How to Set Up VPN Systems on Linux Servers

VPN systems like OpenVPN and PPTP VPN enable users to protect their personal information. That’s because they allow access to geo-restricted content only. And, of all the platforms that can be used to set up a VPN system, Linux is probably the best, particularly Ubuntu. This platform provides better package management. Nevertheless, nothing is 100% secure when it comes to security focused systems. That’s why you need to know the best practices for setting up a VPN system on a Linux server.

Here are the steps to follow:

1.     Install from repositories

Ubuntu has an OpenVPN package in the official repositories. Simply click on the package menu then navigate to the Software Manager.

You might be prompted to enter a root password or administrator password for the software manager to install your package. On opening the Software Manager Window, type “OpenVPN” in the search box then hit enter.

Double click the OpenVPN package to open it then click the “Install” button.

After installation, the “Install” button changes to a “Remove” button.

2.  Install Network Manager

This is a distribution and open source agnostic framework. It runs well on different Linux distros and desktops and it uses plug-ins to configure networks including OpenVPN.  Follow the steps that you follow to install OpenVPN to install Network Manager. Simply double-click the package and select the “install” button.

To ensure that Network Manager has already picked up plug-ins, use this command to restart it:

$ sudo restart network-manager

Alternatively, reboot the machine.

3.   Configure VPN

Click on the applet of the Network Manager on the panel then click on the “Network Connections” button.

A new window will open up. Clock on the “Add” button then add a connection.

 A pull-down list will appear when you click the “Add” button. Under VPN, there is the OpenVPN option. Select it and click the “Create” button. This will open up a window where you can choose a *.ovpn file. Whether this will work or not depends on the set up of the OpenVPN configuration file of your provider.

However, if a VPN provider has provided OpenVPN configuration files in a TAR or ZIP file, download and open one of them. You will see something like this:

In this image, the first line contains the FQDN (Uk1.vpn.ac) for VPN server, the protocol, and the port (1194).  Fill in something memorable as the Connection Name. Use VPN server or FQDN to fill in the gateway. For Authentication Type, you can select a Password. In most cases, password/username authentication method is used. This is seen in a config file as:

auth-user-pass

Some providers use a Certificate Authority (CA). This is embedded in the OpenVPN configuration file. On clicking the “CA Certificate” button, it brings up a file that allows you to select a certificate file. Select the file with a *.crt, *.key, or *.pem extension.

Once you have done that, click on the “Advanced” button.

A common setting is “Use custom gateway port”. However, in the case illustrated above, the server uses the official 1194 OpenVPN port. That means there is no need to set up anything. But, a common option is “Use LZO data compression” while “Use a TCP connection” is a less common option. In the above case, the provider uses UDP port 1194. If the network is unreliable or firewalls are restrictive, you may use TCP. Nevertheless, the TCP meltdown effect makes it less efficient.

If you see this "comp-lzo" in the .ovpn file, it means that your provider uses LZO compression with an adaptive default. Theoretically, the adaptive setting discovers whether compression helps or not and enables or disables it on the fly. 

4.     Security 

Still in the advanced options, click on the “Security” tab.

If there are no default options set up by the provider, 

enter them here. In this case, the corresponding OpenVPN configuration file options are: 

cipher AES-256-CBC

auth SHA1

The example further shows that the provider uses TLS authentication. So, click on the “TLS Authentication” button.

Here the config file line is: 

tls-auth Wdc.key 1

That means Wdc.key is the key file name while Key Direction is 1. Note that yours will differ unless the provider is the same. Click the “Key File” button then select a key file. Also, click on the “Key Direction” to select a proper direction. Finalize the process by clicking OK then Save on the main configuration window. 

5.    Connect to VPN 

Click on the applet of the Network manager on the panel.

Different configured VPN connections will show up. Click the connection that you want to use and after establishing the connection, a message similar to this will pop-up:

The applet for the Network Manager will also indicate a lock. 

And, that’s it! Your VPN system on Linux will be up and running. 

Do you need help with such content writing? Then get in touch with Bishop Writers. Simply send us an email via bishopwriters@gmail.com or visit our site for more details.