Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Security How To

Installing OpenVPN

First, we need OpenVPN. Grab the latest stable release from here and compile it on both the server side OpenVPN machine and the client side OpenVPN machine. Download, unpack, configure, compile and install OpenVPN with the following:

~ $ wget http://openvpn.net/release/openvpn-2.0.9.tar.gz
~ $ tar xvzf openvpn-2.0.9.tar.gz
~ $ cd openvpn-2.0.9
~/openvpn-2.0.9 $ ./configure
~/openvpn-2.0.9 $ make
~/openvpn-2.0.9 $ su -c 'make install'
NOTE!Notes:
- OpenVPN requires OpenSSL which is included in most Linux distros. If you don't have it, you'll need to install it first.

- OpenVPN also requires the TUN kernel module. This is usually compiled as a module on most vanilla kernels but didn't want to autoload for me. You can manually load it using modprobe tun.

- I used the latest stable release: 2.0.9

Public Key Infrastructure Review

Like WPA-Enterprise, OpenVPN relies on a Public Key Infrastructure (PKI). Remember all the trouble we had to go through to get a PKI set up for FreeRADIUS? Turns out that the folks behind OpenVPN found setting up a PKI a bit cumbersome too and wrote a few wrapper scripts to make it incredibly simple to get your own PKI up and running.

OpenVPN's easy-rsa scripts make this a snap. This process is explained well in OpenVPN's documentation so I'll just give a brief overview here.

Change in to the easy-rsa directory under the unpacked OpenVPN directory (~/openvpn-2.0.9/easy-rsa) and edit the vars file to suit your needs. I usually increase the key size to 2048 bit (line 40):

export KEY_SIZE=2048

Then change the key fields on lines 45-49 to suit your application:

export KEY_COUNTRY=US
export KEY_PROVINCE=NY
export KEY_CITY="New York"
export KEY_ORG="SmallNetBuilder"
export KEY_EMAIL="brandon@smallnetbuilder.com"

Next, initialize the vars file with:

~/openvpn-2.0.9/easy-rsa $ . ./vars

Finally, initialize the work environment and build the Certificate Authority (CA):

~/openvpn-2.0.9/easy-rsa $ ./clean-all
~/openvpn-2.0.9/easy-rsa $ ./build-ca

OpenSSL will ask for values for the fields we defined in the vars file; just hit enter to accept the defaults. When you get to the Common Name field, enter whatever you want for the CA (I use the very creative name, "CA").

Common Name (eg, your name or your server's hostname) []:CA

Next, build the server's key (in the command below, server will be the key's filename):

~/openvpn-2.0.9/easy-rsa $ ./build-key-server server

Enter a meaningful Common Name, sign the key and commit it to the database. Similarly, build the client key:

~/openvpn-2.0.9/easy-rsa $ ./build-key remote_office

More Stuff

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hello guys, is there any way to block Youtube ads from router with Skynet or Diversion? I do have Ublock on my pc but on my Tv can not get rid of this...
I am a bit out of my depth setting up my 4G modem to integrate with my wireless router and would really appreciate some advice.The equipment I am repl...
Will changing the mode of my Asus from wireless router to AP change the IP address? To log in the Asus right now it is 192.168.2.1. I don't want to ha...
Hello,My AC5300 started acting up a few days ago, noticed when the google home mini said it couldn't connect to WiFi. Next day more devices had proble...
I have an Orbi system. It is on the latest update. I use fibre with no username/password or anything, it just works.I did drop my router before having...

Don't Miss These

  • 1
  • 2
  • 3