6 min read

Installing OpenVPN on Debian and Ubuntu

Probably the easiest distribution on which to install OpenVPN is Debian and its derivates like Ubuntu. Just type apt-get install openvpn, answer two questions, and OpenVPN is installed and ready to be used.

The Debian package management system is capable of solving all the issues that might occur during the installation. If your system is configured correctly, then the automatic installation will cover the following steps:

  1. The installation helper apt-get will find the software on the installation servers.
  2. The helper will then download the chosen package and unpack it to your local system.
  3. An interactive configuration script is executed, which configures your system and the newly installed software for later use with the parameters that you enter.

The following code extract is the standard output of apt-get install openvpn on a Debian system. This output may vary depending on your previous software selection, and in many cases the LZO compression library will have to be installed. On some systems apt will install OpenSSL libraries, but in most cases, apt-get is able to solve all problems for you.

debian01:~# apt-get install openvpn
Reading Package Lists... Done
Building Dependency Tree... Done
The following NEW packages will be installed:
openvpn
0 upgraded, 1 newly installed, 0 to remove and 7 not upgraded.
Need to get 293kB of archives.
After unpacking 762kB of additional disk space will be used.
Get:1 http://ftp.uni-erlangen.de testing/main openvpn 2.0.9 [293kB]
Fetched 298kB in 1s (247kB/s)
Preconfiguring packages ...
Selecting previously deselected package openvpn.
(Reading database ... 9727 files and directories currently installed.)
Unpacking openvpn (from .../openvpn_2.0-9_i386.deb) ...
Setting up openvpn (2.0-9) ...
Restarting virtual private network daemon:.
debian01:~#

During this process, you will be prompted to answer the following two questions:

  • You have to allow apt to create a TUN/TAP device for use by OpenVPN software. If you select No, your tunnels will not be created and your tunnel software won’t work.

    Beginning OpenVPN 2.0.9

  • The second question raises a security issue. OpenVPN software should be stopped during an update, so you have to select YES and hit return.

    Beginning OpenVPN 2.0.9

You have to stop the old tunnel software when an update is running. All tunneling will be stopped, and your users will not be able to connect to your system during this time. From then on, all tunnels are created by the new OpenVPN software, including patches and bug fixes. This is the safe way to go.

However, if you choose No, you risk that the old software and libraries are still running, even after the installation of new OpenVPN software. Bug fixes and patches of the new version may not apply to existing tunnels until they are started again. You may run into serious inconsistencies in your system, if you have several tunnels and they are running different versions of your software. Thus, it is safer to have a short time when users will not be able to connect.

Installing Debian packages

Software packages for Debian systems are provided in the so-called .deb file format. DEB files are usually stored in online repositories on FTP or web servers, and every Debian system holds a list of repositories that can be used for installation. You will find this list in /etc/apt/sources.list. The setup program base-config provides a menu-based configuration interface for apt.

Beginning OpenVPN 2.0.9

If you want to add source repositories to your Debian installation, type base-config and change to the menu configure apt. Select the country you live in and the repository of your choice. Select Ok. Now all the software packages of this server can automatically be installed on your system, simply by typing apt-get install <package>.

A Debian package contains the software and information about it, such as name, version, description, contents, prerequisites, dependencies, and configuration scripts that are to be started after installation.

Debian systems offer some very powerful programs with which you can control software installation very specifically. Listing all programs and options would go far beyond the scope of this article, but here is a short overview of some handy package management commands.

Command

Function

apt-get remove <package>

Removes the selected package from your system

apt-get update

Updates the list of packages available on the repositories listed in /etc/apt/sources.list

apt-get upgrade

Installs the latest available versions of all your installed software

apt-get dist-upgrade

Installs the latest available software related to your configuration

dpkg-reconfigure

Restarts/Starts the configuration script inside the package, which will bring up the menu-based dialogs in the same way as after installation

apt-cache show

<package>

Prints detailed information about the software package

dpkg -l <package>

Prints information on the installed software package

dpkg -L <package>

Lists all files installed by the software package

dpkg -i <file>

Installs a local (.deb) file to your system

dpkg -S <file>

Prints information about the software package owning <file>

apt-cache search

<string>

Searches apt database for packages containing <string> in their name and description

These programs should solve all possible questions, issues, and problems concerning the installation of software on Debian systems. Just try these commands with the freshly installed OpenVPN package on your system. Type the command apt-cache show openvpn to receive information about the installed package.

Beginning OpenVPN 2.0.9

Using Aptitude to search and install packages

Although the Debian command-line tools are very powerful, there are more programs that help you to retrieve and install software. Probably the most common software for this purpose is Aptitude. Type aptitude in a command line in order to start the menu-based installation interface. If Aptitude is not installed on your system, type apt-get install aptitude. If you prefer aptitude, you can use it at the command line in the same way as apt-get.

Beginning OpenVPN 2.0.9

Aptitude consists of a menu at the top of the screen, a list of packages, and a window showing details on the software selected in the package list. If you have console mouse support, you can click on menu entries.

Click on the menu entry Search, or hit the F10 key and navigate through the Search menu. Select the entry Find. You will be prompted with a search mask. Enter openvpn. While you are typing, Aptitude is steadily updating the main window. Click on OK and have a look at the output.

Beginning OpenVPN 2.0.9

Aptitude will find the OpenVPN version that you had installed previously, and the entries in the menus Actions and Package help you to select and install software. Depending on the selection of repositories that you have added to your sources.list during installation, Aptitude can also help you to choose different versions of OpenVPN.

OpenVPN—the files installed on Debian

The following table gives an overview of the files that were installed by the Debian package management system.

Full path and file Installed by OpenVPN

Function

/etc/openvpn

Directory containing configuration files

/etc/network/if-up.d/openvpn

/etc/network/if-down.d

/etc/network/if-down.d/openvpn

Start/stop openvpn when the network

goes up/down

/etc/init.d/openvpn

Start/stop script for services

/sbin/openvpn

The binary

/usr/share/doc/openvpn

Documentation files

/usr/share/man/man8/openvpn.8.gz

Manual page

/usr/share/doc/openvpn/examples/

sample-config-files

Example configuration files

/usr/share/doc/openvpn/examples/

sample-keys

Example keys

/usr/share/doc/openvpn/examples/

easy-rsa

easy-rsa-a collection of scripts useful

for creating tunnels

/usr/share/doc/openvpn/

changelog.Debian.gz

/usr/share/doc/openvpn/changelog.gz

 

Version history

/usr/share/openvpn/verify-cn

verify-cn function (revoke command)

/usr/lib/openvpn/

openvpn-auth-pam.so

/usr/lib/openvpn/

openvpn-down-root.so

Libraries for PAM-Authentication and

chroot mode

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here