VPN Ubuntu

From Amahi Wiki
Jump to: navigation, search

Setting up the OpenVPN client Under Ubuntu 10.04

Installing on 10.04 is similar as below, however, there is a known issue in 10.04 where you put in the settings and after closing the dialogs, the edit dialog has all the certificate filenames replaced with directories from a folder and the custom port checkbox is now unchecked.

The suggestion for 10.04 is to try moving those files into a different folder. (e.g. to the Downloads folder). Another folder name, such as "VPN," should probably work fine. If that still doesn't work, try removing the connection and re-do the whole sequence, except point the dialog to the ones in that new folder.

Setting up the OpenVPN client Under Ubuntu 9.10

Not everyone feels comfortable working from the Linux CLI (Command Line Interface), and so the alternate set-up instructions for connecting to Amahi's OpenVPN service might seem a bit intimidating to some. Here is a step-by-step tutorial explaining how to get VPN (Virtual Private Networking) running under a GUI (Graphical User Interface) in Ubuntu 9.10, a distribution of Linux.

Step #1: Install the OpenVPN Application

Although you don't have to understand much about OpenVPN, the FOSS (Free Open Source Software) program Amahi uses for secure connections from outside your Amahi HDA (Home Digital Assistant, the Amahi server you've set up), you do have to have the OpenVPN software installed on your Linux machine. In the case of Ubuntu 9.10 (and 9.04), this isn't installed by default, but, like most Linux distros (short for distributions, the “flavor” of Linux you've chosen), this is relatively straightforward and easy.

Pull down the Applications menu and choose Ubuntu Software Center. (This used to be called “Add/Remove” in previous versions of Ubuntu.)

The location of the Ubuntu Software Center menu option

The Software Center dialog box appears, with the cursor blinking in the text input box.

The Ubuntu Software Center

Type in the letters “VPN” (without the quotes, case doesn't matter). That quickly narrows down the options to programs related to VPN. Your sifted options will look something like this:

Narrowing down the field to just VPN software

The program we're after is “VPN Connection Manager (OpenVPN).” Highlight that by clicking on it, and note the arrow on the right-hand side of the highlighted line.

Selecting the OpenVPN application from the list.

Click on the arrow. What appears is a brief description of the program and the option to install it:

A description of the OpenVPN software to be installed, as well as the Install button.

Click the “Install” button. Does the installation happen right away? No, not until you authorize it; this is Linux, not a virus-prone operating system:

Granting authorization for the install process...

Give it your user/administrator password and the installation will proceed:

The install process

Most times, Ubuntu 9.10 will show a progress bar (with percentages) over on the right, but this time it didn't. Apparently, “your mileage may vary.” At least you know that when the “In Progress” message disappears that your OpenVPN software is installed. Close out of the Software Center and proceed to Step #2.

Step #2: Actually Setting Up the VPN Connection

Before we proceed, take note of several things:

  1. You must download the certificates. They can be found on the OpenVPN Client Certificates download page. Save each file in your /home/[username] folder (where "[username]" is your main log-in username).

  2. The actual VPN connection must be made from OUTSIDE your home network. You can't test your VPN setup (which presumes, like “E.T.,” that you're trying to “home phone” from somewhere else) if you're still INSIDE your home network. In my case, I explained to my patient neighbors what I needed to do and got permission from them to connect to their Wi-Fi router. (It helped the situation that I've helped fix and de-louse their computer on numerous occaisions.) Thus I could test this while at home, but still be “away” as far as the network was concerned.

All right. You have the files on your hard drive, and you and your laptop are somewhere else (perhaps quaffing a latte at Starbucks or increasing your cholesterol at McDonalds) and you're ready to set up your VPN connection. Here are the steps:

Left-click the wireless connection display up near the date and time in the upper right-hand corner of the screen. When you left-click, you should see the nearby wireless routers and an option you didn't notice before:

Locating the VPN Configuration option on the wireless-connection menu

From the “VPN Connections” option, open the sub-menu and choose “Configure VPN...” That brings you to a tabbed dialog box with the VPN tab already chosen. Click on the “Add” button.

