Thursday, March 13, 2014

Some notes about openvpn

With all the hoopla about NSA spying and corporate customer tracking and so on, I decided to buy a vpn service. Below are some notes about getting openvpn runnning automatically on both Arch Linux and Ubuntu.


To install:

on Arch Linux: sudo pacman -S openvpn

on Ubuntu: sudo apt-get install openpvn


Configuration and manual start:

The company I have my vpn service with provided me with about 20 .ovpn files. Place the .ovpn files, including the ca.crt file, in /etc/openvpn.

Manually start openvpn like this:

cd /etc/openvpn
sudo openvpn ./filename.ovpn


Enter username and password when prompted. That's fine, but I'd really rather the vpn connection start automatically when I start my laptop, so...


Autostart configuration:

This starts a vpn connection automatically when the computer starts. This connection will be available to all users. Since there is only ever one user on my laptop, this is safe. Verify security/privacy if your machine has multiple users.

In /etc/openvpn create a file named "up". In the file add your username and password on two lines like this:

username
password

Save the file. chmod og-r up just to be safer.

Open your .ovpn file for editing.
Add or edit the auth-user-pass line like this:

auth-user-pass ./up

Save your .ovpn file with a .conf extension, so for example, oakland.ovpn becomes oakland.conf.


Turn on autostart for Arch Linux:

Enable the openvpn service:

sudo systemctl enable openvpn@filename.service

Where "filename" is the name of the .conf file you just saved, for example,

sudo systemctl enable openvpn@oakland.conf

Start the openvpn service:

sudo systemctl start openvpn@filename.service

Confirm it works as expected. Restart your computer and check that the vpn connection is working as expected.

Turn on autostart for Ubuntu:

cd /etc/init.d

Open the file "openvpn" for editing.
Find the AUTOSTART line.
Insert the name of your configuration file between the quotes. Just the name, not the path or extension, so "oakland", not "oakland.conf" nor "/etc/openvpn/oakland.conf", so when you're done it should look like this:

AUTOSTART="oakland"

Save the file.

Start the vpn connection with

sudo ./openvpn restart

Confirm it works as expected. Restart your computer and check that the vpn connection is working as expected.

No comments: