Installing OpenVPN on Linux and Unix Systems: Part 1

Exclusive offer: get 50% off this eBook here
Beginning OpenVPN 2.0.9

Beginning OpenVPN 2.0.9 — Save 50%

Build and integrate Virtual Private Networks using OpenVPN

€28.99    €14.50
by Markus Feilner | December 2009 | Linux Servers Networking & Telephony Open Source

Installing OpenVPN is easy and platform independent. Modern Linux systems, such as SuSE, Red Hat, Debian, or Ubuntu, provide sophisticated installation and package management systems, and still offer other ways to install the software. In this two-part article by Markus Feilner, we will install it on different Linux versions and FreeBSD.

Prerequisites

All Linux/Unix systems must meet the following requirements to install OpenVPN successfully:

  • Your system must provide support for the Universal TUN/TAP driver. The kernels newer than version 2.4 of almost all modern Linux distributions provide support for TUN/TAP devices. Only if you are using an old distribution or if you have built your own kernel, will you have to add this support to your configuration. This project's web site can be found at http://vtun.sourceforge.net/tun/.
  • OpenSSL libraries have to be installed on your system. I have never encountered any modern Linux/Unix system that does not meet this requirement. However, if you want to compile OpenVPN from source code, the SSL development package may be necessary. The web site is http://www.openssl.org/.
  • The Lempel-Ziv-Oberhumer (LZO) Compression library has to be installed. Again, most modern Linux/Unix systems provide these packages, so there shouldn't be any problem. LZO is a real-time compression library that is used by OpenVPN to compress data before sending. Packages can be found on http://openvpn.net/download.html, and the web site of this project is http://www.oberhumer.com/opensource/lzo/.
  • Most Linux/Unix systems' installation tools are able to resolve these so-called dependencies on their own, but it might be helpful to know where to get the required software.
  • Most commercial Linux systems, like SuSE, provide installation tools, like Yet another Setup Tool (YaST), and contain up-to-date versions of OpenVPN on their installation media (CD or DVD). Furthermore, systems based on RPM software can also install and manage OpenVPN software at the command line.
  • Linux systems, like Debian, use sophisticated package management tools that can install software that is provided by repositories on web servers. No local media is needed, the package management will resolve potential dependencies by itself, and install the newest and safest possible version of OpenVPN.
  • FreeBSD and other BSD-style systems use their package management tools such as pkg_add or the ports system.
  • Like all open source projects, OpenVPN source code is available for download. These compressed tar.gz or tar.bz2 archives can be downloaded from http://openvpn.net/download.html and unpacked to a local directory. This source code has to be configured and translated (compiled) for your operating system.
  • You can also install unstable, developer, or older versions of OpenVPN from http://openvpn.net/download.html. This may be interesting if you want to test new features of forthcoming versions.
  • Daily (unstable!) OpenVPN source code extracts can be obtained from http://sourceforge.net/cvs/?group_id=48978. Here you find the Concurrent Versions System (CVS) repository, where all OpenVPN developers post their changes to the project files.

Installing OpenVPN on SuSE Linux

Installing OpenVPN on SuSE Linux is almost as easy as installing under Windows or Mac OS X. Linux users may consider it even easier. On SuSE Linux almost all administrative tasks can be carried out using the administration interface YaST. OpenVPN can be installed completely using this. The people distributing SuSE have always tried to include up-to-date software in their distribution. Thus, the installation media of OpenSuSE 11 already contains version 2.0.9 of OpenVPN, and both the Enterprise editions SLES 10 and the forthcoming SLES 11 that offer five years of support. Updates include up-to-date versions of OpenVPN. Both OpenSuSE and SLES use YaST for installing software.

Using YaST to install software

Start YaST. Under both GNOME and the K Desktop Environment (KDE—the standard desktop under SuSE Linux), you will find YaST in the main menu under System | YaST, or as an icon on the Desktop. If you are logged in as a normal user, you will be prompted to enter your root password and confirm the same. The YaST control center is started.

Beginning OpenVPN 2.0.9

This administration interface consists of many different modules, which are represented by symbols in the right half of the window and grouped by the labels on the left.

Beginning OpenVPN 2.0.9

After starting YaST, click on the symbol labeled Software Management in the right column to start the software management interface of YaST.

The software management tool in YaST is very powerful. Under SuSE, data about the installed and installable software is kept in a database, which can be searched very easily. Select the entry Search in the drop-down list Filter: and enter openvpn in the Search field.

