OpenVPN Setup (Updated 11/02/2006)

I had two machines that I needed to install OpenVPN on yesterday, so I figured I would post the steps required to get them up and running. The servers where both running Ubuntu 6.06.

Here are the quick and dirty steps:
sudo apt-get install openvpn openssl

cd /usr/share/doc/openvpn/examples
sudo cp -R easy-rsa/ /etc/openvpn

cd /etc/openvpn/easy-rsa
sudo . ./vars
sudo ./clean-all
sudo ./build-ca
Answer the questions to create the key

Now we need to create the server key:
sudo ./build-key-server server
Again answer the questions to customize the key. You can use the defaults if you want and just enter the server name when asked. The name is required, if you do not enter a name the key will be a zero length and will not work. The error message if not all that straight forward, it only says the server failed to start.

Now we need to create the client keys:
sudo ./build-key 'name of key'
Again answer the questions to customize the key. You can use the defaults if you want and just enter the computer name when asked. I like to use the name of the computer the key is for, because it makes it easier to keep track of the keys if you need to remove one. The name is required, if you do not enter a name the key will be a zero length and will not work. The error message if not all that straight forward, it only says the server failed to start.

Now we create the Diffie-Hellman parameters:
sudo ./build-dh

When we pass the keys to the clients we need to distribute the following keys to each client:
ca.crt goes to the client and the server.
ca.key goes to the key signing machine only, which we set this on to be.
dh{n}.pem goes to the server only.
server.crt goes to the server only.
server.key goes to the server only.
.crt goes to the client only.
.key goes to the client only.

The last thing to do on the server is create the configuration file: (view sample)
sudo vi /etc/openvpn/server.conf

Restart the service and the server is done.
sudo /etc/init.d/openvpn restart

Next we have to create the configuration file for the client: (view sample)
This file needs to be saved in the same directory as the keys. On windows the configuration file should be saved with a .ovpn extension. Just double-click this file to establish the connection. Establish the connection on *nix or Windows run openvpn [client config file]. With a little luck you should be connected now.

VMware Server Setup

After another night of getting called do to server failure, I have decided make some changes to the servers at work. Currently we have two Windows 2000 servers that are running most of the company. The basic problem is that one program, Track-It!, started to generate error and took down the server it was running on. It is installed on the Primary Domain controller, yes I know that is a bad idea, which in turn took the Backup Domain controller down. So when you only have two servers, that is the whole show. This is the problem with only having two servers, they both wear too many hats.

The end result of all of this is that we were going to upgrade to Windows 2003 EE R2 during the July shutdown. This version allows you to run up to four virtual servers on one server. So now we are testing using VMware Server on ubuntu, with all the Windows servers running as virtual machines on top. If this works out good, we will look at maybe moving to VMware ESX next year, because it just is not in the budget for this year. I still have to workout how the backups are going to run. Right now I am looking at the Amanda Enterprise Edition backup software. This will also have to be tested before we put everything in place. I have been using ubuntu on my home server, which does get almost as much use as some of the servers at work, without ever having a crash.

Hardware:
Dell Poweredge 4400
Dual Processer 2.2 GHz
5 GB of memory

Server 1 will be running 4 Windows 2003 EE servers.
Server 2 will be running 1 Windows 2003 EE server, 1 Netware 3.12 server and 2 Windows XP desktops.

Server Setup:
Install ubuntu server on the hardware.
Edit the source list for apt to enable all the software repositories.

Install the other needed packages:
sudo apt-get update
sudo apt-get install linux-686 linux-headers-686 linux-image-686
sudo apt-get install build-essential gcc g++ make fakeroot xinetd libdb2
sudo apt-get samba openvpn x-window-system-core
sudo apt-get dist-upgrade

Download the vmware-server.tar.gz and copy to the /tmp directory
Extract it tar -zxf vmware-server.tar.gz
Move to the vmware-server-distrib directory and run ./vmware-install.pl

This is all for getting the base server going.