Vpn connection to linux

Connecting to Access Server with Linux

Client software choice

Connecting to OpenVPN Access Server from Linux requires a client program. It will capture the traffic you wish to send through the OpenVPN tunnel, encrypting it and passing it to the OpenVPN server. And of course, the reverse, to decrypt the return traffic.

Linux Packages Discussed

OpenVPN Access Server	openvpn-as
OpenVPN 3 Linux Client	openvpn3
OpenVPN open source	openvpn

OpenVPN 3 Linux Client

The OpenVPN 3 Linux project is a new client built on top of the OpenVPN 3 Core Library. This client is the official OpenVPN Linux Client program. You can find an overview of the features, frequently asked questions, and instructions on installing the openvpn3 package on our OpenVPN 3 for Linux site.

After following the instructions there to install the client, you’ll need a connection profile. This is a file generated by your OpenVPN Access Server installation for your specific user account. It contains the required certificates and connection settings. Go to the Client web interface of your Access Server (the main address, not the /admin portion). Log in with your user credentials. You will be shown a list of files available to download. Pick the user-locked profile or the auto-login profile, and you will be sent a client.ovpn file. Save this file to your Linux operating system.

Once you’ve moved the file to your Linux system, you can import it.

You can start a new VPN session:

You can manage a running VPN session:

And so on. More details can be found here: OpenVPN3Linux.

OpenVPN open source OpenVPN CLI program

The open source project client program can also connect to the Access Server. The package is available in most distributions and is known simply as openvpn. It supports the option to connect to multiple OpenVPN servers simultaneously, and it comes with a service component that can automatically and silently start any auto-login profiles it finds in the /etc/openvpn folder, even before a user has logged in. This service component can be set to automatically start at boot time with the tools available in your Linux distribution if supported. On Ubuntu and Debian, when you install the openvpn package, it is automatically configured to start at boot time.

To install the OpenVPN client on Linux, it is possible in many cases to just use the version that is in the software repository for the Linux distribution itself. If you run into any connectivity problems when using outdated software, it may be due to a possible lack of support for higher TLS versions in older versions of OpenVPN. Follow the instructions found on the open source openvpn community wiki if you wish to install the OpenVPN client on your Linux system.

After installing, you will need a connection profile. This is a file generated by your OpenVPN Access Server installation for your specific user account. It contains the required certificates and connection settings. Go to the Client web interface of your Access Server (the main address, not the /admin portion). Log in with your user credentials. You will be shown a list of files available to you for download. Pick the user-locked profile or the auto-login profile, and you will be sent a client.ovpn file. Save this file to your Linux operating system somewhere. OpenVPN Access Server supports server-locked, user-locked, and auto-login profiles, but the OpenVPN command line client is only able to connect with user-locked or auto-login connection profiles.

We are assuming you are going to start the connection through either the command line as a root user, or via the service daemon. If you want unprivileged users to be able to make a connection, take a look at the community wiki for more information on how to implement that. Here we are going to focus on the simplest implementation; run the connection as root user directly, or via the service daemon.

Start a connection with an auto-login profile manually:

Start a connection with a user-locked profile manually:

If you use Google Authenticator or another extra factor authentication, add the auth-retry parameter:

To start an auto-login connection via the service daemon, place client.ovpn in /etc/openvpn/ and rename the file. It must end with .conf as file extension. Ensure the service daemon is enabled to run after a reboot, and then simply reboot the system. The auto-login type profile will be picked up automatically and the connection will start itself. You can verify this by checking the output of the ifconfig command; you should see a tun0 network adapter in the list.

One major feature that is missing with the command line client is the ability to automatically implement DNS servers that are pushed by the VPN server. It is possible, but it requires you to install a DNS management program such as resolvconf or openresolv, and it may or may not clash with existing network management software in your OS. The idea here, however, is that you use a script that runs when the connection goes up, and when it goes down, that uses resolvconf or openresolv to implement the DNS servers for you. The reason why this client is not able to manage it completely by itself is mainly because in an operating system like Windows, Macintosh, Android, or iOS, there is already an established single method of handling DNS management. It is therefore easy for us to create a software client for those operating systems that already knows how to handle DNS. But Linux is available in so many variations and also supports different programs and methods of implementing DNS servers, and so it was only reasonable to leave built-in DNS support out of the OpenVPN program and instead to provide, where possible, a script that handles DNS implementation. Such a script could even be written by yourself to do whatever tasks are necessary to implement the DNS servers in your unique situation.

Fortunately on Ubuntu and Debian, for example, there is the /etc/openvpn/update-resolv-conf script that comes with the openvpn package that handles DNS implementation for these operating systems. You need only to activate the use of these by following the instructions:

Open your client.ovpn file in a text editor:

At the very bottom simply add these lines:

The first line enables the use of external scripts to handle the DNS implementation tasks. The up and down lines are there to implement DNS servers pushed by the VPN server when the connection goes up, and afterwards to undo it, when the connection goes down.

Ubuntu network management program

There is also the option of connecting through the GUI using the openvpn extension for the Gnome network manager plugin. But this is currently a bit tricky to set up. There is for example the incorrect assumption that all VPNs will be able to redirect Internet traffic, and older versions might not understand the .ovpn file format, requiring you to split up the certificate embedded in it into separate file. And you would likely have to dig into the options to ensure that a default Internet traffic route going through the VPN server is not always enabled by default, especially for servers where you only give access to some internal resources, and not the entire Internet. However the advantage of using the GUI component is that you can start/stop the connection from the desktop environment on Linux.