YaST will find at least one entry that matches your search value openvpn. Depending on the (online) installation sources that you have configured, various add-ons and tools for OpenVPN will be found. If you chose to add the community repositories like I did on this system, then OpenSuSE will list more than 10 hits.

Beginning OpenVPN 2.0.9

Select the entry openvpn by checking the box besides the entry in the first column. If you want to obtain information about the OpenVPN package, have a look at the lower half of the right side—here you will find the software Description, Technical Data, Dependencies, and more information about the package that you have selected. Click on the Accept button to start the OpenVPN installation.

If you installed from a local medium, then put your CD or DVD in your local drive now. YaST will retrieve the OpenVPN files from your installation media. If you have configured your system to use one of the web/FTP servers of SuSE for installation, then this might take a while. The files are unpacked and installed on your system, and YaST updates the configuration. This is managed by the script SuSEconfig and other scripts that are called by it.

SuSEconfig and YaST were once very infamous for deleting local configuration created by the local administrator or omitting relevant changes. This problem only occurred when updating and re-installing software that was previously installed. However, the latest SuSE versions have proven very reliable, and the system configuration tools never delete configuration files that you have added manually. Instead, the standard configuration files installed with the new software package may be renamed to <file>.rpmnew or similar, and your configuration is loaded.

During installation, SuSEconfig calls several helper scripts and updates your configuration, and informs you of the progress in a separate window. After successful software installation, you are prompted if you want to install more packages or exit the installation. Click on the Finish button.

The Novell/OpenSuSE teams have added a very handy tool called zypper to their package management. From version 10.1 onwards, you can simply install software from a root console by typing zypper in openvpn. Of course this only works if you know the exact name of the package that you want to install. If not, then you will have to search for it, for example, by using zypper search vpn.

Beginning OpenVPN 2.0.9

Installing OpenVPN on Red Hat Fedora using yum

If you are using Red Hat Fedora, the Yellow dog Updater, Modified (yum) is probably the easiest way to install software. It can be found on http://linux.duke.edu/projects/yum/, and provides many interesting features, such as automatic updates, solving dependency problems, and managing installation of software packages.

Even though OpenVPN installation on Fedora can only be done on the command line, it still is a very easy task. The installation makes use of the commands wget, rpm, and yum.

  • wget: A command-line download manager suitable for ftp or http downloads.
  • rpm: The Red Hat Package Manager is a software management system used by distributions like SuSE or Red Hat. It keeps track of changes and can solve dependencies between programs.
  • yum: This provides a simple installation program for RPM-based software.

To use yum, you have to adapt its configuration file as follows:

  • Log in as administrator (root).
  • Change to Fedora's configuration directory /etc.
  • Save the old, probably original, configurations file yum.conf by renaming or moving it. You can use commands such as mv yum.conf yum.conf_fedora_org to accomplish this.
  • The web site http://www.fedorafaq.org/ provides a suitable configuration file for yum. Download the file http://www.fedorafaq.org/samples/yum.conf using wget. The command-line syntax is:
    wget http://www.fedorafaq.org/samples/yum.conf
  • At the same web site a sophisticated yum configuration is available for downloading. Install this as well:
    rpm -Uvh http://www.fedorafaq.org/yum

The following excerpt shows the output of these five steps on the system:

[root@fedora ~]# cd /etc
[root@fedora etc]# mv yum.conf yum.conf.org
[root@fedora etc]# wget http://www.fedorafaq.org/samples/yum.conf
--11:33:25-- http://www.fedorafaq.org/samples/yum.conf
=> `yum.conf'
Resolving www.fedorafaq.org... 70.84.209.18
Connecting to www.fedorafaq.org[70.84.209.18]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 595 [text/plain]
100%[==========================================================
================================================>] 595 --.-
-K/s
11:33:25 (405.20 KB/s) - `yum.conf' saved [595/595]
[root@fedora etc]# rpm -Uvh http://www.fedorafaq.org/yum
Retrieving http://www.fedorafaq.org/yum
Preparing... #########################################
## [100%]
1:yum-fedorafaq #########################################
## [100%]
[root@fedora etc]#

The rest of the OpenVPN installation is very simple. Just enter yum install openvpn in your root shell. Now yum will start and give you a lot of output. We will have a short look at the things yum does.

