OpenVPN, or Open Virtual Private Network, is a tool for creating networking "tunnels" between and among groups of computers that are not on the same local network. This is useful if you have services on a local network and need to access them remotely but don't want these services to be publicly accessible. By integrating with OpenSSL, OpenVPN can encrypt all VPN traffic to provide a secure connection between machines.
The OpenLDAP backend of iRedmail allows you to integrate all kinds of applications and to realize centralized account management. This tutorial shows you how to integrate OpenVPN into the iredmail ldap backend on Debian 6.0; passwords will be stored in ldap and you can change passwords through webmail.
This tutorial is based on Debian 6.0, so I suggest you set up a minimal Debian 6.0 system with SSH; make sure you install all updates. Install iredmail 0.7.0 and choose openldap as backend, as shown in this tutorial:
1 Install OpenVPN
Install OpenVPN and ldap support: apt-get install openvpn openvpn-auth-ldap
Install dnsmasq: To forward DNS traffic through the VPN you will need to install the dnsmasq package:
apt-get install dnsmasq
2 easy-rsa
The OpenVPN package provides a set of encryption-related tools called "easy-rsa". These scripts are located by default in the /usr/share/doc/openvpn/examples/easy-rsa/ directory. However, in order to function properly, these scripts should be located in the /etc/openvpn directory. cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn
Configure Public Key Infrastructure Variables
Before we can generate the public key infrastructure for OpenVPN we must configure a few variables that the easy-rsa scripts will use to generate the scripts. These variables are set near the end of the /etc/openvpn/easy-rsa/2.0/vars file. Here is an example of the relevant values:Edit /etc/openvpn/easy-rsa/2.0/vars according to your environment.
[...] export KEY_COUNTRY="CN" export KEY_PROVINCE="BJ" export KEY_CITY="BeiJing" export KEY_ORG="iRedMail" export KEY_EMAIL="www@example.com" |
Initialize the Public Key Infrastructure (PKI)
Issue the following commands in sequence to internalize the certificate authority and the public key infrastructure: cd /etc/openvpn/easy-rsa/2.0/
chmod +rwx *
source ./vars
./clean-all
./pkitool --initca
chmod +rwx *
source ./vars
./clean-all
./pkitool --initca
Generate Certificates
With the certificate authority generated you can generate the private key for the server. This script will also prompt you for additional information. By default, the Common Name for this key will be "server". You can change these values in cases where it makes sense to use alternate values. To accomplish this, issue the following command: ./pkitool --server server
Generate Diffie Hellman Parameters Link
The "Diffie Hellman Parameters" govern the method of key exchange and authentication used by the OpenVPN server. Issue the following command to generate these parameters: ./build-dh
Relocate Secure Keys
The keys and certificates for the server need to be relocated to the /etc/openvpn directory so the OpenVPN server process can access them. These files are:- ca.crt
- ca.key
- dh1024.pem
- server.crt
- server.key
cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/
These files don't need to leave your server. Maintaining integrity and control over these files is of the utmost importance to the integrity of your server. If you ever need to move or back up these keys, ensure that they're encrypted and secured. 3 Configure OpenVPN Support For LDAP Auth
Find cn=vmail password
The vmail password was randomly created during the iredmail installation. You can find the password in /etc/postfix/ldap_virtual_mailbox_domains.cf: cat /etc/postfix/ldap/virtual_mailbox_domains.cf
[...]
