Announcement

Collapse
No announcement yet.

Setting up OpenVPN server

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Setting up OpenVPN server

    I'm going to be using my current Dell laptop (after upgrading to 22.04) as a license server for ANSYS. I have installed the ANSYS license server and it runs fine. I'm still waiting on the license file. I don't have much experience setting up a VPN, but I've been immersing myself in the topic over the last few days.

    Most of what I don't understand surrounds the linux commands for installing.
    Here's the instructions that I'm following:
    https://openvpn.net/community-resour...alling-openvpn

    Based on the guide, I should be using an installation without RPM. How do I use apt-get to install the package? I don't know what package to look for.

    I downloaded the tar.gz file and used ./configure, but I got an error at the end, which I assume is related to my out-of-date (20.10) system and packages.

    I opened up Discover and searched for OpenVPN, and found the NetworkManager for OpenVPN conections. But, when I went to the developer website, I see that this is Gnome, which I don't think will run on KDE. Or am I mistaken?

    Looking at some of the other options, does anyone recommend WireGuard instead?

    Thanks in advance for any help or suggestions you can offer.

    #2
    I use P.I.A. as my VPN provider and they have an excellent and succinct guide. I suspect whichever provider you choose will offer the same. I would pick one, sign up, and use their guide.

    Please Read Me

    Comment


      #3
      Code:
      sudo apt install openvpn
      But there are probably dozens of Ubuntu specific tutorials on the topic.
      However, finding a good one that seems reliable and accurate can be ...fun

      Digital Ocean is a good place for in-depth how-to's for many kinds of servers and server OSs
      https://www.digitalocean.com/communi...n-ubuntu-22-04


      For apt, the man page (man apt) is a good starting point, but there are GUI package management tools that you may already have installed, such as Muon.
      Synaptic Package Manager is another.


      Some apt commands with examples:
      https://itsfoss.com/apt-command-guide/

      Comment


        #4
        Originally posted by oshunluvr View Post
        I use P.I.A. as my VPN provider and they have an excellent and succinct guide. I suspect whichever provider you choose will offer the same. I would pick one, sign up, and use their guide.
        Can you use PIA to connect from a Windows machine to my Jammy laptop? I only want to open the ports for the ANSYS License Manager, and nothing else. I was going to go with Wireguard, and realized that it's only Linux-Linux. OpenVPN seemed like a good alternative. But there's a lot of networking terminology that I'm not familiar with. IP addresses, I get. DNS, meh.

        Somehow, I connected to the VPN from my Jammy laptop, and locked myself out of my internet connection. I had to go to my windows machine and delete my account to free up whatever IP I locked up.

        I am looking into PIA now to see if I can figure it out.

        Comment


          #5
          Originally posted by claydoh View Post
          Digital Ocean is a good place for in-depth how-to's for many kinds of servers and server OSs
          https://www.digitalocean.com/communi...n-ubuntu-22-04
          I paddled over here and took a look. If I understand this correctly, this is installing OpenVPN directly on the Server, and the Client connects. So my Jammy will become the "OpenVPN Server". But, then I need a separate (recommended) Ubuntu server as the CA Server. No idea how I would set that up.

          Since I'm trying to let a Windows machine connect to a Linux machine, will this still work the same? Reading through the Prerequisites, there's about a dozen things that I have no clue how to tackle.

          Originally posted by claydoh View Post
          For apt, the man page (man apt) is a good starting point, but there are GUI package management tools that you may already have installed, such as Muon.
          Synaptic Package Manager is another.
          Lots of questions about package managers, but I'll circle back to that in a different thread.

          Originally posted by claydoh View Post
          Some apt commands with examples:
          https://itsfoss.com/apt-command-guide/
          This will be a big help. Thank you.

          Comment


            #6
            Originally posted by gshockxcc View Post
            Can you use PIA to connect from a Windows machine to my Jammy laptop?
            PIA is a VPN service that lets you connect to one of their servers, then routes your internet traffic through that server. I don't think it helps you. I think you are considering running an OpenVPN server on the laptop, then making a VPN connection from the Windows box to the laptop, so that you can then access the ANSYS server through a VPN tunnel. This is similar to a typical work-from-home set up.

            But, where is the laptop, and how is it connected to the internet? Likely through a router, I'll assume so.

            If the windows machine on the same LAN as the laptop, both connected to the router, as would be typical at a home, you don't need a VPN (unless you don't trust some devices on the LAN). By default the router will let nothing connect in from the internet.

            If not, OpenVPN is a good idea but you'll have to learn about setting up an IP address (so that Windows can find your server), and port forwarding on the router.

            Regards, John Little

            Comment


              #7
              Originally posted by gshockxcc View Post
              I paddled over here and took a look. If I understand this correctly, this is installing OpenVPN directly on the Server, and the Client connects. So my Jammy will become the "OpenVPN Server". But, then I need a separate (recommended) Ubuntu server as the CA Server. No idea how I would set that up.
              Your original link mentions this part, so I assumed you had noted this. There are ways to do this all on the same server, it seems. No clue though.

              I agree with jlittle here, we need more info on what you are trying to accomplish, and the network setups and systems involved. There are potentially simpler solutions, but we don't know what the setup is.

              At the simplest level, my home router has a built in VPN server, and I can access my NAS and my desktop PC that way. Super easy, but hardware-dependent.
              There is also a simpler OpenVPN Access server, which is much easier to set up. I have done so, using a Linode VPS when I was overseas fro a few months and needed a less obvious VPN for keeping a US IP address for work. This has a limit of two connections, though, before it is no longer free, iirc, and probably takes some extra work for a local PC on a local network to access the internet, I assume.
              I am a moron, and I was able to set up this thing following a how-to, but it was a very simple and common use case.

              Those are just two options, without any context, and I am sure there will be something suitable for your specific case.

              Comment


                #8
                Originally posted by jlittle View Post
                I don't think it helps you. I think you are considering running an OpenVPN server on the laptop, then making a VPN connection from the Windows box to the laptop, so that you can then access the ANSYS server through a VPN tunnel. This is similar to a typical work-from-home set up.
                You're absolutely correct here. The Linux (Jammy - Dell Precision M6800) is at my location, and a colleague will connect via OpenVPN to run the ANSYS license server.

                Originally posted by jlittle View Post
                If not, OpenVPN is a good idea but you'll have to learn about setting up an IP address (so that Windows can find your server), and port forwarding on the router.
                Again, spot on, and this is where I did a face plant with OpenVPN. I didn't know that I needed an IP address so that the Windows machine can find the server. I'm sure I can figure it out, but I did (and still don't) know where to start. My Jammy laptop is connected directly to the router via Ethernet. So I should be able to open the IP to that machine, and only the required port. In the OpenVPN Cloud setup, I had to give a domain name, which I sort of understand, but it wasn't quite clear to me exactly how the connections were being mapped.

                I still have a few colleagues that I'm going to check with, and then I might just contact OpenVPN for support. Even if I have to pay a few bucks a month for an advanced service, at least I will learn how to set this up, because it won't be the only time I have to do it. IT Administration, here I come! (Not really).

                Comment


                  #9
                  Originally posted by claydoh View Post
                  Your original link mentions this part, so I assumed you had noted this. There are ways to do this all on the same server, it seems. No clue though.

                  Correct, I know there is, and I think the link from jlittle​ covers that, but there's a lot of prep work and prerequisites that are a bit beyond me. Given enough time and patience with the internet, I'm sure I can figure it out. However, OpenVPN cloud seems like a simple way to get started to connect two disparate machines with different OSs.

                  Originally posted by claydoh View Post
                  I agree with jlittle here, we need more info on what you are trying to accomplish, and the network setups and systems involved. There are potentially simpler solutions, but we don't know what the setup is.

                  Just to repeat what I said above, it's fairly straight forward. I'm not saying it's easy, but seems like a simple set up. My Linux machine is connected via Ethernet to the router. The Windows machine is in another location elsewhere in the U.S., and I want to have the ability for the Windows machine to access the license server on my Linux machine. The license server is already up and running. I just don't quite know how to serve up access to only that application through the OpenVPN connection. I do know that I need to allow connections on a specific port, but beyond that, I'm a bit lost.

                  Originally posted by claydoh View Post
                  There is also a simpler OpenVPN Access server, which is much easier to set up. I have done so, using a Linode VPS when I was overseas fro a few months and needed a less obvious VPN for keeping a US IP address for work. This has a limit of two connections, though, before it is no longer free, iirc, and probably takes some extra work for a local PC on a local network to access the internet, I assume.

                  I saw a few videos online about this, and I agree that it seems like a worthwhile option. I considered this as well, but haven't pursued it yet. Two connections should suffice for now, if I can figure it out.

                  Originally posted by claydoh View Post
                  ​I am a moron, ...


                  I sincerely doubt that, my friend.

                  Comment


                    #10
                    Originally posted by claydoh View Post
                    There is also a simpler OpenVPN Access server
                    This does not require setting up a separate CA server, etc., which is why it may be a good and much easier solution for your case, if there are only one or two connections.
                    The web GUI is highly useful.
                    And as I said, I am a moron, and I managed to set it up fairly quickly, part of a morning iirc. But I was not dealing with a home computer/network, so that will add some extra steps
                    It IS easy to install and set up, but I am not familiar with setting one up on a home computer and a local network, which is going to need different configuration than what I was using.
                    This is an updated version of what I used to set it up
                    https://www.linode.com/docs/guides/i...rver-on-linux/


                    As for the IP address, this can be dealt with by using one of any number of dynamic dns services (many are free) to work around the strong potential that your ISP will change your IP address at some point. This should not be too difficult to deal with.
                    Then there will be port forwarding on your router, etc.


                    I wonder if Wireguard might be less complicated?
                    Probably not. At least not compared to the OpenVPN Access server

                    But also check your router -many do have built-in VPN servers. My fairly inexpensive TP-LINK Archer AX3000 does, and they even have a dynamic-dns service as well.

                    Last edited by claydoh; Feb 14, 2023, 06:45 AM.

                    Comment


                      #11
                      I'm trying to set up the OpenVPN using Linode, and I'm trying to edit the ssh config file, based on a tutorial that I'm following. Editing the file is fine, but I can't figure out how to save and exit.

                      Comment


                        #12
                        You can use Kate or kwrite, since you are not accessing a remote headless server. These will prompt for the password when saving as necessary, so no need to open with sudo or anything.
                        For nano, ctrl-o to save, ctrl-x to exit, as (sort of) shown at the bottom of the screen.
                        Last edited by claydoh; Feb 14, 2023, 08:38 AM.

                        Comment


                          #13
                          Thanks for replying so quickly!

                          I was editing as root in the Konsole window. Do those commands work the same to save and exit? I assume not. This is what my Konsole window looks like. I don't know know how to save and exit.

                          Click image for larger version

Name:	Konsole_ssh.png
Views:	225
Size:	65.4 KB
ID:	668501

                          Comment


                            #14
                            Which editor are you using to open the file? I don't know what you have used to open the file in the terminal. I am pretty much only familiar with Nano as a text editor on the terminal, and each editor has different keystrokes to save and exit. Maybe someone will know what you are using and know. I purposefully run away from anything involving command line text editors outside of nano


                            You can browse to the file in Dolphin, and open it in your normal text editor (usually kate or krwrite) as you normally would any text file. Edit, and save normally. You then will be prompted for your sudo password. Done.

                            Comment


                              #15
                              I started editing the config file with the command
                              Code:
                              nvim /etc/ssh/ssh_config
                              It's using the Neovim text editor on Linode. I could be wrong, but I don't think I'm editing the config file on my local machine.

                              Comment

                              Working...
                              X