Open VPN GUI client Installation for IPFire


Document covers installing and configuring OpenVPN client for Windows. This document is especially targetted towards users of the IPFire Routers sold by Daily Data. There is an addendum for connections for Mac OSX and Linux.

Note: I have run into some confusion about where to install the openVPN Client software. Do not install the VPN Client on the workstation at work. Install the software on the workstation that will be connecting to the office network, ie your laptop so you can connect from a hotel room, or your home computer so you can connect to the office from home. Installing the VPN Client software on your work computer is pointless (that computer is already on the network). Installing it on your work computer adds an additional program to a computer that does not need it. Adding any computer program decreases the stability of a computer.

Windows

Note: There is some confusion about openvpn.se and openvpn.net. I'm not sure what is going on, but it appears the code from openvpn.se is not being developed anymore. Those are, from what I've seen, very old code and links. I use openvpn.net only. That is the code you want. You can go directly to http://openvpn.net/index.php/open-source/downloads.html which will give you a list of all application files. http://openvpn.net/ is the main page and appears to give you the most recent stable versions.

The code on our site is the version we have most recently installed, not the most recent, or even the "best" version. So, when you see a link to our repository, do not think you are getting something special.

Installation

  1. Download the OpenVPN Client from the the publisher. Note, on our server the file with i686 is for 32 bit windows and the x86_64 is for 64 bit installs.
  2. Install this application See Notes
    1. Windows Vista
      1. Not tested. Should simply work by right clicking and setting Run As Administrator
    2. Windows 7
      1. Set "Run As Administrator"
      2. Click "Ok"
    3. Accept defaults except as indicated below
      1. If you allow the Service to be installed an run automatically, the OpenVPN Client will be run every time you reboot the computer. Do not install the service unless you know what you are doing. If you accidently install the service, go into the Control Panel | Administrative Tools (or wherever) and set the service to manual (ie, will not run unless you tell it to).
        1. Do Not do this with Windows Vista as Vista has no way (that I know of) to install the service automatically.
        2. Allowing this will take resource from your computer, even when you are not using the VPN. It is possible it will slow your system down, so do not install the service if you are on a slower machine.
  3. Under Window7 and greater, it appears a few directories are not created automatically, so you will need to do this. Create the following directories if they do not exist under the install directory for OpenVPN (generally in c:\Program Files\OpenVPN or c:\Program Files (x86)\OpenVPN).
    1. config
    2. log (this should be created automatically the first time you run OpenVPN GUI)
  4. Copy configuration and certificate file to the configdirectory under the OpenVPN client
    1. You should have received a zip file from your administrator.
      1. Open the archive by double clicking on it
      2. Select both files inside the archive, then copy them to your clipboard (depress right mouse button, drag over the two files, release the right mouse button, right click on one of the files and select Copy)
  5. Place the two files into the installation directory's config folder. At some points in this process, you may get a message that you are going into a sensitive area. Simply say "yes, please open"
    1. Open My Computer (or Computer under Vista/Windows 7) by double clicking it
    2. Open your disk drive, generally the C: drive, by double clicking it
    3. Enter the Programs Files folder (may be under c:\Program Files 32\ bit for Vista or Windows 7 64 bit users installing older versions of OpenVPN GUI) by double clicking it
    4. Enter the OpenVPN folder by double clicking it
    5. Enter the Configs folder by double clicking it
    6. Right click and select "Paste" from the menu. You should see two files appear in the folder; the same two you got from the previous step

Connecting to VPN

  1. First, determine if the OpenVPN service is running. If it is, you should see a little OpenVPN icon in the lower right corner of your screen, near the clock. It is two computers, and they both have red screens, meaning you are not connected. If this is not the case, run the OpenVPN GUI application you installed (should be a shortcut on your

desktop), and the little icon will appear. If there is not an icon on your desktop, you must select it from the All Programs menu option. Wait for the icon to appear (should be very fast). Windows Vista users (and later) will need to right click on the icon and select "Run As Administrator"

