Tunnelblick Ubuntu



What you need:¶

  • OpenVPN

  • client certificate <username>.crt

  • client private key: <username>.key

  • server certificate: ca.crt

Tunnelblick

OpenVPN is a full-featured, open-source Secure Socket Layer (SSL) VPN solution that accommodates a wide range of configurations. In this tutorial, you will set up an OpenVPN server on an Ubuntu 18.04 server and then configure access to it from Windows. OpenVPN + Tunnelblick XOR Patch. The XOR patch for OpenVPN comes to us courtesy of the Tunnelblick team.They state that “the patch is attractive because it is so easy to implement: simply apply the patch to both the OpenVPN server and the OpenVPN client and add a single, identical option to the configuration files for each.”.

Settings:¶

  • server: vpn.osuosl.org:1194

  • type: Certificate (TLS)

  • protocol: UDP

  • device type: TUN

Network Manager (Linux)¶

Packages:¶

  • Debian/Ubuntu: sudo aptitude install openvpn network-manager-openvpn

Procedure:¶

  • Copy your key, certificate, and server certificate to a secure location ofyour choice such as ~/openvpn/. Set paranoid permissions (-r-x—— orsimilar).

  • Install Network Manager (installed by default in many Linux distributions)

  • Install the Network Manager OpenVPN package

  • Open Network Manager

  • Add a new VPN connection:

    • Connection name: <witty name>

    • Gateway: vpn.osuosl.org

    • Type: Certificates (TLS)

    • User Certificate: <username>.crt

    • CA Certificate: ca.crt

    • Private Key: <username>.key

    • Private Key Password: <password> (if applicable)

    • IPv4 Settings->Routes…->Use this connection only for resources on itsnetwork: (if unchecked, all network traffic is routed through the VPN)

  • Apply

  • Click on the Network Manager status bar icon and select VPNConnections-><witty name>

  • Wait until connection is established

  • Check connection:

    • ifconfig -a: IP address should be in the 10.2.*.* range.

    • ping 10.2.0.1: The router should respond

Trouble shooting¶

Shotgun style - try again, reboot, disable network devices, do the chickendance. If all else fails, try the command line version. If that works, try thisagain, maybe it just didn’t like you the first time.

Ubuntu

OpenVPN command-line client¶

Packages:¶

  • Debian/Ubuntu: sudo aptitude install openvpn

  • Gentoo: sudo emerge openvpn. For detailed instructions, including kernelconfiguration see http://en.gentoo-wiki.com/wiki/OpenVPN.

Procedure:¶

Tunnelblick Ubuntu Latest

  • Copy your key, certificate, and server certificate to a secure location ofyour choice such as /etc/openvpn/. Set paranoid permissions (-r-x—— orsimilar).

  • Create a configuration file in a location of your choice such as/etc/openvpn/openvpn.conf. Here is an example configuration file:

  • Run OpenVPN: openvpn /etc/openvpn/openvpn.conf

  • Check connection:

    • ifconfig -a: IP address should be in the 10.*.*.* range.

    • ping 10.0.0.1: The router should respond

Tunnelblick (OS X)¶

Tunnelblick is a free, open source gui for OpenVPN on OS X that allows for easycontrol of the OpenVPN client.

Troubleshooting¶

The version of OpenVPN we are running is incompatible with OpenVPN client v2.4+ on OS X.If you are running OS X, please use OpenVPN v2.3 to connect to the VPN.

Disabling LZO compression may help on older OpenVPN instances.

In addition, the version of OpenVPN we are running is incompatible with TLSv1.2, so if you are running into issues(such as on Debian 10), please do the following in /etc/ssl/openssl.cnf:

We plan to resolve this issue soon.

Installation¶

Download and install Tunnelblick from the project’s downloads page.

Alternatively install the package using the Homebrew:

Configuration¶

  1. Download this Tunnelblickprofile.

  2. Replace the contents of osuosl.tblk/USER.crt andosuosl.tblk/USER.key with your personal crt and key.

  3. Double click the osuosl.tblk file to install the profile in Tunnelblick.

  4. Connect to the osuosl profile in Tunnelblick.

Note

Tunnelblick Ubuntu Game

You may need to check TunnelallIPv4 under the advanced settings forthe osuosl profile.