You are here
OpenVPN for Linux and *BSD
OpenVPN has been tested and works well on Linux, and should work on *BSD.
If you are using Ubuntu Linux, then please refer to our specific OpenVPN for Ubuntu page. Otherwise, the first thing to do is to install OpenVPN itself, if a suitable version is not already in your distribution. One option is to go to the OpenVPN "Community Downloads" page, download the current tar.gz file, and build and install it to suit your distribution. The HOWTO file on the OpenVPN web site has some useful instructions for this. Alternatively, there are pre-packaged versions available for the most common package management systems.
What you do next depends on whether you're using NetworkManager or not. Our experience is that NetworkManager, at least in the versions which we have tested, doesn't seem to be flexible enough, and we currently recommend against using it.
If you're not using NetworkManager, load the configuration files, from a root shell cd to that directory, and start the openvpn daemon with your preferred configuration file as command-line parameter. (The full path to the daemon is probably /usr/sbin/openvpn.) Note that you have to do this as root so that the daemon can create and/or configure its "tun" devices and add routes as necessary.
Using OpenVPN via Network Manager
Bearing in mind the above warnings, if you do want to use NetworkManager to control OpenVPN, then you first need to install the OpenVPN plugin. How you do this depends again on your distribution, but there should be suitable pre-built versions available. Then proceed as follows:
- Create a directory for the configuration files and download them into it.
- Start the NetworkManager GUI and select the VPN tab.
- For each of the configuration files: click on "import" and select the file, be sure to un-tick the "start this connection automatically" box, and save.
Once you've done this you should find that NetworkManager gives you the option of starting up one of the VPN tunnels.
NOTE that due to what appears to be a limitation of at least some versions of the plugin's import mechanism, the configurations as imported may not set up routing correctly, but will instead send ALL traffic through the tunnel regardless of which configuration file you import. One manifestation of this is that your DNS stops working because of security restrictions at your ISP's (or IS's) nameservers. This appears still to be a problem even with current (at the time of writing) distributions. The easiest workaround seems to be just not to use NetworkManager!
We have also had reports that some versions of NetworkManager are not able to extract the embedded tls-auth key and University CA certificate. If yours is one of these, please also download the EdUniRootCA2.crt and tls-auth-key from the Generic/ configuration directory. Then:
- open network manager, configure vpn, import the .opvn file, which will prepopulate most options.
- Change authentication type to "password with always ask".
- CA certificate: EdUniRootCA2.crt
- Under advanced, TLS authentication: click use additional TLS authentication and use the key file ta-auth-key; leave key direction blank.