  1. Right click on the OpenVPN icon. From the menu that pops up, select Connect (top item).
  2. You will be asked for your password. Enter your password.
  3. A lot of stuff will flash by on the screen, and the two computers in the icon will have yellow screens.
  4. When the window with all the text goes away, and the two little computers in the icon have green screens, you are connected.
  5. Now, do whatever it is you want to do.
    1. Connect to a remote desktop on a Windows computer
      1. Remote Desktop Connection. Its location depends on which version of Windows you are running, but they are all under Start | All Programs | Accessories. On my Windows XP computer, it is in that menu about half way down. I have also seen it under the Communication menu.
      2. When Remote Desktop Program opens up, put in the IP address of your work computer, as if you were plugged into the network at the office.
      3. When you press Enter, it will ask for the User Name and Password on your workstation. You are now in.
    2. Connect to a server's file share at the office
      1. Open My Computer and put the IP Address of the server you want to connect to. Usually, this is the safest as searching by the computers name does not always work depending on how your network is set up.
      2. When the computer you are looking for comes up, select the network share you want.
    3. Connect to a network printer at the office
      1. Open My Computer and put the IP Address of the printer you want to connect to. Usually, this is the safest as searching by the names does not always work depending on how your network is set up.
      2. Right click on the printer and select "Install Printer"
  6. Remember, when you are through and have shut down Remote Desktop, right click on the two little computer icons and select Disconnect.

Apple Mac OS X

Basically, this is the same procedure except that you use Tunnelblick as your VPN client (the program on your machine). Again, this can be downloaded from Our Site or from the publisher. The version on our site only works with OS X Tiger 10.4 or better, but the publisher has versions that work on older copies of the operating system. The easiest way to install and configure is to check out their instructions at http://code.google.com/p/tunnelblick/wiki/UsingTunnelblick

A note: there is an excellent Remote Desktop program for OS X that allows you to work on Windows machines from a Mac named RDC201_ALL.dmg. It is at our site or you can download direct from Microsoft (http://www.microsoft.com/download/en/details.aspx?id=465). Very smooth and you don't have to have a Windows client to connect to a Windows desktop via RDP.

Linux

Hate to say this but I have not found a decent, user oriented Linux client to do this. I'm still looking, and assume someone, someplace has it. Under my favorite desktop distro, XFCE under Debian, there is not even an option, though I understand KDE and Gnome have clients which may work, but I dislike the bloat enough I have not even tried them. Instead, I simply create a CLI script that does it for me.

So, I installed the OpenVPN client

sudo apt-get install openvpn

Then created the following perl script. I will be looking at network-manager-openvpn to see if that helps at all. However, feel free to use the following script. To use the script:

  1. place script in its own directory. I use ~/openvpn, and name the script vpn.pl. Be sure to set the execute flag
  2. Unpack the configuration (.ovpn) and certificate (.p12) files into the directory. Since I connect to a lot of different sites using vpn, I rename the p12 file to something (like client1.p12), rename the config file to the same (client1.ovpn), then edit the ovpn file and change the line that contains the certificate file name. Example:
pkcs12 client1.p12

Then, do the following:

 cd openvpn/
 sudo ./vpn.pl client1

Answer the password questions, first for the sudo, second for the certificate file name, and wait until the message Initialization Sequence Completed appears. At this point, you have your vpn connection. Leave that window open, then do your work. ctrl-C in the console window that you did this will break the connection. Here is the perl script.