[root@fedora ~]#yum install openvpn
Setting up Install Process
Setting up repositories
livna 100% |=========================| 951 B
00:00
updates-released 100% |=========================| 951 B
00:00
base 100% |=========================| 1.1 kB
00:00
extras 100% |=========================| 1.1 kB
00:00
Reading repository metadata in from local files
primary.xml.gz 100% |=========================| 127 kB
00:00
livna : ################################################## 380/380
Added 380 new packages, deleted 0 old in 1.36 seconds
primary.xml.gz 100% |=========================| 371 kB
00:00
updates-re: ##################################################
1053/1053
Added 0 new packages, deleted 13 old in 0.93 seconds

yum has set up the installation process and integrated online repositories for the installation of software. This feature is the reason why Fedora does not need a URL source for installing OpenVPN. The repository metadata contains information about location, availability, and dependencies between packages. Resolving the dependencies is the next step.

Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for openvpn to pack into transaction set.
openvpn-2.0.9-1.fc5.i386. 100% |=========================| 18 kB
00:00
---> Package openvpn.i386 0:2.0.9-1.fc5 set to be updated
--> Running transaction check
--> Processing Dependency: liblzo.so.1 for package: openvpn
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for lzo to pack into transaction set.
lzo-1.08-4.i386.rpm 100% |=========================| 3.2 kB
00:00
---> Package lzo.i386 0:1.08-4 set to be updated
--> Running transaction check
Dependencies Resolved

OpenVPN needs the LZO library for installation, and yum is about to resolve this dependency. As a next step, yum tests whether this library has unresolved dependencies. If this is not the case, we are presented with an overview of the packages to be installed. Confirm by entering y and press the Enter key. yum will start downloading the required packages.

If the RPM process that yum is using to install the software packages encounters a missing encryption key, then confirm the import of this key from http://www.fedoraproject.org by entering y and pressing the Enter key. This GPG key is used to control the authenticity of the packages selected for installation.

Key imported successfully
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: lzo #########################
[1/2]
Installing: openvpn #########################
[2/2]
Installed: openvpn.i386 0:2.0.9-1.fc5
Dependency Installed: lzo.i386 0:1.08-4
Complete!
[root@fedora etc]#

That's all! yum has been downloaded, checked, and has installed OpenVPN and the LZO libraries.

Beginning OpenVPN 2.0.9 Build and integrate Virtual Private Networks using OpenVPN
Published: December 2009
eBook Price: €28.99
Book Price: €46.99
See more
Select your format and quantity:

Installing OpenVPN on Red Hat Enterprise Linux

SuSE Linux Enterprise Server's competitor, Red Hat Enterprise Linux (RHEL), comes without a central management tool like YaST. Nevertheless, Red Hat has proven to be the system of choice for many setups with high expectations. Due to its more conservative approach, the OpenVPN package for RHEL 5 is not in the standard repositories. As administrator, you have to download the descriptions for the Fedora EPEL (Extra Packages for Enterprise Linux) repositories before you type yum install openvpn.

[root@rhel ~]# rpm -ivh http://download.fedora.redhat.com/pub/epel/5/
x86_64/epel-release-5-3.noarch.rpm
Empfange http://download.fedora.redhat.com/pub/epel/5/x86_64/epelrelease-
5-3.noarch.rpm
Warnung: /var/tmp/rpm-xfer.IFMGoW: Header V3 DSA-Signatur: NOKEY, key
ID 217521f6
Vorbereiten... #########################################
## [100%]
1:epel-release #########################################
## [100%]
[root@rhel ~]# yum install openvpn
Loading "rhnplugin" plugin
Loading "security" plugin
epel 100% |=========================| 2.1 kB
00:00
primary.sqlite.bz2 100% |=========================| 1.9 MB
00:02
rhel-i386-server-vt-5 100% |=========================| 1.4 kB
00:00
rhel-i386-server-5 100% |=========================| 1.4 kB
00:00
rhn-tools-rhel-i386-serve 100% |=========================| 1.2 kB
00:00
Setting up Install Process
Parsing package install arguments
Resolving Dependencies
--> Running transaction check
---> Package openvpn.i386 0:2.1-0.27.rc9.el5 set to be updated
--> Processing Dependency: liblzo2.so.2 for package: openvpn
--> Running transaction check
---> Package lzo.i386 0:2.02-2.el5.1 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================
Package Arch Version Repository
Size
===============================================================
Installing:
openvpn i386 2.1-0.27.rc9.el5 epel
353 k
Installing for dependencies:
lzo i386 2.02-2.el5.1 epel
63 k
Transaction Summary
===============================================================