bind_dn = cn=vmail,dc=example,dc=com
bind_pw = 4LFqZFiT6yx8oP7R2BctvUSLpYWRdJ #cn=vmail password
[...] |
Configure OpenVPN auth OpenLDAP
Issue the following two commands in sequence to create the /etc/openvpn/auth folder and copy the example files of OpenVPN auth LDAP to the /etc/openvpn/auth directory. mkdir /etc/openvpn/auth
cp /usr/share/doc/openvpn-auth-ldap/examples/auth-ldap.conf /etc/openvpn/auth
Now edit /etc/openvpn/auth/auth-ldap.conf.cp /usr/share/doc/openvpn-auth-ldap/examples/auth-ldap.conf /etc/openvpn/auth
# LDAP server URL URL ldap://127.0.0.1 # Bind DN (If your LDAP server doesn't support anonymous binds) BindDN cn=vmail,dc=example,dc=com # Bind Password cn=vmail password Password 4LFqZFiT6yx8oP7R2BctvUSLpYWRdJ # Network timeout (in seconds) Timeout 15 # Base DN BaseDN "o=domains,dc=example,dc=com" # User Search Filter SearchFilter "(&(objectClass=mailUser)(accountStatus=active)(enabledService=vpn))" # Require Group Membership RequireGroup false
4 Configuring OpenVPN
We'll now need to configure our server file. There is an example file in the /usr/share/doc/openvpn/examples/sample-config-files directory. Issue the following sequence of commands to retrieve the example configuration files and move them to the required directories: cd /usr/share/doc/openvpn/examples/sample-config-files
gunzip -d server.conf.gz
cp server.conf /etc/openvpn/
Now edit /etc/openvpn/server.conf: gunzip -d server.conf.gz
cp server.conf /etc/openvpn/
[...] ;push "redirect-gateway def1 bypass-dhcp" push "redirect-gateway def1" [...] ;push "dhcp-option DNS 208.67.222.222" ;push "dhcp-option DNS 208.67.220.220" push "dhcp-option DNS 10.8.0.1" [...] ##Add it at the bottom line plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth/auth-ldap.conf client-cert-not-required |
5 Enable VPN Service For Mail User
Use phpLDAPadmin or other tools to add LDAP values for existing mail users.Log into phpLDAPadmin:
Find the existing mail user www@example.com:
Enable the VPN service for the user www@example.com:
6 Enable IP Forwarding And Configure iptables
[...] #net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1 [...] |
echo 1 > /proc/sys/net/ipv4/ip_forward
Edit /etc/default/iptables and add the below. Let iptables open port 1194. [...] #openvpn -A INPUT -p udp -m multiport --dport 1194 -j ACCEPT [...] |
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Before continuing, insert these iptables rules into your system's /etc/rc.local file to ensure that theses iptables rules will be recreated following your next reboot cycle:iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
#!/bin/sh # # [...] # iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -j REJECT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE exit 0 |
7 Restart Related Services
We need to restart all related services to make the configuration work. /etc/init.d/slapd restart
/etc/init.d/openvpn restart
/etc/init.d/iptables restart
/etc/init.d/openvpn restart
/etc/init.d/iptables restart
8 Client Settings
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/2.0/keys/client.ovpn
cd /etc/openvpn/easy-rsa/2.0/keys
Edit the client.ovpn file to modify the following line:cd /etc/openvpn/easy-rsa/2.0/keys
[...]
# Add the vpn server
remote mail.example.com 1194
[...]
#Comment out the below two line
#cert client.crt
#key client.key
[...]
#Add thes line at the botton
auth-user-pass |
apt-get install mutt zip
cd /etc/openvpn/easy-rsa/2.0/keys
zip config.zip client.ovpn ca.crt
mutt -s "OpenVPN client config files" www@example.com -a /etc/openvpn/easy-rsa/2.0/keys/config.zip < /usr/share/doc/openvpn/README
cd /etc/openvpn/easy-rsa/2.0/keys
zip config.zip client.ovpn ca.crt
mutt -s "OpenVPN client config files" www@example.com -a /etc/openvpn/easy-rsa/2.0/keys/config.zip < /usr/share/doc/openvpn/README
Installing OpenVPN GUI On Windows XP / Vista / Windows 7
Download the client software here: http://openvpn.net/index.php/open-source/downloads.html. After installation, put the client.ovpn and ca.crt files to C:\Program Files\OpenVPN\config.IMPORTANT NOTE FOR VISTA and Windows 7 USERS:
Note that on Windows Vista and Windows 7, you will need to run the OpenVPN GUI with administrator privileges, so that it can add routes to the routing table that are pulled from the OpenVPN server. You can do this by right-clicking on the OpenVPN GUI desktop icon, and selecting "Run as administrator".
Now you can use the account www@example.com to connect to the vpn.
Now you can access the Internet through VPN; you can check on http://www.whatismyip.com if the IP address is the server IP address.
