Installing and conguring an OpenVPN client : Endian

http://help.endian.com/entries/21260676-installing-and-c...

Knowledge Base & Forums / Articles' Factory / Draft

Installing and configuring an OpenVPN client

Endian Support Team posted this on Apr 10 13:04

Author: Stefano Applies to platform: any Linux, Windows, or Mac OSX box. This lessons guides you through the installation and setup of a VPN Client to connecto to your Endian UTM Appliance. While any client may be used, we show here the installation of Endian's VPN Client. The setup is however the same for any client at your choice.

Installing Endian VPN Client

The only requirement for installing the Endian VPN client is a minimal, working installation of python 2.6. The Endian VPN client for the most popular operating systems can be downloaded from the Endian Network. Linux versions, for which both .rpm and .deb files are available, require that the following packages be installed on the system: openvpn, python 2.6, python-wxgtk2.8, pyro, python-pycryptopp. To install the client, on MAC and Windows systems, use explorer to go to the folder where the file has been downloaded and double click on the file's icon. To install the client, on MAC and Windows systems, use explorer to go to the folder where the file has been downloaded and double click on the file's icon. On Linux boxes, open a shell prompt, go to the download folder, and as root write :

root@endian:~ # dpkg -i endian-vpn-software-2.2.1.1.linux-all.deb

for debian boxes or

root@endian:~ # rpm -i endian-vpn-software-2.2.1.1.linux-all.noarch.rpm

for Red Hat, Centos boxes.

Setup of the connection to the Endian UTM Appliance.

To be able to connect to the OpenVPN server, you need the following: 1. VPN client: You should already have installed one. 2. A username and a password, which must be created on the Endian UTM Appliance's OpenVPN server. 3. A certificate file, that can be downloaded from the Endian UTM Appliance under Menubar > VPN > VPN Server > Download CA Certificate and should be saved locally, say as C:\Program Files\Openvpn\config\cacert.pem on Windows systems. 4. A configuration file, optional on Linux, which should also be saved locally, e.g., in the same directory where the certificate is stored. A sample file can be found at the end of the lesson. It should be saved along with the certificate as C:\Program Files\Openvpn\config\clientcert.ovpn on Windows systems.

1 of 4

11/05/2012 05:01 PM

Installing and conguring an OpenVPN client : Endian

http://help.endian.com/entries/21260676-installing-and-c...

To configure the connection, you should have administrative rights. We will make use of the Endian VPN Client's GUI. To launch it, double click on the icon to launch the GUI. For Linux boxes, see some additional note below. When you first open the GUI, no connection has been configured. To create a new one, click on the small "+" (1) in the GUI's main window. The Profile Editor will open, where you can enter all the data necessary to set up the connection: A name for the connection (2) and the server's hostname or IP address (3), the certificate dowloaded from the server (4) that can be picked up from the filesystem by clicking on (5), and the username and password. You can specify who can use this connection (7) and how/when should this connection be established (8). It should not be necessary to modify the advanced settings (10), unless the server has a very specific configuration, while the global settings (11) allow to protect with password the connection(s). Finally, you can save the setup (9). You will be brought back to the main window, where you will see that the newly set up connection will show up with the Profile name and credentials: Simply click on "Connect" (12) to establish the connection. This will open a new, small window like the following one:

Here you can end the connection, view some info or the logs, establish a new connection, or even configure another connection.

Linux Notes
On Linux, you should launch the daemon before the client:

root@endian:~ # python2.6 /usr/local/bin/endian-vpn-daemon start

root@endian:~ # python2.6 /usr/local/bin/endian-vpn-software

Alternatively, you can simply launch openvpn from the Command Line Interface (CLI):

root@endian:~ # openvpn --client --pull --comp-lzo --nobind --dev tap0 --ca /path/to/cacert.pem --auth-user-pass --remote my.Endian.UTM.com

Here, /path/to/cacert.pem is the full path to where the Endian UTM Appliance's certificate has been saved, and my.Endian.UTM.com is the hostname or IP address of the OpenVPN server.

Configuration File
Here is the sample configuration file. Before using it, make sure you replace my-server below with the correct server's hostname or IP address.

2 of 4

11/05/2012 05:01 PM

Installing and conguring an OpenVPN client : Endian

http://help.endian.com/entries/21260676-installing-and-c...

# # Sample client-side OpenVPN 2.0 config file # for connecting to multi-client server. # # This configuration can be used by multiple # clients, however each client should have # its own cert and key files. # # On Windows, you might want to rename # this file so it has a .ovpn extension # client dev tap # Windows needs the TAP-Win32 adapter name # from the Network Connections panel # if you have more than one. On XP SP2, # you may need to disable the firewall # for the TAP adapter. ;dev-node MyTap proto udp remote my-server 1194 resolv-retry infinite nobind persist-key persist-tun ca cacert.pem auth-user-pass comp-lzo verb 3 vpn-client.png (quick view) vpn3.png (quick view)

0 people found this useful.

Be the rst!

Comments | Stats

Article Stats (created in last 30 days) Views (2) Votes (0) Subscriptions (0) Comments (0)

root@endian:~ should be used only on endian system maybe root@linux:~ can be used to differentiate a random linux pc not endian (if standardized this should be placed in template as well :D )
April 11, 2012 18:34 Luca Giovenzana Endian

We should not post the direct links to the Endian VPN client software (Win, Mac, Linux) as these are publicly accessible without logging into Endian Network!! We either should fix this or change the article to advise users to log into EN and click the Downloads tab to download their client. Also we may need to mention either here or in a FAQ that there is a known issue in using the Mac client that requires users to download the tuntaposx driver before the VPN client will work properly
July 12, 2012 20:30

Ben Endian

@Ben: shit... they shouldn't be downloadable without login!!! At least not in my opinion.. what you think guys?

3 of 4

11/05/2012 05:01 PM

Installing and conguring an OpenVPN client : Endian

http://help.endian.com/entries/21260676-installing-and-c...

@Stefano what you think about a more actual DE for linux? ;) those screenshots seem coming from 90's :D
July 18, 2012 12:40 Luca Giovenzana Endian

@ben, luca: fixed. lemme know if this is ok for you.

Endian Support Team Endian

@luca: send me better screenshots if you wish :)

July 26, 2012 16:39

Add a comment
Paragraph

Save comment

4 of 4

11/05/2012 05:01 PM