|Home » Categories » Multiple Categories|
How to Setup and Configure an OpenVPN Server on Debian 6
Article Number: 191 | Rating: Unrated | Last Updated: Sun, Jan 5, 2014 at 8:25 PM
Getting StartedYou will need to open an SSH connection on your cloud server as the root user or an SSH connection to a user with sudo access. This guide assumes a user with sudo access. However you can set things up using root just by stripping the 'sudo' from the start of each command. If your system is running on Linux or Mac, you can use SSH with the Terminal program. If you are using Windows, you can use SSH with puTTY. Once you have the Terminal opened, assuming you're using a Linux/Mac system, you can login by typing the following command:
ssh username@ipaddressEnter the password when you're asked to, and you're ready to start setting up OpenVPN.
Install OpenVPN and generate necessary filesBefore we start installing OpenVPN and its prerequisites, we should make sure all of the packages on our system are up to date. We can do that with the following command:
sudo apt-get updateThis should have apt, Debian's package manager. Download all the updates for any packages that have them.
sudo apt-get upgradeAfter our system has downloaded all its updates, we can finally install OpenVPN.
sudo apt-get install openvpn udevOnce the installation is done, you are ready to begin configuring OpenVPN. To begin, you should copy all the files for encryption from their default directory into the directory they should be in for the cloud server to read them.
sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpnNow that you've done that, you can begin generating the RSA algorithm files for your VPN. You will be asked to provide various values when you're generating these keys. You can set these to whatever you would like to, but bear in mind that they will be included in the certificates you generate.
To begin, access into the following directory:
cd /etc/openvpn/easy-rsa/2.0/Then generate the RSA files:
sudo ./varsAfter the certificate is generated, you can make the private key for the server. To do this, type the following command, and change 'server' to what you'd like the name of your OpenVPN server to be. This script will also ask you for information.
sudo . /etc/openvpn/easy-rsa/2.0/build-key-server serverGenerate the Diffie Hellman key exchange parameters.
sudo . /etc/openvpn/easy-rsa/2.0/build-dhNow generate the keys for each client this installation of OpenVPN will host. You should do this step for each client this installation will host, making sure each client's key identifier is unique.
sudo . /etc/openvpn/easy-rsa/2.0/build-key clientMove the files for the server certificates and keys to the /etc/openvpn directory now. Replace server.crt and server.key with the file names that you used.
sudo cp /etc/openvpn/easy-rsa/2.0/keys/ca.crt /etc/openvpnIf you need to remove someone's access to the VPN, just send the following two commands. Replacing 'client' with the name of the client to be removed.
sudo . /etc/openvpn/easy-rsa/2.0/vars sudo . /etc/openvpn/easy-rsa/2.0/revoke-full client1
Configure OpenVPNNow that you have generated the files for our configuration, you can go ahead and configure your OpenVPN server and client. To retrieve the files, execute the following commands:
sudo gunzip -d /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gzYou should modify the client configuration file to match what you'd like it to do. You can also modify several values in the following file to match what you'd like. In order to do this, you first change the 'remote' option so it can connect to your cloud server's IP address on whichever port you configured your OpenVPN to run on. Then change the 'cert' and 'key' values to reflect the names of your own certificate and key. After these values have been edited you can save the file by typing in Ctrl+X, type 'y', then hit Enter.
Now copy the client configuration file, along with the client keys and certificates located in /etc/openvpn/easy-rsa/2.0/keys to the local machines of the clients.
nano ~/client.confAfter you've done this, you just need to make a few changes to your server configuration file before we finalize. Change the files that the 'cert' and 'key' options point to in the following file to match the certificate and key that your server is using.
sudo nano /etc/openvpn/server.confAfter that's finished, you're ready to go! Just restart OpenVPN and you've got a working OpenVPN installation on Debian 6!
sudo /etc/init.d/openvpn restart
There are no attachments for this article.
How To Use a Simple Bash Script To Restart Server Programs
Viewed 675 times since Fri, Dec 27, 2013
How To Install Git on Debian 7
Viewed 675 times since Fri, Dec 27, 2013
How To Install Linux, Nginx, MySQL, PHP (LEMP) Stack on Debian 7
Viewed 970 times since Fri, Dec 27, 2013
How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Arch Linux
Viewed 1754 times since Fri, Dec 27, 2013
An Introduction to Linux Basics
Viewed 588 times since Fri, Dec 27, 2013
How To Use HAProxy to Set Up MySQL Load Balancing
Viewed 1299 times since Thu, Dec 26, 2013
How To Install phpMyAdmin on a LEMP server
Viewed 628 times since Thu, Dec 26, 2013
How To Set Up an NFS Mount on Ubuntu 12.04
Viewed 1353 times since Tue, Dec 24, 2013
How to Setup Additional Entropy for Cloud Servers Using Haveged
Viewed 663 times since Sat, Jan 4, 2014
How To Import and Export Databases and Reset a Root Password in MySQL
Viewed 602 times since Thu, Dec 26, 2013