If your business has grown to the point where you need to offer a VPN to your employees, the thought of spending either the money or the time deploying such a solution might send you into apoplectic fits. It doesn’t have to–there are so many incredible solutions available, some of which are free and even easy to unleash.
One such solution is OpenVPN. With this server software, you can either install it onto an existing platform, or you can opt to go the virtual route with a virtual appliance. I find that the easiest path to success is to use the TurnKey Linux OpenVPN virtual appliance. With this solution, you can spin up a VPN in a few minutes.
Let’s walk through the process of launching the OpenVPN VM with the help of VirtualBox.
SEE: Quick glossary: Virtualization (Tech Pro Research)
Importing the virtual appliance
The first thing you must do is download the appliance file. Once you have that file on your host machine, unzip it. Now you must import the .ova file into VirtualBox. To do this, open VirtualBox and click File | Import Appliance. When prompted, click the File icon and, from your file manager, navigate to and select the turnkey-openvpn-XXX-jessie-amd64.ova file (XXX is the release number). Click Next in the import wizard and then go through the default settings (Figure A).
The one setting you’ll probably want to change is the default allocated RAM (the default is only 512MB). Double-click that entry and bump it up to what you feel is adequate for your needs. Once you’ve done that, click Import, and the process will complete.
Starting the VM
Select the TURNKEY OPENVPN from the left navigation and click Start. During the startup process, you’ll be asked to enter a password for the root user (Figure B). Type in a password (make it challenging) and hit Enter on your keyboard.
Next you’ll be required to select a profile for the server (Figure C). You can select from:
- Server: This profile accepts VPN connections from clients and optionally configures a private subnet behind the OpenVPN enabling client access.
- Gateway: This profile accepts VPN connections from clients and automatically configures connecting clients to route all their traffic through the VPN.
- Client: This profile initiates VPN connections to an OpenVPN server.
Your selection will depend upon the needs of your network and your clients, but more than likely the Server option will suffice.
Now follow these steps.
- Enter an email address for the OpenVPN server key.
- Configure an IP address or FQDN that will enable clients to reach the VPN.
- Enter a Classless Inter-Domain Routing (CIDR) subnet address pool to be used by your VPN. (This will be in the form of 192.168.1.0/24. Make sure that entry is specific to your networking needs.)
- Supply the CIDR subnet that will exist behind the server that the clients will reach (this address will be in the same form as the previous CIDR address).
Once you hit Enter after setting the second CIDR address, walk away from the machine, as it will take awhile to complete the final phase of the process. When you’re presented with the TurnKey Backup and Migration page, tab down to Skip and hit Enter. The last thing to do is enter an email address that will receive all local system notifications; type the address and hit Enter (you can skip this step).
Before you can log into your OpenVPN server, you’ll be prompted to either install or skip any available updates to the system. I highly recommend you install these updates. This process can take quite awhile, so step away again and allow the updates to complete. When the updates finish, reboot the machine. Once the machine reboots, you’ll be presented with all the information you need to connect to your VPN (Figure D). Your OpenVPN server is up and running and ready for configuration.
I highly recommend you log into the Webmin address (with username root and the password you set during installation), so you can further configure the virtual appliance. You will not find a GUI frontend for configuring the OpenVPN server here–for this, check out the /etc/openvpn/server.conf file. To do that, you’ll need to secure shell into the server (information on connecting is presented to you once boot up has finished). Once logged in, you can edit the config file and add users with the openvpn-addclient USER EMAIL_ADDRESS command (USER is a username and EMAIL_ADDRESS is the client’s email address).
For more information on working with OpenVPN, check out the OpenVPN official documentation.