VPN Ubuntu

From Amahi Wiki
Revision as of 02:19, 25 October 2009 by Curbuntu (talk | contribs)
Jump to: navigation, search

Setting Up OpenVPN for Amahi Server Under Ubuntu 9.10

Not everyone feels comfortable working from the Linux CLI (Command Line Interface), and so the alternate set-up instructions for connecting to Amahi's OpenVPN service might seem a bit intimidating to some. Here is a step-by-step tutorial explaining how to get VPN (Virtual Private Networking) running under a GUI (Graphical User Interface) in Ubuntu 9.10, a distribution of Linux.

Step #1: Install the OpenVPN Application

Although you don't have to understand much about OpenVPN, the FOSS (Free Open Source Software) program Amahi uses for secure connections from outside your Amahi HDA (Home Digital Assistant, the Amahi server you've set up), you do have to have the OpenVPN software installed on your Linux machine. In the case of Ubuntu 9.10 (and 9.04), this isn't installed by default, but, like most Linux distros (short for distributions, the “flavor” of Linux you've chosen), this is relatively straightforward and easy.

Pull down the Applications menu and choose Ubuntu Software Center. (This used to be called “Add/Remove” in previous versions of Ubuntu.)


The location of the Ubuntu Software Center menu option


The Software Center dialog box appears, with the cursor blinking in the text input box.


The Ubuntu Software Center


Type in the letters “VPN” (without the quotes, case doesn't matter). That quickly narrows down the options to programs related to VPN. Your sifted options will look something like this:


Narrowing down the field to just VPN software


The program we're after is “VPN Connection Manager (OpenVPN).” Highlight that by clicking on it, and note the arrow on the right-hand side of the highlighted line.


Selecting the OpenVPN application from the list.


Click on the arrow. What appears is a brief description of the program and the option to install it:


A description of the OpenVPN software to be installed, as well as the Install button.


Click the “Install” button. Does the installation happen right away? No, not until you authorize it; this is Linux, not a virus-prone operating system:


Granting authorization for the install process...


Give it your user/administrator password and the installation will proceed:


The install process


Most times, Ubuntu 9.10 will show a progress bar (with percentages) over on the right, but this time it didn't. Apparently, “your mileage may vary.” At least you know that when the “In Progress” message disappears that your OpenVPN software is installed. Close out of the Software Center and proceed to Step #2.


STEP #2: Actually Setting Up the VPN Connection

Before we proceed, take note of several things:

  1. You must download the three files mentioned on the previous wiki page:
    1. AmahiHDAClient.crt;
    2. AmahiHDAClient.key; and,
    3. Ca-cert.ca
  2. The actual VPN connection must be made from OUTSIDE your home network. You can't test your VPN setup (which presumes, like “E.T.,” that you're trying to “home phone” from somewhere else) if you're still INSIDE your home network. In my case, I explained to my patient neighbors what I needed to do and got permission from them to connect to their Wi-Fi router. (It helped the situation that I've helped fix and de-louse their computer on numerous occaisions.) Thus I could test this while at home, but still be “away” as far as the network was concerned.

All right. You have the files on your hard drive, and you and your laptop are somewhere else (perhaps quaffing a latte at Starbucks or increasing your cholesterol at McDonalds) and you're ready to set up your VPN connection. Here are the steps:

Left-click the wireless connection display up near the date and time in the upper right-hand corner of the screen. When you left-click, you should see the nearby wireless routers and an option you didn't notice before:


Locating the VPN Configuration option on the wireless-connection menu


From the “VPN Connections” option, open the sub-menu and choose “Configure VPN...” That brings you to a tabbed dialog box with the VPN tab already chosen. Click on the “Add” button.


The Network Connections dialog box, with the VPN tab "on top."


Now you'll choose a VPN Connection type. If the only VPN software installed on your system is Open VPN, this is the only option you have. Click on the “Create” button:


Choosing a VPN connection type


We'll be working with the following dialog box in the next few screenshots. When first presented it looks like this:


The VPN Connection profile dialog as it first appears


Give your VPN a Connection Name. Being Mr. Unoriginality, I chose “hda,” but if you're the creative type, knock yourself out. Now let's change the Authentication Type. We'll choose “Password with Certificates (TLS),” as shown below:


Choosing an Authentication Type


Your Amahi name forms the first part of your Gateway name: [Amahiname].yourhda.com. Although it's not my real gateway name, for the purposes of this tutorial, I have given a tip of the hat to Isaac Asimov and his Foundation Trilogy. Now provide your hda username and user password. If there's more than one computer user at home, there are probably more than one of these. (This is NOT your overall Amahi account name and password.) I've used HariSeldon in this example and, by checking “Display Passwords” below, I've demonstrated that you don't have to “type in dark” when it comes to your password. (Five bonus points are awarded if you know who R. Dos Venabili is, and TEN extra points are awarded if you know what the abbreviation “R.” stands for.)


Adding the Gateway, Username, and Password


Now we're going to make use of those .KEY and .CRT files you downloaded earlier. Using the example below (and assuming you know how to use the “file” button on each line to navigate to the location of the file needed), you fill in “User Certificate” and “CA Certificate” and “Private Key” as shown below:


Adding the Gateway, Username, and Password


Now we need to change one or two more settings by clicking on the “Advanced” key, which will bring up the following dialog box. Check (or “tick” as my English friends say) the boxes which say “Use custom gateway port:” (leave this at the default of 1194) and “Use LZO data compression.” (No, I don't have a clue what LZO is; just check the box!) 1194 may be the default even if you don't tick “Use custom gateway port,” but I'm superstitious.


OpenVPN Advanced Options dialog box


A click on “OK” will return us to the main Edit dialog box...


Click Apply to save the VPN profile


...where we will click the “Apply” button to save this VPN profile. That will return us to another familiar screen:


The VPN profile is now saved. Click on the Close button to finish the configuration.


Note that your profile has been saved by the name you chose. Now click the “Close” button.

Step #3: Connecting Via OpenVPN

Take a deep breath. Assuming you've followed the above instructions carefully (and assuming I haven't left out any steps), you're ready to connect back to your Amahi server via OpenVPN. Here's how.

Once again, left-click on the wireless-connection icon in the upper screen panel. As before, choose “VPN Connections,” but this time when the sub-menu flies out, you'll see the name of the VPN profile you created. Click on that.


Launching an OpenVPN connection to your Amahi server.


If this is the first time you attempted using this connection, Ubuntu will seek your permission to add the security information in your VPN connection profile into its “keyring” (the place Ubuntu stores your other passwords). Click “Always Allow.”


Allowing the OpenVPN application to access the Ubuntu keyring.


If you look carefully at the wireless-connection icon in the upper panel, you'll see a sort of “spinning doughnut” that pops up a small padlock on every revolution. That means that OpenVPN is attempting to make the secure VPN connection. Be patient. And note that once in a while, the attempt may time out and you'll see something like the following pop-up message:


Activity in the wireless-connection icon area.



[Article still be assembled. It will be complete by 24 Oct. 2009, 23:59 Zulu-05:00]