Источник

How to manually configure OpenVPN for ProtonVPN in Linux

ProtonVPN offers both an official Linux app with graphical user interface and an official Linux CLI . We strongly recommend using one of these tools in Linux.

It is also possible to manually configure OpenVPN for ProtonVPN in Linux. In this article, we explain how.

You can set-up a VPN for Linux by using the openvpn package using the appropriate config files for ProtonVPN servers. The example manual Linux VPN setup guide below shows how to configure a connection on Ubuntu 16.04LTS.

Note: To address frequent DNS leaks on Linux, we’ve updated this guide with new Linux specific config files and new instructions to connect via CLI (see option B below)

We strongly recommend downloading the official ProtonVPN Linux app, which offers advanced features and makes it easy to connect on Linux machines.

How to manually setup OpenVPN for Linux

1. Install the necessary packages:

Install the OpenVPN package by opening a terminal (press Ctrl + Alt + T) and entering:

sudo apt-get install openvpn

Note: if you do not have administrator privileges on your machine, please contact your system administrator and ask them to perform the installation for you.

Install the network-manager-openvpn-gnome package, for easier use and compatibility with the Ubuntu Network Manager GUI, by entering:

sudo apt-get install network-manager-openvpn-gnome

And pressing Y and then Enter to confirm the installation.

Also, ensure that the resolvconf is installed:

sudo apt install resolvconf

2. Get the ProtonVPN config files:

• Download the desired configuration files.
• Log into your ProtonVPN dashboard at account.protonvpn.com. If you don’t yet have an account, sign up for a Free plan for Linux.
• Select Downloads on in the left navigation bar.
• Find the OpenVPN configuration files section and chose:

Platform: Linux, Protocol: UDP (recommended. TCP uses port 443. Use it if you experience slow VPN speeds or your VPN connection is dropped)

• Click the download icons for the server you wish to download.
• If you selected “Download All configurations”, extract the zip file to your desired location.

3. Find your OpenVPN credentials

For increased security, ProtonVPN is set-up with two separate credentials to authenticate a connection.

Log in to the ProtonVPN dashboard and click on Account tab. Here you will see your two type of credentials.

The credentials ProtonVPN Login are used in our apps. OpenVPN / IKEv2 Username is used on manual connections. So please configure the OpenVPN credentials to your preference as you will need to use them to establish a Linux VPN connection. Note: to use our NetShield DNS filtering feature, append the suffix +f1 to your username to block malware, or +f2 to block malware, ads, and trackers (for example 123456789+f2).

How to use ProtonVPN with manual setup

Using NetworkManager

Attention: At this point, there is a known issue with DNS Leaks on distributions up to Ubuntu 16.04LTS (and its dependencies and parents). If you find that you too are affected by DNS leaks, we recommend you to use Option B below.

1. Add a new connection

Click on your connection symbol, in the system menu on the top right and select Edit connections…

Click Add to create a new connection. Select Import a saved VPN configuration… in the drop-down menu and click Create…

Import the config file of the server you want to connect to, by navigating to the location where you downloaded the configuration file or extracted the ProtonVPN_config.zip and selecting the desired file.

The files are named with a two-letter abbreviation of the destination country and a number to show which server in that country. For example: de-01 is the first server in Germany; ca-04 is the fourth server in Canada. You can check the ProtonVPN servers page and find the abbreviations there. Files with two country abbreviations are secure core servers, for example: is-us-01 is the secure core connection over Iceland to the USA. Learn more about our Secure Core feature.

Enter the OpenVPN credentials from step 3 in the User Name‘ and Password fields of the new window and click Save.

For Ubuntu 14.04 LTS: there is an issue specific to 14.04 where importing the configuration that does not read all settings automatically. If you are experiencing issues with the auto-import feature with the network manager, please drop us a line at this link for further instructions.

2. Establish the Linux VPN connection

Click on the Networks icon in your task bar. Select VPN Connections, click the entry of your newly added config, and it will automatically connect to your chosen ProtonVPN server.

You will see a popup confirming the VPN connection has been established and a lock next to your Network icon. Congratulations, you’ve just successfully connected to ProtonVPN!

3 Add more connections (optional)

To add another connection (no limit), ,simply repeat step 1 with a different configuration file.

Using Terminal

Note: if you do not have administrator privileges on your machine, please contact your system administrator and ask them to perform the connection for you

Please ensure that the resolv-conf script is properly downloaded on your device by using the following commands:

sudo chmod +x «/etc/openvpn/update-resolv-conf»

Open a terminal (press Ctrl+Alt+T) and navigate to the folder where you unzipped the config files using cd

. In our example, they are located in

/Downloads so we enter:

If you find it hard to navigate using CD command line, you can open the folder that the file is located in using any file manager and right click → Open in terminal

Enter the following to initialize a new connection:

Where is the config file name of the server you want to connect to, e.g. de-03.protonvpn.com.udp1194.ovpn for Germany #3 server. Enter your PC’s administrator password to execute ( openvpn will modify your network adapters and needs root privileges)

You will then be prompted for your OpenVPN credentials (see above).

You have finished the Linux VPN setup and successfully connected to the ProtonVPN servers once you see Initialization Sequence Completed

Keep this Terminal window open to stay connected to ProtonVPN. If you close it, the VPN connection will disconnect.

Click here to ensure that the connection is successfully established and there are no leaks.

To disconnect your Linux VPN connection, press Ctrl+C and/or close the Terminal window.

Источник