- personalVPN™ OpenVPN Setup for Ubuntu (Pro & Premier Customers)
ubuntu linux openvpn(ssl) setup
CLI Setup Instructions:
see below for Gnome based GUI setup options
- Open Terminal
- Type the following into your terminal based on your desktop environment
- Close Terminal
- Restart your computer to update network services
GNOME 2/3, BUDGIE, CINNAMON: sudo apt-get install network-manager-openvpn-gnome
XFCE, LXDE & other DEs: sudo apt-get install network-manager-openvpn
UBUNTU/FEDORA and other GNOME DESKTOP BASED USERS
- Open Software Center Application
- Click on “installed” from top menu”
- Scroll down to GNOME Control Center and click on it
- Scroll down to addons
- Add the protocols you want to be able to setup
- Once the protocols you selected say installed then close software center
– Login to your account
– Click on Download/Setup -> Zip (linux) -> Zip File
– Extract the zip file and put the PersonalVPN folder in your HOME directory
– Open Settings -> Network -> Click Plus sign on VPN
– Choose OpenVPN
Fill in the required items:
- Connection Name: This is your choice
OpenVPN Server Address Locations
USA OpenVPN SSL VPN Gateways
Canada OpenVPN SSL VPN Gateways
Central/South America OpenVPN SSL VPN Gateways
Europe OpenVPN SSL VPN Gateways
Africa/Middle East OpenVPN SSL VPN Gateways
Asia OpenVPN SSL VPN Gateways
Oceania OpenVPN SSL VPN Gateways
- Type: Certificate (TLS)
- User Certificate: Click on icon and nativate to the personalvpn folder in your home directory and select the “cnxxxx.crt” file
- CA Certificate: Click on icon and nativate to the personalvpn folder in your home directory and select the “ca.crt” file
- Private Key: Click on icon and nativate to the personalvpn folder in your home directory and select the “cnxxxx.key” file
- Click Advanced
- Check the LZO Compression Option
- Clcik on the security sub tab
- Change the Cipher to: AES-128-CBC
- Click on OK
- Click Save
You are now setup and should be able to connect. To connect and disconnect just click on the network manager icon and choose the VPN name to connect to.
Need Help How To Get Log Files
Via Terminal Window
If you run the vpn from the terminal directly, just copy the terminal output and send us the log. If not, then you need to tail a file to get the log.
type tail -f /var/log/syslog
send us the output
Via Log Viewer
Bring up dash and search for “log file” to access the viewer
Now click on daemon.log on the left side, and scroll to the bottom (the log lists the OLDEST entries at the top). Send us the complete log.
Common Issues & Fixes
Setup Firewall Rules
For OpenVPN, IPSEC and PPTP:
a. First you need to tell your kernel that you want to allow IP forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
b. Now setup the firewall rules:
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -t mangle -A FORWARD -i tun0 -o em1 -j MARK –or-mark 0x100
iptables -t nat -A POSTROUTING -m mark –mark 0x100/0x100 -j MASQUERADE
You may need to use the following rules also to ensure traffic flows
iptables -A input_rule -p esp -j ACCEPT
iptables -A input_rule -p udp –dport 500 -j ACCEPT
iptables -A input_rule -p udp –dport 4500 -j ACCEPT
1. You will need to edit /etc/sysctl.conf and change the line that says net.ipv4.ip_forward = 0 to net.ipv4.ip_forward = 1
# Port 1723 is used by pptp. For secure operations limit the
# source IP via -s x.x.x.x as well!
iptables -A INPUT -p tcp –dport 1723 -j ACCEPT
# PPTP used not tcp or udp, but gre (protocol number 47).
# Let it in as well.
iptables -A INPUT -p 47 -j ACCEPT
I need to use TLS connections with Linux?
click on the applet -> Hover over the vpn connections option -> Choose configure vpn -> and then import one of the TLS configurations ‘us – Washington DC TLS Server’ for example
click on advanced -> TLS
click on the key and browse to the same folder and double click the ta.key file
set the direction to 1
Your screen should look like this
I am connecting via Linux SSL but cannot browse the internet?
