Ubuntu OpenVPN GUI Setup
In this demonstration we will be using gnome openvpn network manager to add a vpn connection using Openvpn. If this has not already been installed you will need to install it with:
sudo apt-get install curl network-manager-openvpn-gnome
Before we begin the setup, start by downloading the Root CA file that we need for installation here. Follow the chart and download whichever CA for the port that you want to use. If you are unsure just use port 1198 and download this CA file as this guide will use port 1198 to connect to the VPN servers. Please note that its best to use Chrome or Chromium to download the files as Firefox will attempt to install the certificate (which requires using right-click and 'save as').
|AUTH||CIPHER||CERTIFICATE||UDP PORT||TCP PORT|
|SHA1||BF-CBC||ca.crt||53, 1194, 8080, 9201||80, 110, 443|
|SHA1||AES-128-CBC or AES-128-GCM||ca.rsa.2048.crt||1198||502|
|SHA256||AES-256-CBC or AES-256-CGM||ca.rsa.4096.crt||1197||501|
Step 1: Open Settings.
Step 2: Click Network.
In the list that appears choose Network.
Step 3: Add VPN.
Click the plus icon next to VPN.
Step 4: Select OpenVPN.
Step 5: Identity.
On the Identity tab name do the following:
Name the VPN.
Choose a gateway - choose any of the following servers from our site.
Authentication Type - Change the Authentication Type to Password.
Credententials - Enter Username and password.
Password Settings - Change the person icon in the password field to store password for all users.
Upload the CA - Click None next to CA Certificate and upload the crt file.
Step 6: Advanced Settings.
Click on the advanced settings then check the following:
Step 7: IPv6.
Turn off IPv6 on this tab by clicking the radio button disable.
Step 8: Security.
Set the Cipher to AES-128-CBC and the HMAC Auth to SHA1.
Step 9: Finished.
Click Ok then Add.
Optional: If you want to have the VPN connect automatically. Go to the settings by clicking the gear icon next to the VPN. Then check to connect automatically.
For each server you want to connect to simply repeat the process changing the name and the server address each time.