MartinLanner.com

How to Install OpenVPN Access Server on Proxmox VE

June 10, 2009 by Martin

I thought OpenVPN Access Server, or OpenVPN AS, was going to be easy to install on Proxmox VE using an OpenVZ container, but it turned out to be a bit more complicated than I had anticipated. So, I decided to write it all up here for others to benefit from.

CREDITS: I got a lot of assistance from various people on the Proxmox forums, and specifically from one user, Marius.

Prepare the Host Node

There are a few things you will need to do up-front to prepare your “Host Node,” that is, your Proxmox VE host to allow for the TUN network interface that OpenVPN requires. Log in to your Proxmox VE host and open:

nano /etc/vz/vz.conf

Then, scroll down to the section that says “## IPv4 iptables kernel modules” and load a few extra modules for iptables:

IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

You must restart VZ to load the new modules by running:

/etc/init.d/vz restart

(NOTE: This will shut down any running VMs.) Now, you’re ready to install the OS.

Install the OS

First off, at least for the time being, OpenVPN AS needs a 64-bit OS. Currently there are pre-packaged installation files for Ubuntu and Fedora. Installation packages for 32-bit OSes and other distributions are supposedly in the works. Because Proxmox is based on Debian and there are several Debian and Ubuntu OpenVZ templates available already, I chose to use Ubuntu 8.04 LTS 64-bit. That particular template isn’t included in the “Appliance Templates” in Proxmox (at least not in my version), so I had to download it from the Proxmox repositories first. Simply download the “ubuntu-8.0-standard_8.04-1_amd64.tar.gz” template to your Proxmox host. Go to the Proxmox repositories and find the template you want. In my case it was at ftp://download.proxmox.com/appliances/system/ubuntu-8.0-standard_8.04-1_amd64.tar.gz, so:

cd /var/lib/vz/template/cache/
wget ftp://download.proxmox.com/appliances/system/ubuntu-8.0-standard_8.04-1_amd64.tar.gz

Once the template is downloaded, log in to the web interface of your Proxmox VE host.

Creating the OpenVZ container

Hopefully you already know how to create an OpenVZ container in Proxmox. If not, since it’s not really the focus of this how-to, head over to Proxmox Tutorials. Moving on, for my VPN appliance I selected the following settings:

• Template: ubuntu-8.0-standard_8.04-1_amd64
• Disk space (GB): 8
• Memory (MB): 512
• Swap (MB): 512
• Network type: Bridged Ethernet (veth)

IMPORTANT: You must select ‘Bridged Internet (veth).’ ‘Virtual Network (venet)’ will not work.

You should of course also fill out all the other stuff, like hostname, DNS domain, DNS servers, and so on.

Now, simply start the VM.

Configuring and preparing the VM

First things, first. Update your OS! Use the “Open VNC Console” located in the ‘Virtual Machine Configuration’ settings for your VM and run:

apt-get update
apt-get upgrade


You also need to configure the IP settings of the VM. Add the network config settings for your setup, like in the following example:

# Primary network interface
auto eth0
iface eth0 inet static
address 192.168.1.20
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1

Then, restart your networking, like so:

/etc/init.d/networking restart

Install OpenVPN

Obviously, first things first, so you’ll need to download the installation file from OpenVPN. To download it you need to first sign up for an account. Once you’ve signed up, find the URL to the download you want. In my case, using Ubuntu 8.04 LTS 64-bit, the latest available version was OpenVPN AS 1.1.0, so I picked the openvpn-as-1.1.0-Ubuntu8.amd_64.deb file.

That out of the way, last thing to do before you can start configuring your OpenVPN Access Server is to actually install it. This is fast. Log in via SSH or using Proxmox’s VNC Console. Then, do this:

cd /tmp
wget http://path/to/openvpn-as/download/directory/openvpn-as-1.1.0-Ubuntu8.amd_64.deb

It’s a fairly small package, so it should download relatively quickly. Then issue:

dpkg -i openvpn-as-1.1.0-Ubuntu8.amd_64.deb

It should install everything. When the installation completes, to run initial configuration for your newly installed OpenVPN Access Server, issue the following command:

/usr/local/openvpn_as/bin/ovpn-init

Unless you have specific requirements, you can just accept the defaults during the configuration process.

I will not cover configuring OpenVPN for your specific needs here. OpenVPN has a good document outlining how to do that. It’s available to download from their website for people who already have OpenVPN accounts. Obviously, if you’ve already gotten this far, you should have an account.

That’s it. All it took in the end was a few “special” tweaks here and there to make OpenVPN run in an OpenVZ container, and overall it wasn’t that complicated once I figured out what those tweaks were. Of course, it would be more straight forward to install OpenVPN AS on a dedicated server, but that would cost you more. And if you already have spare capacity on a virtual host, why not use that?

I hope you enjoyed this how-to. Comments, corrections, feedback, and ideas below are greatly appreciated.