9 Troubleshooting
Before you troubleshoot, you can try to restart the server and check whether it works then.To enable ldap logging, edit /etc/ldap/slapd.conf:
[...]
loglevel 256 # <-- change form 0 to 256
[...] |
Separate OpenVPN Log
By default, log messages will go to the syslog. We use "log" to override this by changing/etc/openvpn/server.conf.Issue the following command to create log files and set the right permissions:
touch /var/log/openvpn.log
chown nobody.nogroup /var/log/openvpn.log
Edit /etc/openvpn/server.conf: chown nobody.nogroup /var/log/openvpn.log
[...] user nobody group nogroup [...] log /var/log/openvpn.log |
Restart the related services.
/etc/init.d/slapd restart
/etc/init.d/openvpn restart
Monitor the log:/etc/init.d/openvpn restart
# tail -0f /var/log/openldap.log
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1000 fd=15 ACCEPT from IP=127.0.0.1:42020 (IP=0.0.0.0:389)
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1000 op=0 BIND dn="cn=vmail,dc=example,dc=com" method=128
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1000 op=0 BIND dn="cn=vmail,dc=example,dc=com" mech=SIMPLE ssf=0
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1000 op=0 RESULT tag=97 err=0 text=
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1000 op=1 SRCH base="o=domains,dc=example,dc=com" scope=2 deref=0
filter="(&(objectClass=mailUser)(accountStatus=active)(enabledService=vpn))"
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1001 fd=19 ACCEPT from IP=127.0.0.1:42021 (IP=0.0.0.0:389)
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1001 op=0 BIND dn="cn=vmail,dc=example,dc=com" method=128
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1001 op=0 BIND dn="cn=vmail,dc=example,dc=com" mech=SIMPLE ssf=0
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1001 op=0 RESULT tag=97 err=0 text=
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1001 op=1 BIND anonymous mech=implicit ssf=0
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1001 op=1
BIND dn="mail=www@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com" method=128
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1001 op=1
BIND dn="mail=www@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com" mech=SIMPLE ssf=0
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1001 op=1 RESULT tag=97 err=0 text=
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1001 op=2 UNBIND
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1000 op=2 UNBIND
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1001 fd=19 closed
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1000 fd=15 closed
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1002 fd=15 ACCEPT from IP=127.0.0.1:42022 (IP=0.0.0.0:389)
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1002 op=0 BIND dn="cn=vmail,dc=example,dc=com" method=128
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1002 op=0 BIND dn="cn=vmail,dc=example,dc=com" mech=SIMPLE ssf=0
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1002 op=0 RESULT tag=97 err=0 text=
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1002 op=1
SRCH base="o=domains,dc=example,dc=com" scope=2 deref=0 filter="(&(objectClass=mailUser)(accountStatus=active)(enabledService=vpn))"
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1002 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1002 op=2 UNBIND
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1002 fd=15 closed
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1000 op=0 BIND dn="cn=vmail,dc=example,dc=com" method=128
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1000 op=0 BIND dn="cn=vmail,dc=example,dc=com" mech=SIMPLE ssf=0
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1000 op=0 RESULT tag=97 err=0 text=
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1000 op=1 SRCH base="o=domains,dc=example,dc=com" scope=2 deref=0
filter="(&(objectClass=mailUser)(accountStatus=active)(enabledService=vpn))"
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1001 fd=19 ACCEPT from IP=127.0.0.1:42021 (IP=0.0.0.0:389)
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1001 op=0 BIND dn="cn=vmail,dc=example,dc=com" method=128
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1001 op=0 BIND dn="cn=vmail,dc=example,dc=com" mech=SIMPLE ssf=0
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1001 op=0 RESULT tag=97 err=0 text=
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1001 op=1 BIND anonymous mech=implicit ssf=0
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1001 op=1
BIND dn="mail=www@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com" method=128
