| 30 | | If you would like to get a VPN running quickly with minimal configuration, you might check out the [wiki:StaticKeyMiniHowto Static Key Mini-HOWTO]. |
| 31 | | |
| 32 | | |
| 33 | | Static Key advantages |
| 34 | | |
| 35 | | Simple Setup |
| 36 | | No X509 PKI (Public Key Infrastructure) to maintain |
| 37 | | |
| 38 | | Static Key disadvantages |
| 39 | | |
| 40 | | Limited scalability -- one client, one server |
| 41 | | Lack of perfect forward secrecy -- key compromise results in total disclosure of previous sessions |
| 42 | | Secret key must exist in plaintext form on each VPN peer |
| 43 | | Secret key must be exchanged using a pre-existing secure channel |
| 44 | | |
| 45 | | Installing OpenVPN |
| 46 | | |
| 47 | | OpenVPN source code and Windows installers can be downloaded here. Recent releases (2.2 and later) are also available as Debian and RPM packages; see the OpenVPN wiki for details. |
| 48 | | |
| 49 | | For security, it's a good idea to check the file release signature after downloading. |
| | 26 | If you would like to get a VPN running quickly with minimal configuration, you might check out the [wiki:StaticKeyMiniHowto Static Key Mini-HOWTO]. The advantages of a static key setup: |
| | 27 | |
| | 28 | * Simple Setup |
| | 29 | * No X509 PKI (Public Key Infrastructure) to maintain |
| | 30 | |
| | 31 | And the disadvantages: |
| | 32 | |
| | 33 | * Limited scalability -- one client, one server |
| | 34 | * Lack of perfect forward secrecy -- key compromise results in total disclosure of previous sessions |
| | 35 | * Secret key must exist in plaintext form on each VPN peer |
| | 36 | * Secret key must be exchanged using a pre-existing secure channel |
| | 37 | |
| | 38 | = Installing OpenVPN = |
| | 39 | |
| | 40 | OpenVPN source code and Windows installers can be [https://community.openvpn.net/downloads.html downloaded here]. Recent releases (2.2 and later) are also available as Debian and Ubuntu packages; see [wiki:OpenvpnSoftwareRepos this article] for details. |
| | 41 | |
| | 42 | For security, it's a good idea to check the [https://community.openvpn.net/signatures.html file release signature] after downloading. |
| 52 | | Linux Notes (using RPM package) |
| 53 | | |
| 54 | | If you are using a Linux distribution which supports RPM packages (SuSE, Fedora, Redhat, etc.), it's best to install using this mechanism. The easiest method is to find an existing binary RPM file for your distribution. You can also build your own binary RPM file: |
| 55 | | |
| 56 | | rpmbuild -tb openvpn-[version].tar.gz |
| 57 | | |
| 58 | | Once you have the .rpm file, you can install it with the usual |
| 59 | | |
| 60 | | rpm -ivh openvpn-[details].rpm |
| 61 | | |
| 62 | | or upgrade an existing installation with |
| 63 | | |
| 64 | | rpm -Uvh openvpn-[details].rpm |
| 65 | | |
| 66 | | Installing OpenVPN from a binary RPM package has these dependencies: |
| 67 | | |
| 68 | | openssl |
| 69 | | lzo |
| 70 | | pam |
| 71 | | |
| 72 | | Furthermore, if you are building your own binary RPM package, there are several additional dependencies: |
| 73 | | |
| 74 | | openssl-devel |
| 75 | | lzo-devel |
| 76 | | pam-devel |
| 77 | | |
| 78 | | See the openvpn.spec file for additional notes on building an RPM package for Red Hat Linux 9 or building with reduced dependencies. |
| 79 | | Linux Notes (without RPM) |
| 80 | | |
| 81 | | If you are using Debian, Gentoo, or a non-RPM-based Linux distribution, use your distro-specific packaging mechanism such as apt-get on Debian or emerge on Gentoo. |
| | 45 | |
| | 46 | == Linux Notes == |
| | 47 | |
| | 48 | If you are using Linux, it's usually best to use your distribution's own mechanism (yum, apt-get, zypper, emerge...) for installing OpenVPN. |
| 88 | | |
| 89 | | ./configure |
