OpenVPN client setup - sovereign/sovereign GitHub Wiki

After you've enabled the vpn role, here is how you use it. The Ansible script has generated three VPN client profiles on the server: phone, laptop and tablet.

OS X

  1. Download and install Viscosity
  2. Copy the file /etc/openvpn/laptop/DOMAIN.ovpn from the server.
  3. From the Viscosity menu bar helper, choose Preferences. Click the + sign and import from File. Browse to the .ovpn file you downloaded. The profile should be imported automatically. Then connect to laptop to start the VPN.

Debian and Ubuntu

  1. Install the network-manager-openvpn package.
  • You'll probably also need the network-manager-openvpn-gnome package, or whichever package is appropriate for you desktop environment.
  1. Copy the directory /etc/openvpn/laptop from the server.
  2. Choose to configure VPN from the network manager and add a new OpenVPN connection.
  3. Set the following options on the VPN tab:
    • Gateway: YOUR DOMAIN
    • Set the user certificate, CA certificate, and key to the corresponding files you downloaded
  4. Press the Advanced button and set the following option on the General tab.
    • Check Use LZO data compression
  5. Staying in advanced configuration, set the following options on the Security tab.
    • Cipher: AES-256-CFB (jessie server: AES-256-CBC)
    • HMAC Authentication: SHA-256 (jessie server: SHA-512)
  6. Staying in the advanced configuration, set the following options on the TLS Authentication tab.
    • Check Use additional TLS authentication
    • Set the key file to the ta.key file you downloaded from the server
    • Set key direction to 1
  7. Ok the dialogs and verify you can connect.

Once you know it works, I recommend you export your configuration to back it up. You may also want to configure your network connection to automatically connect to your VPN using the profile you just set up. This can be done by editing the network connection, e.g., your wireless connection, and reviewing the General tab.

Android

  1. Install OpenVPN Connect from the Google Play Store.
  2. Copy /etc/openvpn/phone/DOMAIN.ovpn from the server to your phone. (ownCloud is a nice way to do this.)
  3. Launch OpenVPN Connect and configure it to use DOMAIN.ovpn.