I ran across a sweet script for installing and configuring openvpn on debian based (ubuntu, linux mint, etc...) OS's.

Since OMV is debian based, it works perfectly. Here is the script:

https://github.com/Nyr/openvpn-install

You simply download and run it in a single line:

wget http://git.io/vpn --no-check-certificate -O openvpn-install.sh; chmod +x openvpn-install.sh; ./openvpn-install.sh

Sweet hu.

The steps below look like a lot of steps, but its not really. I ran a single command and then the script just asks you questions.

My step by step install:

Step 1:

root@omv:~# wget http://git.io/vpn --no-check-certificate -O openvpn-install.sh; chmod +x openvpn-install.sh; ./openvpn-install.sh
Welcome to this quick OpenVPN "road warrior" installer

I need to ask you a few questions before starting the setup
You can leave the default options and just press enter if you are ok with them

First I need to know the IPv4 address of the network interface you want OpenVPN
listening to.
IP address: 192.168.123.120

IP address: 192.168.123.120 is auto filled in for me with the IP of the OMV server. I just left this as default.

Step 2:

What port do you want for OpenVPN?
Port: 1194

This is the default openvpn port. Leave it be.

Step 3:

Do you want OpenVPN to be available at port 53 too?
This can be useful to connect under restrictive networks
Listen at port 53 [y/n]: 

I don't think this is nessisary, but I said y (yes). Port 53 is used for DNS, so maybe openvpn can route through that? Weird. I will forward port 1194 from the router anyway (see below).

Step 4:

Finally, tell me your name for the client cert
Please, use one word only, no special characters
Client name: client

I changed client to be something like "family" or "olsonhouse".... doesn't really matter. Just don't put spaces or weird characters.

Step 5:

This will install everything, setup your certificate files. It will add generic certificate info that you can ignore, something like:

Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'US'
stateOrProvinceName   :PRINTABLE:'CA'
localityName          :PRINTABLE:'SanFrancisco'
organizationName      :PRINTABLE:'Fort-Funston'
commonName            :PRINTABLE:'client'
emailAddress          :IA5STRING:'me@myhost.mydomain'
Certificate is to be certified until Mar 18 15:21:02 2024 GMT (3650 days)

You can ignore that stuff.. not really important.

Step 6:

............................+..........................
.......................................................
....................+..................................
......................++*++*
Stopping virtual private network daemon:.
Starting virtual private network daemon: server.

Looks like your server is behind a NAT!

If your server is NATed (LowEndSpirit), I need to know the external IP
If that's not the case, just ignore this and leave the next field blank
External IP:

For external IP, I added my dynamic dns domain name. So it doesn't have to be an IP, and probably shouldn't be if your IP changes often (as most residentual IP's do).

You can see how I setup my dynamic dns here.

But I put in dyndns.mysite.com when it asked for External IP:.

Finished!

Finished!

Your client config is available at ~/ovpn-client.tar.gz
If you want to add more clients, you simply need to run this script another time!

It creates the openvpn client config and keys for me :) and tars them up into the file ovpn-client.tar.gz

Adding/Removing Clients or Removing OpenVPN

Just re-run ./openvpn-install.sh script. It will give you some nice options like:

Looks like OpenVPN is already installed
What do you want to do?

1) Add a cert for a new user
2) Revoke existing user cert
3) Remove OpenVPN
4) Exit

Select an option [1-4]:

If you screw up your install, just choose 3 and then run the script again, reboot, and re-install.

NOTE/WARNING: If you install this several times, it will add several lines to your iptables that may conflict and you could get unexpected results. To fix this you can clear your IPtables after removing it, or reboot. Reboot is better...

Port Forwarding

In your router, forward UDP port 1194 to your internal OMV server IP. DO NOT forward UDP port 53, its for DNS and will break stuff.

Installing the OpenVPN Client on Your Remote Computer

Copy your client file (in my case ovpn-client.tar.gz) to your remote computer (I used scp). Your tar file should contain something like so:

Steps:

  • On your remote computer, install the open vpn client. Download from here: http://openvpn.net/index.php/download/community-downloads.html
  • After install, copy your openvpn client files (from the tar) to the C:\Program Files\OpenVPN\config folder.
  • Rename the client.conf file to be client.ovpn
  • Your config folder should look like so:

Your basically done. The only other trick is to make sure you open OpenVPN GUI with admin access:

It will seem like nothing happend, but it will have put a little two-computer icon in your taskbar. Right click it and click connect.

If you dont' have the option to connect, you probably didn't copy in your config file (and rename it) correctly.

UPDATE:

This has nothing to do w/ the script above, but if you want a web interface, you could probably just install OpenVPN Access Server instead:
http://www.unixmen.com/install-openvpn-asaccess-server-on-ubuntu-debian/

Get the latest deb from here: https://openvpn.net/index.php/access-server/download-openvpn-as-sw/113.html?osfamily=Debian

This option is ok... but it has license limitations (2 concurrent users) and is more complicated than the script above.