VPN Creation and Configuration

OVPN User Setup Guide

Prerequisites

Before setting up the OpenVPN client, make sure you have the following information ready: Drive Link

  1. User Email: The user’s email address (e.g., anand.chinta@sayukth.com).
  2. Password: A secure password generated for the user (e.g., MiTTdq7pJw09RGl).
  3. Common Name: A unique common name for the user (e.g., anand.chinta.vpn.sayukth.com).
  4. OVPN File Name: The name of the OpenVPN configuration file (e.g., ovpn-anandchinta).
  5. Host IP Address: The host’s IP address (e.g., 172.21.4.110).
  6. Local VPN IP Address: The local IP address for the VPN (e.g., 172.21.4.111).
  7. Remote VPN IP Address: The remote IP address for the VPN (e.g., 172.21.4.112).

You can generate a random password for the user using the Avast Random Password Generator.

Example:

  • User Email: anand.chinta@sayukth.com
  • Password: MiTTdq7pJw09RGl
  • Common Name: anand.chinta.vpn.sayukth.com
  • OVPN File Name: ovpn-anandchinta
  • Host IP Address: 172.21.4.110
  • Local VPN IP Address: 172.21.4.111
  • Remote VPN IP Address: 172.21.4.112

Step 1: Enable the OpenVPN Server

  1. Login to MikroTik via Winbox:

    • Open Winbox and connect to your MikroTik router.

Step 2: Create a PPP Profile for the User

  1. Go to PPP and click on the Secrets tab. PPP_interface

  2. Press the Add (+) button to create a new profile.

  3. Configure the profile:

    • Name: Give it a meaningful name (e.g., VPN-User-Profile).
    • Service: Select ovpn.
    • Profile: Select the profile as default
    • Local Address: Assign an IP address for the MikroTik side of the VPN.
    • Remote Address: Assign an IP pool for VPN users.

    PPP_User

  4. Click OK to save.

Step 3: Create the Client Certificate

  1. Go to System > Certificates:

    • Open Winbox and navigate to System > Certificates.

    sys>creds

  2. Add a New Certificate:

    • Click the Add (+) button.
    • In the General section:
      • Name: Enter a meaningful name for the certificate (e.g., vpn-client).
      • Common Name: Use the same name as the certificate name (e.g., vpn-client).
Certs Interface Create Cert
Certs Interface Create Cert

  1. Key Usage:

    • In the Key Usage field, check:
      • tls-client (for client authentication).
        Initial_KeyUsage KeyUsage
        Initial_KeyUsage KeyUsage

  2. Click OK to save the certificate.

Step 4: Sign the Client Certificate

  1. Highlight the Newly Created Certificate:

    • Select the certificate you just created (e.g., vpn-client).

  2. Click the Sign Button:

    • Click Sign in the toolbar.

  3. Select the CA:

    • In the CA field, choose your existing CA certificate (this should already be generated).
    • Click Start to begin the signing process.

    SignCert

  4. Verify the Status:

    • Once signed, check the Status column for the certificate.

    status

Step 5: Export the Certificate and Key

  1. Export the Certificate:

    • Select the signed client certificate (e.g., vpn-client).
    • Click the Export button.

  2. Set a Passphrase (Optional):

    • Enter a passphrase to secure the exported private key (you’ll need this later in the OVPN client).
    • Enter a file name (e.g., vpn-client).

  3. Click Export to generate the certificate and key files.

    Export

Step 6: Download the Certificate and Key

  1. Navigate to Files:

    • Go to Files in Winbox (left-hand menu).

  2. Locate the Exported Files:

    • Look for the exported certificate and key files (e.g., vpn-client.crt and vpn-client.key).

  3. Download the Files:

    • Select the files and click Download to save them to your local computer.