If you are connecting to the VPN fine, but you cannot pass any traffic this is usually related to a local config import error.
The most common type of import error is the LZO compression does not get set properly.
This is easy to change:
Click on the applet -> Hover over the vpn connections option -> Choose configure vpn
Now click on the vpn connection you want to modify -> Click edit
Click on advanced
Now click on the “use LZO data compression” (should look like the screen shot)
Click OK -> Apply and you should now be able to reconnect and it will work. If you still have issues please send us the log files.
How do I set the DNS on Linux?
Setting the DNS on most version of linux involves using the terminal (command line) and editing the /etc/resolv.conf file. Their may be a GUI option for your specific OS, please see the forums for your OS of choice for more details.
Type: sudo gedit /etc/resolv.conf
this will call the gnome editor. You can replace “gedit” with the editor of choice.
With gEdit open make an entry for each nameserver in the format below:
Please CLICK HERE for DNS Options to Input
Save the file
Restart the computer
a. Right click on the network manager icon
b. Choose edit connections
a. Click on the wired or wireless (depending on what you are using)
b. Highlight your connection and choose “edit”
a. Now click on the IPv4 tab
b. Change the dropdown to DHCP ADDRESS ONLY
c. Now in the DNS Servers section add your DNS addresses seperated by a comma
Please CLICK HERE for DNS Options to Input
1. Click apply
2. Click Close
3. Restart the computer to apply the settings
I cannot connect at all.
If the VPN is set up and/or installed correctly, you should see “Connection is not reachable.” or similar message in the connection log.
In general, because you have multiple VPN types at your disposal, you should try them from the Advanced Connect menu in your WiTopia VPN software or, if you set up your built-in software manually, your device’s built-in client. See Setting Up and Using your VPN for instructions.
If that doesn’t fix it, the most common causes are:
- Your personal firewall or security software is blocking the VPN.If you’re not exactly sure how to adjust this, contact the manufacturer or check out our Conflicting Software Guide. No luck? Contact Support and we will help.
- Your router or hardware firewall is blocking the VPN.Many consumer routers have a “VPN pass-through” option, which may need to be enabled, or you may have to manually open certain ports on your router or firewall.
- The VPN may be blocked at your location.Try different VPN Types from the Advanced Connect menu in the WiTopia VPN client. They may find a way through.
If still blocked, or performance is slowwwww, Contact Support for assistance in setting up a Custom Gateway. Usually, there is an easy solution.
I connect, but it seems slow. How do I speed it up?
Although the VPN can actually smooth out certain connection issues and increase upload speed, a bit of general speed loss is normal due to distance, occasional Internet congestion between you and us, and the fact your data is being encrypted. Still, if the VPN seems abnormally slow, please consult our VPN Speed Guide.
I connect, but can’t reach a SPECIFIC site.
- Try different VPN Types from the Advanced Connect menu in the WiTopia VPN client. It’s possible the one you’re using is being blocked.
- Try changing your DNS settings as your ISP or DNS provider may be filtering.
If you still can’t reach the website or service you need, or performance is slow, Contact Support for assistance in setting up a Custom Gateway. Usually, there is an easy solution.
Are online Speed Tests accurate with the VPN?
Yes and no. The encryption and stealthing of our servers can certainly play havoc with speed tests. The best test of how well the VPN is working is to browse a bit with it, or use it for whatever reason you purchased it. Even if a speed test gives you a bad result, you may find it’s actually quite speedy in practice.
If you still wish to try, be sure to select the city closest to the VPN server you are connected to before running the speed test or the results will be horribly skewed. On Speedtest.net, this may involve you dragging the map so you can choose the actual city you’re connected through. This will still attempt to measure the speed to your computer from that city.
How do I know it’s working?
The client should show you that you are connected as well as the IP address of your new virtual location. If you want to double check, you can go to any third party IP tester, such as http://www.ip2location.com/.
What WON’T work over the VPN?
Any type of service that requires a ‘listening’ socket at the remote end will not work. For example:
- ftp in non-passive mode
- remote access to your computer (via ssh, telnet, …)
- any web services you offer from your computer
- p2p clients which benefit from incoming connection availability
Have more questions? Let us know how we can help you.