard for us to help you resolve the issues you have with connecting to our network.
Related Knowledgebase Articles
OpenVPN for DD-WRT (Views: 5505)