| 90 | | make |
| 91 | | make install |
| 92 | | |
| 93 | | Windows Notes |
| 94 | | |
| 95 | | OpenVPN for Windows can be installed from the self-installing exe file on the OpenVPN download page. Remember that OpenVPN will only run on Windows XP or later. Also note that OpenVPN must be installed and run by a user who has administrative privileges (this restriction is imposed by Windows, not OpenVPN). The restriction can be sidestepped by running OpenVPN in the background as a service, in which case even non-admin users will be able to access the VPN, once it is installed. More discussion on OpenVPN + Windows privilege issues. |
| 96 | | |
| 97 | | Official OpenVPN Windows installers include OpenVPN-GUI, which allows managing OpenVPN connections from a system tray applet. Other GUI applications are also available. |
| 98 | | |
| 99 | | After you've run the Windows installer, OpenVPN is ready for use and will associate itself with files having the .ovpn extension. To run OpenVPN, you can: |
| 100 | | |
| 101 | | Right click on an OpenVPN configuration file (.ovpn) and select Start OpenVPN on this configuration file. Once running, you can use the F4key to exit. |
| 102 | | |
| 103 | | |
| 104 | | Run OpenVPN from a command prompt Window with a command such as: |
| 105 | | |
| 106 | | |
| 107 | | |
| 108 | | openvpn myconfig.ovpn |
| 109 | | |
| 110 | | Once running in a command prompt window, OpenVPN can be stopped by the F4 key. |
| 111 | | Run OpenVPN as a service by putting one or more .ovpn configuration files in \Program Files\OpenVPN\config and starting the OpenVPN Service, which can be controlled from Start Menu -> Control Panel -> Administrative Tools -> Services. |
| 112 | | |
| 113 | | Additional Windows install notes. |
| 114 | | Mac OS X Notes |
| | 55 | {{{ |
| | 56 | ./configure |
| | 57 | make |
| | 58 | make install |
| | 59 | }}} |
| | 60 | |
| | 61 | == Windows Notes == |
| | 62 | |
| | 63 | OpenVPN for Windows can be installed from the self-installing exe file on the [https://community.openvpn.net/downloads.html OpenVPN download page]. Remember that OpenVPN will only run on Windows XP or later. Also note that OpenVPN must be installed and run by a user who has administrative privileges (this restriction is imposed by Windows, not OpenVPN). The restriction can be sidestepped by running OpenVPN in the background as a service, in which case even non-admin users will be able to access the VPN, once it is installed. More discussion on OpenVPN + Windows privilege issues [http://openvpn.se/files/howto/openvpn-howto_run_openvpn_as_nonadmin.html here]. |
| | 64 | |
| | 65 | Official OpenVPN Windows installers include [wiki:OpenVPN-GUI OpenVPN-GUI], which allows managing OpenVPN connections from a system tray applet. Other GUI applications are also available. |
| | 66 | |
| | 67 | After you've run the Windows installer, OpenVPN is ready for use and will associate itself with files having the '''.ovpn''' extension. To run OpenVPN, you can: |
| | 68 | |
| | 69 | * Right click on an OpenVPN configuration file (.ovpn) and select '''Start OpenVPN on this configuration file'''. Once running, you can use the '''F4''' key to exit. |
| | 70 | * Run OpenVPN from a command prompt Window with a command such as "'''openvpn myconfig.ovpn'''". Once running in a command prompt window, OpenVPN can be stopped by the F4 key. |
| | 71 | * Run OpenVPN as a service by putting one or more .ovpn configuration files in '''\Program Files\OpenVPN\config''' and starting the OpenVPN Service, which can be controlled from Start Menu -> Control Panel -> Administrative Tools -> Services. |
| | 72 | |
| | 73 | [https://github.com/OpenVPN/openvpn/blob/master/INSTALL-win32.txt Additional Windows install notes]. |
| | 74 | |
| | 75 | == Mac OS X Notes == |