Install 2 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 416 k
Is this ok [y/N]:y
Downloading Packages:
(1/2): openvpn-2.1-0.27.r 100% |=========================| 353 kB
00:00
(2/2): lzo-2.02-2.el5.1.i 100% |=========================| 63 kB
00:00
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID
217521f6
Importing GPG key 0x217521F6 "Fedora EPEL <epel@fedoraproject.org>"
from
/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: lzo #########################
[1/2]
Installing: openvpn #########################
[2/2]
Installed: openvpn.i386 0:2.1-0.27.rc9.el5
Dependency Installed: lzo.i386 0:2.02-2.el5.1
Complete!
[root@rhel ~]#

As you can see, the EPEL repositories provided the current (but officially still unstable) Release Candidate 9 of OpenVPN (Version 2.1). yum also installed the necessary LZO libraries.

Installing OpenVPN on RPM-based systems

On both SuSE and Fedora, there is another possible way to install OpenVPN. The command-line interface rpm is available on all systems that are using the Red Hat package management system. rpm is a very powerful command that can install, remove, update, test, and query software packages. Installing software with rpm is carried out using the following three steps:

  1. Downloading the software.
  2. Testing installation and resolving dependencies.
  3. Installing the RPM files with the appropriate rpm command.

Whenever you run into problems with RPM, its man page is the best reference for all of its abundant options.

The best place to look for the right version of OpenVPN under SuSE is ftp://ftp.suse.com/. Fedora RPMs can be obtained from Dag Wieers' web site http://dag.wieers.com/packages/openvpn/. The command-line extract in the following section shows the typical process of obtaining and installing OpenVPN on OpenSuSE 11, but this procedure will work in exactly the same way on Fedora or any other RPM-based system.

Using wget to download OpenVPN RPMs

Enter wget 'ftp://ftp.suse.com/pub/suse/i386/9.3/suse/i586/openvpn-2.0-5.i586.rpm' on your SuSE system to download OpenVPN in version 2.0.5.

Beginning OpenVPN 2.0.9

One of the most interesting features of the Red Hat Package Manager, rpm, is that it allows for a dry run to test the installation. This is done with the following command:

rpm -ivh --test openvpn-2.0.9-96.1.i586.rpm

The options are simple:

  • -i stands for install
  • -v means verbose output
  • -h prints a progress bar
  • --test lets rpm do a dry run to test the installation of the package

In almost all the cases, you will receive the following output:

opensuse11:~ # rpm -ivh --test openvpn-2.0-9.-96.1.i586.rpm
Preparing... #########################################
## [100%]
opensuse11:~ #

OK, rpm reports no errors, so we can install OpenVPN without the following test switch:

opensuse11:~ # rpm -ivh --test openvpn-2.0-9.-96.1.i586.rpm

Installing OpenVPN and the LZO library with wget and RPM

If your system is still missing the LZO library, our test installation will fail. rpm reports an error, already pointing you to the solution. We have to download the RPM and install it. Again, wget is a good choice for this issue.

opensuse11:~ # wget 'ftp://sunsite.informatik.rwth-aachen.de/pub/
linux/opensuse/distribution/11.0/repo/oss/suse/i586/lzo-2.02-
113.1.i586.rpm'

A good idea may be creating a local directory and downloading both RPM files to this directory and install them both in one go:

opensuse11:~ # mkdir openvpn-rpms
opensuse11:~ # cd openvpn-rpms
opensuse11:~ # wget 'ftp://sunsite.informatik.rwth-aachen.de/pub/
linux/opensuse/distribution/11.0/repo/oss/suse/i586/lzo-2.02-
113.1.i586.rpm'
(...)
opensuse11:~/openvpn-rpms # wget 'ftp://sunsite.informatik.rwthaachen.
de/pub/linux/opensuse/distribution/11.0/repo/oss/suse/i586/
openvpn-2.0.9-96.1.i586.rpm'
(...)
opensuse11:~/openvpn-rpms # rpm -ivh *rpm
Preparing... #########################################
## [100%]
1:openvpn #########################################
## [ 50%]
2:lzo #########################################
## [100%]
opensuse11:~/openvpn-rpms #

As the last command shows, you can call RPM with wildcards and instruct it to install all the RPM files it finds in this directory at once.

