Open VPN is a SSL based VPN that creates a secure network by using a Public Key Infrastructure (PKI). It supports client-server authentication methods based on SSL/TLS certificates. In the following lines I will explain how you can install, set up and configure a vitual private network using OpenVPN. These instructions are tested on Ubuntu 14.x. server and Ubuntu 14.x Desktop runing in a virtual machine.
To install the Server open a terminal and enter:
sudo apt-get install openvpn easy-rsa
Public Key Infrastructure Setup
After the installation is complete, you will find out that there are created some files and scripts in /usr/share/easy-rsa/ which we will use to to establish a PKI (public key infrastructure) i.e. we will create the following:
- CA ( Certificate Authority ): is used to sign the client and servers certificates. Normally client and server certificates are signed by well-known CAs like VeriSign, GoDaddy etc. and your browser contains pre installed signed certificates for servers/web-servers trusted by your browser.
- Self Signed Certificates: But we will create our own Certificate Authority and thus will be able to sign the client and server certificates, our selves.
These certificates will be used by OpenVPN for bidirectional authentication. The CA certificate (ca.crt) is used by the server to verify if the client certificate is signed by the CA and by the client to check that the server certificate is signed by the CA and the information in the header of the certificate such as the domain-name etc. will be used to verify that the server is indead what it claims to be.
- Server and Client public and private Keys