The Network Connections dialog box, with the VPN tab "on top."

Now you'll choose a VPN Connection type. If the only VPN software installed on your system is Open VPN, this is the only option you have. Click on the “Create” button:

Choosing a VPN connection type

We'll be working with the following dialog box in the next few screenshots. When first presented it looks like this:

The VPN Connection profile dialog as it first appears

Give your VPN a Connection Name. Being Mr. Unoriginality, I chose “hda,” but if you're the creative type, knock yourself out. Now let's change the Authentication Type. We'll choose “Password with Certificates (TLS),” as shown below:

Choosing an Authentication Type

Your Amahi name forms the first part of your Gateway name: [Amahiname].yourhda.com.

Now provide your hda username and user password. If there's more than one computer user at home, there are probably more than one of these. (This is NOT your overall Amahi.org account name and password.)

I've used HariSeldon in this example and, by checking “Display Passwords” below, I've demonstrated that you don't have to “type in dark” when it comes to your password.

Adding the Gateway, Username, and Password

Now we're going to make use of those .KEY and .CRT files you downloaded earlier. Using the example below (and assuming you know how to use the “file” button on each line to navigate to the location of the file needed), you fill in “User Certificate” and “CA Certificate” and “Private Key” as shown below:

Adding the Gateway, Username, and Password

Now we need to change one more setting by clicking on the “Advanced” button, which will bring up the following dialog box. Check (or “tick” as my English friends say) the box which says “Use LZO data compression.” (No, I don't have a clue what LZO is; just check the box!)

OpenVPN Advanced Options dialog box

A click on “OK” will return us to the main Edit dialog box...

Click Apply to save the VPN profile

...where we will click the “Apply” button to save this VPN profile. That will return us to another familiar screen:

The VPN profile is now saved. Click on the Close button to finish the configuration.

Note that your profile has been saved by the name you chose. Now click the “Close” button.

Step #3: Connecting Via OpenVPN

Take a deep breath. Assuming you've followed the above instructions carefully (and assuming I haven't left out any steps), you're ready to connect back to your Amahi server via OpenVPN. Here's how.

Once again, left-click on the wireless-connection icon in the upper screen panel. As before, choose “VPN Connections,” but this time when the sub-menu flies out, you'll see the name of the VPN profile you created. Click on that.

Launching an OpenVPN connection to your Amahi server.

If this is the first time you attempted using this connection, Ubuntu will seek your permission to add the security information in your VPN connection profile into its “keyring” (the place Ubuntu stores your other passwords). Click “Always Allow.”

Allowing the OpenVPN application to access the Ubuntu keyring.

If you look carefully at the wireless-connection icon in the upper panel, you'll see a sort of “spinning doughnut” that pops up a small padlock on every revolution. That means that OpenVPN is attempting to make the secure VPN connection. Be patient.

Activity in the wireless-connection icon area.

And note that once in a while, the attempt may time out and you'll see something like the following pop-up message:

“VPN Connection Failed” message.

(Note the Spinning Doughnut to the left of the sound/volume icon, above.) If at first you don't succeed, try, try again.

Note that when you DO connect, your wireless-connection icon will change subtly, showing a padlock over your signal-strength “antenna”:

The VPN connection “padlock” in the wireless-connection icon.

If you hover your cursor over that same icon, a pop-out will also give you a confirmation message:

A “word balloon” confirmation of the VPN connection

Of course, the “proof of the pudding” is whether or not you can pull up your Amahi server in a browser window by typing “http://hda/”:

The Amahi server dashboard page – via your VPN connection!

Once you see that, you know you're in. Congratulations!

To disconnect your VPN session, left-click your wireless-connection icon. Choose “VPN Connections” as before, but this time choose “Disconnect VPN.” That's it – your secure session is terminated.

Disconnecting the VPN session

If this doesn't work for you, posting questions in the Amahi forums