Difference between revisions of "VPN Ubuntu"

From Amahi Wiki
Jump to: navigation, search
Line 53: Line 53:
  
  
==STEP #2: Actually Setting Up the VPN Connection==
+
==Step #2: Actually Setting Up the VPN Connection==
  
 
Before we proceed, take note of several things:
 
Before we proceed, take note of several things:
  
#You must download the three files mentioned on the previous wiki page:<br/>
+
#You must download the following three files, right-clicking on each file name and choosing '''Save File As...''' from the pop-up menu.  Save each file in your '''/home/[username]''' folder (where "[username]" is your main log-in username):<br/>
## AmahiHDAClient.crt;<br/>
+
## [http://wiki.amahi.org/images/3/3a/AmahiHDAClient.crt AmahiHDAClient.crt]
## AmahiHDAClient.key; and,<br/>
+
## [http://wiki.amahi.org/images/1/16/AmahiHDAClient.key AmahiHDAClient.key]
## Ca-cert.ca<br/>
+
## [http://wiki.amahi.org/images/9/96/Ca-cert.crt Ca-cert.crt]
 
# The actual VPN connection must be made from OUTSIDE your home network.  You can't test your VPN setup (which presumes, like “E.T.,” that you're trying to “home phone” from somewhere else) if you're still INSIDE your home network.  In my case, I explained to my patient neighbors what I needed to do and got permission from them to connect to their Wi-Fi router.  (It helped the situation that I've helped fix and de-louse their computer on numerous occaisions.)  Thus I could test this while at home, but still be “away” as far as the network was concerned.
 
# The actual VPN connection must be made from OUTSIDE your home network.  You can't test your VPN setup (which presumes, like “E.T.,” that you're trying to “home phone” from somewhere else) if you're still INSIDE your home network.  In my case, I explained to my patient neighbors what I needed to do and got permission from them to connect to their Wi-Fi router.  (It helped the situation that I've helped fix and de-louse their computer on numerous occaisions.)  Thus I could test this while at home, but still be “away” as far as the network was concerned.
  

Revision as of 03:05, 25 October 2009

Setting Up OpenVPN for Amahi Server Under Ubuntu 9.10

Not everyone feels comfortable working from the Linux CLI (Command Line Interface), and so the alternate set-up instructions for connecting to Amahi's OpenVPN service might seem a bit intimidating to some. Here is a step-by-step tutorial explaining how to get VPN (Virtual Private Networking) running under a GUI (Graphical User Interface) in Ubuntu 9.10, a distribution of Linux.

Step #1: Install the OpenVPN Application

Although you don't have to understand much about OpenVPN, the FOSS (Free Open Source Software) program Amahi uses for secure connections from outside your Amahi HDA (Home Digital Assistant, the Amahi server you've set up), you do have to have the OpenVPN software installed on your Linux machine. In the case of Ubuntu 9.10 (and 9.04), this isn't installed by default, but, like most Linux distros (short for distributions, the “flavor” of Linux you've chosen), this is relatively straightforward and easy.

Pull down the Applications menu and choose Ubuntu Software Center. (This used to be called “Add/Remove” in previous versions of Ubuntu.)


The location of the Ubuntu Software Center menu option


The Software Center dialog box appears, with the cursor blinking in the text input box.


The Ubuntu Software Center


Type in the letters “VPN” (without the quotes, case doesn't matter). That quickly narrows down the options to programs related to VPN. Your sifted options will look something like this:


Narrowing down the field to just VPN software


The program we're after is “VPN Connection Manager (OpenVPN).” Highlight that by clicking on it, and note the arrow on the right-hand side of the highlighted line.


Selecting the OpenVPN application from the list.


Click on the arrow. What appears is a brief description of the program and the option to install it:


A description of the OpenVPN software to be installed, as well as the Install button.


Click the “Install” button. Does the installation happen right away? No, not until you authorize it; this is Linux, not a virus-prone operating system:


Granting authorization for the install process...


Give it your user/administrator password and the installation will proceed:


The install process


Most times, Ubuntu 9.10 will show a progress bar (with percentages) over on the right, but this time it didn't. Apparently, “your mileage may vary.” At least you know that when the “In Progress” message disappears that your OpenVPN software is installed. Close out of the Software Center and proceed to Step #2.


Step #2: Actually Setting Up the VPN Connection

Before we proceed, take note of several things:

  1. You must download the following three files, right-clicking on each file name and choosing Save File As... from the pop-up menu. Save each file in your /home/[username] folder (where "[username]" is your main log-in username):
    1. AmahiHDAClient.crt
    2. AmahiHDAClient.key
    3. Ca-cert.crt
  2. The actual VPN connection must be made from OUTSIDE your home network. You can't test your VPN setup (which presumes, like “E.T.,” that you're trying to “home phone” from somewhere else) if you're still INSIDE your home network. In my case, I explained to my patient neighbors what I needed to do and got permission from them to connect to their Wi-Fi router. (It helped the situation that I've helped fix and de-louse their computer on numerous occaisions.) Thus I could test this while at home, but still be “away” as far as the network was concerned.