#! /usr/bin/perl -w
my $CONFIG_DIR = '/home/rodolico/openvpn/';
my $location = shift;
my $configFile = "$CONFIG_DIR/$location.ovpn";
my $address;
my $port;
my $keyfile;
open CONF, "<$configFile" or die "Could not open $configFile for read: $!";
my @config = <CONF>;
close CONF;
foreach my $line ( @config ) {
   next if $line =~ m/^/;
   chomp $line;
   if ($line =~ m/remote +(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}) +(\d+)/) {
      ($address, $port) = ($1, $2);
   } elsif ($line =~ m/remote +(1{3}) +(\d+)/ ) {
      ($address, $port) = ($1, $2);
   } elsif ($line =~ m/pkcs12 +(.+)$/) {
     $keyfile = $1;
     $keyfile =~ s/2//gi;
     $keyfile = $CONFIG_DIR . $keyfile;
   }
}
print "Config File\n3\n";
print "Address\n4\n";
print "Port\n5\n" ;
print "Key File\n6\n"; 
print "openvpn --dev tun0 --mktun\n";
´openvpn --dev tun0 --mktun´;
print "openvpn --remote $address --dev tun0 --pkcs12 $keyfile --client --proto udp\n";
print "======================================================================================\n\n";
exec "openvpn --float --remote $address --dev tun0 --pkcs12 $keyfile --client --proto udp";
1;

I make no promises, claims, anything about this script. Actually, it is a piece of junk. However, I've been using it for a year or so now and it has done nothing bad. But, if it reformats your machine and drinks all your beer, I had nothing to do with it.

Hints and Explanations

This is just a list of things clients have asked.

  • Why do I have to do sudo under Linux and "Run as Administrator" under newer versions of Windows?
    • OpenVPN does a lot of stuff at a very low level on your computer. One of the most important is modifying the way the network is set up by creating a fake network card on your computer which connects to the remote network. This is all powerful stuff that is normally reserved for systems level operations. Linux has always had this separation (and always required isudo for OpenVPN) and Windows Vista and later implemented similar systems to decrease the damage viruses can do on it. So, as you perform these kinds of functions, you have to tell the computer "I really know what I'm doing and I, personally, am telling you to do it."
  • What computer do I install the OpenVPN client to?
    • This is installed on the remote computer, ie the one you are sitting at at home trying to connect, or the laptop at the coffee shop. It does not hurt to install it on your computer at work, but it does use up resources and does not do anything for you. Install this on your remote computer, the one not on the network you want to connect to.
  • What is VPN and why do I need it?
    • Virtual Private Network is a way of being sneaky. It allows you to, securely, connect a computer to a different network as if you had physically picked up the computer and carried it to the network to plug it in. All done over the Internet in a secure manner. One common use is to connect to your office network from your home, or from a hotel or coffee shop when you're on the road. Depending on the configuration of network you are logging into, it can emulate actually plugging the computer into the office network; you can print to printers, connect to servers, etc... This is called "Road Warrior" mode and, a second mode ("Site to Site") allows you to connect two networks together through the Internet. That is used for connecting two offices together, or even connecting your home office to your main office. For more information, feel free to contact Daily Data.
  • I got it set up but it is so slow compared to when I'm at the office
    • At the office, you are on a network that is running at, most likely, 100 Mb/s (it can transfer 100 million bits a second). In many cases, the network at the office is 1 Gb/s (1 billion bits per second). Now, compare that to your internet connection. The "normal" DSL speed is 6 Mb/s down and .8 Mb/s (800 kb/s) up. The fastest I am aware of is 10 Mb/s down and 1 Mb/s up. That means that when you are getting information from the office network, you are at 10% the speed you see when you are at the office (1% if the office is running 1 Gb/s). And that is if you have the fastest internet commonly available on the market. So, if it normally takes 5 seconds to get a file from the server at the office (on a 100 Mb/s network), expect it to take 50 seconds over the Internet. Sending something to the server is even worse, since that is 1% of the speed (or 0.1% if running a gigabit network at work). So, a file that takes 5 seconds to copy to the server at work may take 500 seconds (over 8 minutes) when using a VPN over the Internet.
Last update:
2014-01-31 07:21
Author:
Rod
Revision:
1.8
Average rating:0 (0 Votes)

You cannot comment on this entry

Chuck Norris has counted to infinity. Twice.