I ran across a sweet script for installing and configuring openvpn on debian based (ubuntu, linux mint, etc...) OS's.
Since OMV is debian based, it works perfectly. Here is the script:
You simply download and run it in a single line:
wget http://git.io/vpn --no-check-certificate -O openvpn-install.sh; chmod +x openvpn-install.sh; ./openvpn-install.sh
The steps below look like a lot of steps, but its not really. I ran a single command and then the script just asks you questions.
My step by step install:
root@omv:~# wget http://git.io/vpn --no-check-certificate -O openvpn-install.sh; chmod +x openvpn-install.sh; ./openvpn-install.sh Welcome to this quick OpenVPN "road warrior" installer I need to ask you a few questions before starting the setup You can leave the default options and just press enter if you are ok with them First I need to know the IPv4 address of the network interface you want OpenVPN listening to. IP address: 192.168.123.120
IP address: 192.168.123.120 is auto filled in for me with the IP of the OMV server. I just left this as default.
What port do you want for OpenVPN? Port: 1194
This is the default openvpn port. Leave it be.
Do you want OpenVPN to be available at port 53 too? This can be useful to connect under restrictive networks Listen at port 53 [y/n]:
I don't think this is nessisary, but I said
y (yes). Port 53 is used for DNS, so maybe openvpn can route through that? Weird. I will forward port 1194 from the router anyway (see below).
Finally, tell me your name for the client cert Please, use one word only, no special characters Client name: client
client to be something like "family" or "olsonhouse".... doesn't really matter. Just don't put spaces or weird characters.
This will install everything, setup your certificate files. It will add generic certificate info that you can ignore, something like:
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'US' stateOrProvinceName :PRINTABLE:'CA' localityName :PRINTABLE:'SanFrancisco' organizationName :PRINTABLE:'Fort-Funston' commonName :PRINTABLE:'client' emailAddress :IA5STRING:'email@example.com' Certificate is to be certified until Mar 18 15:21:02 2024 GMT (3650 days)
You can ignore that stuff.. not really important.
............................+.......................... ....................................................... ....................+.................................. ......................++*++* Stopping virtual private network daemon:. Starting virtual private network daemon: server. Looks like your server is behind a NAT! If your server is NATed (LowEndSpirit), I need to know the external IP If that's not the case, just ignore this and leave the next field blank External IP:
For external IP, I added my dynamic dns domain name. So it doesn't have to be an IP, and probably shouldn't be if your IP changes often (as most residentual IP's do).
You can see how I setup my dynamic dns here.
But I put in
dyndns.mysite.com when it asked for
Finished! Your client config is available at ~/ovpn-client.tar.gz If you want to add more clients, you simply need to run this script another time!
It creates the openvpn client config and keys for me :) and tars them up into the file
Adding/Removing Clients or Removing OpenVPN
./openvpn-install.sh script. It will give you some nice options like:
Looks like OpenVPN is already installed What do you want to do? 1) Add a cert for a new user 2) Revoke existing user cert 3) Remove OpenVPN 4) Exit Select an option [1-4]:
If you screw up your install, just choose 3 and then run the script again, reboot, and re-install.
NOTE/WARNING: If you install this several times, it will add several lines to your iptables that may conflict and you could get unexpected results. To fix this you can clear your IPtables after removing it, or reboot. Reboot is better...
In your router, forward UDP port 1194 to your internal OMV server IP. DO NOT forward UDP port 53, its for DNS and will break stuff.
Installing the OpenVPN Client on Your Remote Computer
Copy your client file (in my case
ovpn-client.tar.gz) to your remote computer (I used
scp). Your tar file should contain something like so:
- On your remote computer, install the open vpn client. Download from here: http://openvpn.net/index.php/download/community-downloads.html
- After install, copy your openvpn client files (from the tar) to the
- Rename the
client.conffile to be
- Your config folder should look like so:
Your basically done. The only other trick is to make sure you open OpenVPN GUI with admin access:
It will seem like nothing happend, but it will have put a little two-computer icon in your taskbar. Right click it and click connect.
If you dont' have the option to connect, you probably didn't copy in your config file (and rename it) correctly.
This has nothing to do w/ the script above, but if you want a web interface, you could probably just install OpenVPN Access Server instead:
Get the latest deb from here: https://openvpn.net/index.php/access-server/download-openvpn-as-sw/113.html?osfamily=Debian
This option is ok... but it has license limitations (2 concurrent users) and is more complicated than the script above.