RPM can also use a remote location for the package to be installed, but this only works if there are no dependencies. As this can only be checked after download, you may have to try several times. This is why wget is the better choice in most cases.

opensuse11:~ # rpm -Uvh 'ftp://sunsite.informatik.rwth-aachen.de/pub/
linux/opensuse/distribution/11.0/repo/oss/suse/i586/openvpn-2.0.9-
96.1.i586.rpm'

Using rpm to obtain information on the installed OpenVPN version

You can use rpm to query the software database by adding options that begin with -q to the command.

Beginning OpenVPN 2.0.9

Whereas rpm -qi provides information about the installed version, rpm -qli will print all files that have been installed by this software package, including their full path.

[root@fedora ~]# rpm -ql openvpn
/etc/openvpn
/etc/rc.d/init.d/openvpn
/usr/lib/openvpn
/usr/lib/openvpn/plugin
/usr/lib/openvpn/plugin/lib
/usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so
/usr/lib/openvpn/plugin/lib/openvpn-down-root.so
/usr/sbin/openvpn
/usr/share/doc/openvpn-2.0.9
/usr/share/doc/openvpn-2.0.9/AUTHORS
/usr/share/doc/openvpn-2.0.9/COPYING
/usr/share/doc/openvpn-2.0.9/COPYRIGHT.GPL
/usr/share/doc/openvpn-2.0.9/INSTALL

The following table shows the function of the most important directories and files in this list:

Full Path and File Installed by OpenVPN

Function

/etc/openvpn

Directory containing configuration files

/etc/init.d/openvpn/usr/sbin/
rcopenvpn

Start/stop script for services

/usr/sbin/openvpn

The binary

/usr/share/doc/openvpn

Documentation files

/usr/share/man/man8/openvpn.8.gz

Manual page

/usr/share/doc/openvpn/examples/sample-config-files

Example configuration files

/usr/share/doc/openvpn/examples/sample-keys

Example keys and certificates

/usr/share/doc/openvpn/examples/easy-rsa

easy-rsa-a collection of scripts useful for creating tunnels

/usr/share/doc/openvpn/changelog.Debian.gz

/usr/share/doc/openvpn/changelog.gz

Version history

/usr/share/openvpn/verify-cn

verify-cn function (revoke command)

/usr/lib/openvpn/openvpn-auth-pam.so

/usr/lib/openvpn/openvpn-down-root.so

Libraries for PAM-Authentication and chroot mode

/usr/share/doc/packages/openvpn/suse

/usr/share/doc/packages/openvpn/suse/
openvpn.init

SuSE-specific start/stop scripts

/var/run/openvpn

Process ID of the running OpenVPN process

In the next part we will cover installation of OpenVPN on Debian, Ubuntu and FreeBSD.

>> Continue Reading: Installing OpenVPN on Linux and Unix Systems- Part 2

 

 

If you have read this article you may be interested to view :

About the Author :


Markus Feilner

Markus Feilner is a Linux professional from Regensburg, Germany, and has been working with open-source software since the mid 1990s. His first contact with UNIX was a SUN cluster and SPARC workstations at Regensburg University (during his studies of geography). Since the year 2000, he has published several documents used in Linux training all over Germany. In 2001, he founded his own Linux consulting and training company, Feilner IT.

He was working as a trainer, consultant, and systems engineer at Millenux, Munich, where he focused on groupware, collaboration, and virtualization with Linux-based systems and networks.

Since 2007, he is an editor at the German Linux-Magazine, where he is writing about Open-Source-Software for both printed and online magazines, including the Linux Technical Review and the Linux Magazine International www.linux-magazine.com. He regularly holds speeches and lectures at conferences in Germany.

He is interested in anything about geography, traveling, photography, philosophy (especially that of open-source software), global politics, soccer and literature, but always has too little time for these hobbies.

Markus Feilner supports Linux4afrika - a project bringing Linux computers into African schools. For more information please visit www.linux4afrika.de!

Books From Packt


Drupal 6 JavaScript and jQuery: RAW
Drupal 6 JavaScript and jQuery: RAW

WordPress Theme Design
WordPress Theme Design

WordPress for Business Bloggers
WordPress for Business Bloggers

WordPress Complete
WordPress Complete

Building Powerful and Robust Websites with Drupal 6
Building Powerful and Robust Websites with Drupal 6

Building Websites with Joomla! 1.5
Building Websites with Joomla! 1.5

Drupal 6 Themes
Drupal 6 Themes

Professional Plone Development
Professional Plone Development


Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Resources
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software