All right. You have the files on your hard drive, and you and your laptop are somewhere else (perhaps quaffing a latte at Starbucks or increasing your cholesterol at McDonalds) and you're ready to set up your VPN connection. Here are the steps:

Left-click the wireless connection display up near the date and time in the upper right-hand corner of the screen. When you left-click, you should see the nearby wireless routers and an option you didn't notice before:


Locating the VPN Configuration option on the wireless-connection menu


From the “VPN Connections” option, open the sub-menu and choose “Configure VPN...” That brings you to a tabbed dialog box with the VPN tab already chosen. Click on the “Add” button.


The Network Connections dialog box, with the VPN tab "on top."


Now you'll choose a VPN Connection type. If the only VPN software installed on your system is Open VPN, this is the only option you have. Click on the “Create” button:


Choosing a VPN connection type


We'll be working with the following dialog box in the next few screenshots. When first presented it looks like this:


The VPN Connection profile dialog as it first appears


Give your VPN a Connection Name. Being Mr. Unoriginality, I chose “hda,” but if you're the creative type, knock yourself out. Now let's change the Authentication Type. We'll choose “Password with Certificates (TLS),” as shown below:


Choosing an Authentication Type


Your Amahi name forms the first part of your Gateway name: [Amahiname].yourhda.com. Although it's not my real gateway name, for the purposes of this tutorial, I have given a tip of the hat to Isaac Asimov and his Foundation Trilogy. Now provide your hda username and user password. If there's more than one computer user at home, there are probably more than one of these. (This is NOT your overall Amahi account name and password.) I've used HariSeldon in this example and, by checking “Display Passwords” below, I've demonstrated that you don't have to “type in dark” when it comes to your password. (Five bonus points are awarded if you know who R. Dos Venabili is, and TEN extra points are awarded if you know what the abbreviation “R.” stands for.)


Adding the Gateway, Username, and Password


Now we're going to make use of those .KEY and .CRT files you downloaded earlier. Using the example below (and assuming you know how to use the “file” button on each line to navigate to the location of the file needed), you fill in “User Certificate” and “CA Certificate” and “Private Key” as shown below:


Adding the Gateway, Username, and Password


Now we need to change one more setting by clicking on the “Advanced” button, which will bring up the following dialog box. Check (or “tick” as my English friends say) the box which says “Use LZO data compression.” (No, I don't have a clue what LZO is; just check the box!)


OpenVPN Advanced Options dialog box


A click on “OK” will return us to the main Edit dialog box...


Click Apply to save the VPN profile


...where we will click the “Apply” button to save this VPN profile. That will return us to another familiar screen:


The VPN profile is now saved. Click on the Close button to finish the configuration.


Note that your profile has been saved by the name you chose. Now click the “Close” button.

Step #3: Connecting Via OpenVPN

Take a deep breath. Assuming you've followed the above instructions carefully (and assuming I haven't left out any steps), you're ready to connect back to your Amahi server via OpenVPN. Here's how.

Once again, left-click on the wireless-connection icon in the upper screen panel. As before, choose “VPN Connections,” but this time when the sub-menu flies out, you'll see the name of the VPN profile you created. Click on that.


Launching an OpenVPN connection to your Amahi server.


If this is the first time you attempted using this connection, Ubuntu will seek your permission to add the security information in your VPN connection profile into its “keyring” (the place Ubuntu stores your other passwords). Click “Always Allow.”


Allowing the OpenVPN application to access the Ubuntu keyring.


If you look carefully at the wireless-connection icon in the upper panel, you'll see a sort of “spinning doughnut” that pops up a small padlock on every revolution. That means that OpenVPN is attempting to make the secure VPN connection. Be patient.


Activity in the wireless-connection icon area.


And note that once in a while, the attempt may time out and you'll see something like the following pop-up message:


“VPN Connection Failed” message.


(Note the Spinning Doughnut to the left of the sound/volume icon, above.) If at first you don't succeed, try, try again.

Note that when you DO connect, your wireless-connection icon will change subtly, showing a padlock over your signal-strength “antenna”:


The VPN connection “padlock” in the wireless-connection icon.


If you hover your cursor over that same icon, a pop-out will also give you a confirmation message:


A “word balloon” confirmation of the VPN connection


Of course, the “proof of the pudding” is whether or not you can pull up your Amahi server in a browser window by typing “http://hda/”:


The Amahi server dashboard page – via your VPN connection!


Once you see that, you know you're in. Congratulations!

Ah, but sooner or later, you'll have to leave McDonalds. Or are you at Starbucks? I can't remember. Anyway, to disconnect your VPN session, left-click your wireless-connection icon. Choose “VPN Connections” as before, but this time choose “Disconnect VPN.” That's it – your secure session is terminated.


Disconnecting the VPN session


If this doesn't work for you, posting questions about what I've written is relatively useless, because:

  1. I'm a relative newcomer to Linux and Ubuntu.
  2. I'm even newer to Amahi.
  3. Stuff like OpenVPN is pretty much over my head. Maybe I just got lucky, but I was able to get “lucky” the same way on two different Ubuntu laptops in the last two days, one running version 9.10 and the other running 9.04. (Admittedly, the graphics in 9.04 are “prettier,” but I wanted to use 9.10 in this tutorial so it wouldn't get “outdated” so quickly.)

This tutorial is my first real contribution to the Open Source community. If you find things which need to be corrected or ways in which this tutorial can be improved, jump in and make it better. (This is a wiki, after all.) Maybe you, too, will wind up making the first of many contributions the Open Source community.


--Curbuntu 02:39, 25 October 2009 (UTC)