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1001 op=1
BIND dn="mail=www@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com" mech=SIMPLE ssf=0
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1001 op=1 RESULT tag=97 err=0 text=
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1001 op=2 UNBIND
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1000 op=2 UNBIND
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1001 fd=19 closed
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1000 fd=15 closed
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1002 fd=15 ACCEPT from IP=127.0.0.1:42022 (IP=0.0.0.0:389)
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1002 op=0 BIND dn="cn=vmail,dc=example,dc=com" method=128
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1002 op=0 BIND dn="cn=vmail,dc=example,dc=com" mech=SIMPLE ssf=0
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1002 op=0 RESULT tag=97 err=0 text=
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1002 op=1
SRCH base="o=domains,dc=example,dc=com" scope=2 deref=0 filter="(&(objectClass=mailUser)(accountStatus=active)(enabledService=vpn))"
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1002 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1002 op=2 UNBIND
Sep 20 06:01:22 li163-121 slapd[3846]: conn=1002 fd=15 closed
# tail -0f /var/log/openvpn.log
Mon Sep 20 06:01:20 2010 MULTI: multi_create_instance called
Mon Sep 20 06:01:20 2010 211.99.216.18:50094 Re-using SSL/TLS context
Mon Sep 20 06:01:20 2010 211.99.216.18:50094 LZO compression initialized
Mon Sep 20 06:01:20 2010 211.99.216.18:50094 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Sep 20 06:01:20 2010 211.99.216.18:50094 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Sep 20 06:01:20 2010 211.99.216.18:50094 Local Options hash (VER=V4): '530fdded'
Mon Sep 20 06:01:20 2010 211.99.216.18:50094 Expected Remote Options hash (VER=V4): '41690919'
Mon Sep 20 06:01:20 2010 211.99.216.18:50094 TLS: Initial packet from [AF_INET]211.99.216.18:50094, sid=216fe588 ae0a6a58
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 TLS: Username/Password authentication succeeded for username 'www@example.com'
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 [] Peer Connection Initiated with [AF_INET]211.99.216.18:50094
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_CLIENT_CONNECT status=0
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 MULTI: Learn: 10.8.0.10 -> 211.99.216.18:50094
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 MULTI: primary virtual IP for 211.99.216.18:50094: 10.8.0.10
Mon Sep 20 06:01:23 2010 211.99.216.18:50094 PUSH: Received control message: 'PUSH_REQUEST'
Mon Sep 20 06:01:23 2010 211.99.216.18:50094 SENT CONTROL [UNDEF]: 'PUSH_REPLY,
redirect-gateway def1,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9' (status=1)
Mon Sep 20 06:01:20 2010 211.99.216.18:50094 Re-using SSL/TLS context
Mon Sep 20 06:01:20 2010 211.99.216.18:50094 LZO compression initialized
Mon Sep 20 06:01:20 2010 211.99.216.18:50094 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Sep 20 06:01:20 2010 211.99.216.18:50094 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Sep 20 06:01:20 2010 211.99.216.18:50094 Local Options hash (VER=V4): '530fdded'
Mon Sep 20 06:01:20 2010 211.99.216.18:50094 Expected Remote Options hash (VER=V4): '41690919'
Mon Sep 20 06:01:20 2010 211.99.216.18:50094 TLS: Initial packet from [AF_INET]211.99.216.18:50094, sid=216fe588 ae0a6a58
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 TLS: Username/Password authentication succeeded for username 'www@example.com'
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 [] Peer Connection Initiated with [AF_INET]211.99.216.18:50094
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_CLIENT_CONNECT status=0
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 MULTI: Learn: 10.8.0.10 -> 211.99.216.18:50094
Mon Sep 20 06:01:22 2010 211.99.216.18:50094 MULTI: primary virtual IP for 211.99.216.18:50094: 10.8.0.10
Mon Sep 20 06:01:23 2010 211.99.216.18:50094 PUSH: Received control message: 'PUSH_REQUEST'
Mon Sep 20 06:01:23 2010 211.99.216.18:50094 SENT CONTROL [UNDEF]: 'PUSH_REPLY,
redirect-gateway def1,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9' (status=1)
10 Links
- Discussion forum: http://www.iredmail.org/forum/
- OpenVPN-auth-ldap Project home page: http://code.google.com/p/openvpn-auth-ldap/
- iRedMail Project home page: http://code.google.com/p/iredmail/
- Secure Communications with OpenVPN on Ubuntu 10.04 (Lucid): http://library.linode.com/networking/vpn-services/openvpn-ubuntu-10.04-lucid
No comments:
Post a Comment