    Files_Download

Step 7: Use the Certificate and Key in OVPN Configuration

  1. Place the downloaded .crt and .key files on the OVPN client machine.

  2. Download the Required Files
    Use the provided Google Drive link: Download Files
    Download the following three files:

    • secret
    • sayukth_vpn_config.ovpn
    • OpenVpnCaCert.crt

  3. Modify the secret File
    Open the secret file in a text editor. Update it with the username and password for the respective user.
    Example:

    anand.chinta@sayukth.com
MiTTdq7pJw09RGl

  4. Update the sayukth_vpn_config.ovpn File
    Open the sayukth_vpn_config.ovpn file in a text editor. Add the content of the OpenVpnCaCert.crt file and any additional user-specific .crt or .key files into the appropriate sections.

client
dev tun
proto tcp-client
remote 183.82.7.33
port 1194
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
ca OpenVpnCaCert.crt
cert ovpn-anandchinta.crt  # <-- Highlighted: User-specific certificate
key ovpn-anandchinta.key   # <-- Highlighted: User-specific key
verb 4
mute 10
cipher AES-256-CBC
auth SHA1
auth-user-pass secret
auth-nocache

  1. Organize All Files
    Ensure all necessary files are placed in a single folder(username):

    • secret
    • sayukth_vpn_config.ovpn
    • OpenVpnCaCert.crt
    • User’s .crt and .key files

  2. Verify
    Confirm that:

    • The secret file has the correct username and password.
    • The sayukth_vpn_config.ovpn file contains the OpenVpnCaCert.crt and any user-specific .crt and .key content.
    • All files are stored in a single folder.

  3. Save the configuration and connect to the VPN.

You are now ready to use the .ovpn configuration for the VPN setup!

Step 8: Configuration in the client system

OpenVPN Configuration on Mac

  • Install OpenVPNClient in the system. OpenVPN Client

  • Import the .ovpn(sayukth_vpn_config.ovpn) file and click the toogle button for connection through VPN

  • Place all the 5 files in single folder

Interface Upload Imported Profile
Interface Upload Imported Profile

OpenVPN Configuration on Ubuntu

1. Update the System

Ensure your system packages are updated:

sudo apt update
sudo apt upgrade -y

2. Install OpenVPN

Install OpenVPN using the following command:

sudo apt-get install openvpn -y

Service

3. Place Configuration Files

You have the following important files for VPN setup:

  • OpenVpnCaCert.crt: CA certificate file.
  • ovpn-username.crt: User certificate file.
  • ovpn-username.key: User private key file.
  • sayukth_vpn_config.ovpn: OpenVPN configuration file.
  • secret: Additional secret file, if required.

Steps to place the files:

  1. Copy all the files to the /etc/openvpn/ directory:

    sudo cp OpenVpnCaCert.crt ovpn-username.crt ovpn-username.key sayukth_vpn_config.ovpn secret /etc/openvpn/

PlaceFiles

  1. Set the correct permissions for the files: 
    sudo chmod 600 /etc/openvpn/*.key
sudo chmod 644 /etc/openvpn/*.crt
sudo chmod 644 /etc/openvpn/sayukth_vpn_config.ovpn
sudo chmod 600 /etc/openvpn/secret

4. Start OpenVPN

Run the OpenVPN service with your .ovpn configuration file:

sudo openvpn --config /etc/openvpn/sayukth_vpn_config.ovpn

You might need to provide a username and password if prompted. Use the credentials provided by your VPN service. Password Connected

5. Enable OpenVPN on System Boot (Optional)

If you want OpenVPN to start automatically during boot:

  1. Enable and start the OpenVPN service: 
    sudo systemctl enable openvpn@client
sudo systemctl start openvpn@client

6. Verify the Connection

To ensure OpenVPN is running correctly:

  1. Check the OpenVPN logs for any errors:

    sudo journalctl -u openvpn@client

  2. Verify your public IP address:

    curl ifconfig.me

    If the VPN connection is active, the IP address displayed should match the VPN’s network.