Setting up the OpenVPN client Under Ubuntu 10.04
Installing on 10.04 is similar as below, however, there is a known issue in 10.04 where you put in the settings and after closing the dialogs, the edit dialog has all the certificate filenames replaced with directories from a folder and the custom port checkbox is now unchecked.
The suggestion for 10.04 is to try moving those files into a different folder. (e.g. to the Downloads folder). Another folder name, such as "VPN," should probably work fine. If that still doesn't work, try removing the connection and re-do the whole sequence, except point the dialog to the ones in that new folder.
Setting up the OpenVPN client Under Ubuntu 9.10
Not everyone feels comfortable working from the Linux CLI (Command Line Interface), and so the alternate set-up instructions for connecting to Amahi's OpenVPN service might seem a bit intimidating to some. Here is a step-by-step tutorial explaining how to get VPN (Virtual Private Networking) running under a GUI (Graphical User Interface) in Ubuntu 9.10, a distribution of Linux.
Step #1: Install the OpenVPN Application
Although you don't have to understand much about OpenVPN, the FOSS (Free Open Source Software) program Amahi uses for secure connections from outside your Amahi HDA (Home Digital Assistant, the Amahi server you've set up), you do have to have the OpenVPN software installed on your Linux machine. In the case of Ubuntu 9.10 (and 9.04), this isn't installed by default, but, like most Linux distros (short for distributions, the “flavor” of Linux you've chosen), this is relatively straightforward and easy.
Pull down the Applications menu and choose Ubuntu Software Center. (This used to be called “Add/Remove” in previous versions of Ubuntu.)
The Software Center dialog box appears, with the cursor blinking in the text input box.
Type in the letters “VPN” (without the quotes, case doesn't matter). That quickly narrows down the options to programs related to VPN. Your sifted options will look something like this:
The program we're after is “VPN Connection Manager (OpenVPN).” Highlight that by clicking on it, and note the arrow on the right-hand side of the highlighted line.
Click on the arrow. What appears is a brief description of the program and the option to install it:
Click the “Install” button. Does the installation happen right away? No, not until you authorize it; this is Linux, not a virus-prone operating system:
Give it your user/administrator password and the installation will proceed:
Most times, Ubuntu 9.10 will show a progress bar (with percentages) over on the right, but this time it didn't. Apparently, “your mileage may vary.” At least you know that when the “In Progress” message disappears that your OpenVPN software is installed. Close out of the Software Center and proceed to Step #2.
Step #2: Actually Setting Up the VPN Connection
Before we proceed, take note of several things:
- You must download the certificates. They can be found on the OpenVPN Client Certificates download page. Save each file in your /home/[username] folder (where "[username]" is your main log-in username).
- The actual VPN connection must be made from OUTSIDE your home network. You can't test your VPN setup (which presumes, like “E.T.,” that you're trying to “home phone” from somewhere else) if you're still INSIDE your home network. In my case, I explained to my patient neighbors what I needed to do and got permission from them to connect to their Wi-Fi router. (It helped the situation that I've helped fix and de-louse their computer on numerous occaisions.) Thus I could test this while at home, but still be “away” as far as the network was concerned.
All right. You have the files on your hard drive, and you and your laptop are somewhere else (perhaps quaffing a latte at Starbucks or increasing your cholesterol at McDonalds) and you're ready to set up your VPN connection. Here are the steps:
Left-click the wireless connection display up near the date and time in the upper right-hand corner of the screen. When you left-click, you should see the nearby wireless routers and an option you didn't notice before:
From the “VPN Connections” option, open the sub-menu and choose “Configure VPN...” That brings you to a tabbed dialog box with the VPN tab already chosen. Click on the “Add” button.
Now you'll choose a VPN Connection type. If the only VPN software installed on your system is Open VPN, this is the only option you have. Click on the “Create” button:
We'll be working with the following dialog box in the next few screenshots. When first presented it looks like this:
Give your VPN a Connection Name. Being Mr. Unoriginality, I chose “hda,” but if you're the creative type, knock yourself out. Now let's change the Authentication Type. We'll choose “Password with Certificates (TLS),” as shown below:
Your Amahi name forms the first part of your Gateway name: [Amahiname].yourhda.com.
Now provide your hda username and user password. If there's more than one computer user at home, there are probably more than one of these. (This is NOT your overall Amahi.org account name and password.)
I've used HariSeldon in this example and, by checking “Display Passwords” below, I've demonstrated that you don't have to “type in dark” when it comes to your password.
Now we're going to make use of those .KEY and .CRT files you downloaded earlier. Using the example below (and assuming you know how to use the “file” button on each line to navigate to the location of the file needed), you fill in “User Certificate” and “CA Certificate” and “Private Key” as shown below:
Now we need to change one more setting by clicking on the “Advanced” button, which will bring up the following dialog box. Check (or “tick” as my English friends say) the box which says “Use LZO data compression.” (No, I don't have a clue what LZO is; just check the box!)
A click on “OK” will return us to the main Edit dialog box...
...where we will click the “Apply” button to save this VPN profile. That will return us to another familiar screen:
Note that your profile has been saved by the name you chose. Now click the “Close” button.
Step #3: Connecting Via OpenVPN
Take a deep breath. Assuming you've followed the above instructions carefully (and assuming I haven't left out any steps), you're ready to connect back to your Amahi server via OpenVPN. Here's how.
Once again, left-click on the wireless-connection icon in the upper screen panel. As before, choose “VPN Connections,” but this time when the sub-menu flies out, you'll see the name of the VPN profile you created. Click on that.
If this is the first time you attempted using this connection, Ubuntu will seek your permission to add the security information in your VPN connection profile into its “keyring” (the place Ubuntu stores your other passwords). Click “Always Allow.”
If you look carefully at the wireless-connection icon in the upper panel, you'll see a sort of “spinning doughnut” that pops up a small padlock on every revolution. That means that OpenVPN is attempting to make the secure VPN connection. Be patient.
And note that once in a while, the attempt may time out and you'll see something like the following pop-up message:
(Note the Spinning Doughnut to the left of the sound/volume icon, above.) If at first you don't succeed, try, try again.
Note that when you DO connect, your wireless-connection icon will change subtly, showing a padlock over your signal-strength “antenna”:
If you hover your cursor over that same icon, a pop-out will also give you a confirmation message:
Of course, the “proof of the pudding” is whether or not you can pull up your Amahi server in a browser window by typing “http://hda/”:
Once you see that, you know you're in. Congratulations!
To disconnect your VPN session, left-click your wireless-connection icon. Choose “VPN Connections” as before, but this time choose “Disconnect VPN.” That's it – your secure session is terminated.
If this doesn't work for you, posting questions in the Amahi forums