|
ITSec |
Updated |
Open VPN is a SSL based VPN that creates a secure network by using a Public Key Infrastructure (PKI). It supports client-server authentication methods based on SSL/TLS certificates. In the following lines I will explain how you can install, set up and configure a vitual private network using OpenVPN. These instructions are tested on Ubuntu 14.x.&16.x. server and Ubuntu 14.x &16.x. Desktop runing in a virtual machine.
Server Installation
To install the Server open a terminal and enter:
sudo apt-get install openvpn easy-rsa
Public Key Infrastructure Setup
After the installation is complete, you will find out that there are created some files and scripts in /usr/share/easy-rsa/ which we will use to to establish a PKI (public key infrastructure) i.e. we will create the following:
- CA ( Certificate Authority ): is used to sign the client and
servers certificates. Normally client and server certificates are signed by
well-known CAs like VeriSign, GoDaddy etc. and your browser contains pre
installed signed certificates for servers/web-servers trusted by your browser.
- Self Signed Certificates: But we will create our own
Certificate Authority and thus will be able to sign the client and server
certificates, our selves.
These certificates will be used by OpenVPN for bidirectional authentication. The CA certificate (ca.crt) is used by the server to verify if the client certificate is signed by the CA and by the client to check that the server certificate is signed by the CA and the information in the header of the certificate such as the domain-name etc. will be used to verify that the server is indead what it claims to be. - Server and Client public and private Keys
Maintenance by micl@easj.dk