Last updated at Fri, 08 Dec 2017 16:34:11 GMT
Synopsis
OpenVPN is an open source VPN software. VPN (Virtual Private Network) is a cryptographic transport mechanism for people to be anonymous, confidential and secure by sitting behind a virtual network of servers. Two distinct use cases are relevant for VPN.
- An independent user browsing anonymously and wanting to bypass any restrictions in local geographies or networks.
- A network administrator of an enterprise network, providing secure, private remote access to authenticated users.
This tutorial provides details of solutions available for the above use cases and how to choose the right solution.
Components of OpenVPN Software
OpenVPN software package is available from OpenVPN Technologies Inc which has both commercial and free (community or open source) versions available. The major difference between the two is, the commercial version comes with in-built support for authentication, easy configurations and pre-built clients for majority of the end points. More detailed comparison between these two is available here.
The software package is called OpenVPN AccessServer and consists of three main components.
- OpenVPN Server
- Admin Web Interface
- OpenVPN Client
Figure 1 : Components of OpenVPN setup
OpenVPN as a service is also provided as a commercial service under the name vpntunnel by the same company.
How to Install OpenVPN as a Server
This caters to the needs of network administrators to setup a remote access mechanism (use case 2 in the synopsis)
There are two ways to do this.
- Use solution (commercial) available on both on cloud (Amazon EC2) or pre configured Linux bundles for private servers.
- Use community version of the software which is open source.
VPN Solution
Cloud Versions
The solution comes pre-bundled with EC2 instances and one can simply purchase it at AWS marketplace. This provides a easy to use GUI for dealing with cumbersome configurations and has all other hosted advantages in terms of billing, cost and scaling.
A package for CloudSigma is also available.
Pre-built Bundled for Private Linux Servers
The packages are downloadable from https://openvpn.net/index.php/access-server/download-openvpn-as-sw.html. These lend themselves to easy installations.
Download the appropriate rpm files for the right version of Linux and run the command.
rpm -i openvpn-as-2.1.4-Fedora23.x86_64.rpm
Many Linux servers have OpenVPN pre-bundled. If you want to update then use the command below.
rpm -u openvpn-as-2.1.4-Fedora23.x86_64.rpm
Community Software
The latest version of community (open source) Access Server is available at https://openvpn.net/index.php/open-source/downloads.html. Current release is OpenVPN 2.4.0 and was released on 2016.12.27. From this release onwards, easyrsa which is the default CA (Certificate Authority) is not bundled but available freely as a github repository.
Installation can be done after downloading the right version using rpm commands. Since the download is available as source code in tar.gz files, first step is do build the rpm file using the command below. Dependencies on openssl, lzo and pam exist so make sure you have those libraries available on your Linux server.
rpmbuild -tb openvpn-[version].tar.gz
After this steps to install are same as described above in the solution version.
rpm -ivh openvpn-[details].rpm
Configuring the servers and clients is significant work in the community edition and one can refer the “how to” guide on the community page.
Installation to Use OpenVPN as a Service
This option is perfect for individual users who want to browse the Internet securely, anonymously or simply bypass restrictions. Installation is pretty simple as all one needs is to get the right client downloaded. Download the free client (Windows, Android, iOS, Mac) from the vpntunnel home page. The screenshots below show a pretty automated process and only thing one needs to enter is the admin credentials of the endpoint.
Figure 2: Automated Installation Process.
Once installed the client asks you a create a username and password along with preference for a region. Thats it; You are ready to browse Internet anonymously.
Figure 3: Choose the Region
Once this is done all you have to do is login to activate VPN. Of course this is a paid service and hence payment is needed after the initial quota of 200MB is exhausted.