OpenVPN LiveCD usage instructions

This demonstration CD image is provided as a preview for using OpenVPN connection to provide research network connectivity to a virtual machine. The virtual machine does not have any access to local resources as OpenVPN connection is taken care by host system.

System can be installed either on hard disk, run as a live CD, or run from USB stick (recommend for testing, instructions based on this). System is based on Ubuntu 9.10, virtualisation provided by KVM.

Requirements

System supporting INTEL-VT or AMD-V
USB stick with 2G disk space (some no-name sticks may not work, UNetbootin does not recognize, but e.g. Kingston has been OK)
ISO image from http://www.netlab.tkk.fi/tutkimus/fi-shok/openvpn9.10-live.iso
UNetbootin software for the creation of USB stick image (only needed for USB installation)

Installation

For installation on USB drive, see Ubuntu documentation. Allocate some amount of persistent storage, so changes you do in system (like VPN configuration) are saved.

After installation USB Stick is ready, also copy the ISO-image to USB Stick, you will need it to start virtual machine.

Boot computer, make sure that it boots from USB stick. You can select language and then select "Try Ubuntu without any change to your computer". Wait system to boot up, no password is needed.

Configuring OpenVPN

To run OpenVPN, you will need client configuration and key files. You will get those from your VPN administrator or from e.g. PurpleNET server. You need to copy files to /etc/openvpn directory, note that admin right are needed so use command from terminal.

sudo cp  /etc/openvpn

Then you can start openvpn daemon:

sudo /etc/init.d/openvpn start

and configure bridge interface

sudo /etc/openvpn/vpnbr0.sh

Your OpenVPN connection should be up and running. The host machine does not have address on that interface, so it cannot communicate using it. This is to avoid any unwanted dataflow around firewall.

Setting up Virtual Machine

To set up all required settings, you need to run Virtual Machine Manager as root. In terminal

sudo virt-manager

A Virtual Machine Manager should show up, and have one entry

localhost (System)

Connect to it (right-click and select Connect), then "New" to start configuring virtual machine. Following steps are needed

Give some name for virtual machine, and choise local install media (ISO image)
Browse for ISO image (/cdrom/openvpn9.10-live.iso) and select right os type and version (Linux, Ubuntu 9.10)
Choose Memory and CPU settings. Something like 512 MB is ok, if you have 1 GB or more memory. Also you can define if you want to have more processors.
At next step you can allocate disk for virtual machine, but for this test purpose we do not use it. Note that you should use some other storage (USB disk, or local disk) and not overlay filesystem.
From summary select then Advanced options, and from Networks select "Host device vpnbr0 (bridged)"

Creation of virtual machine starts and then you can start virtual machine. The started system is similar to host system (as it runs from same disk image).

You can also use some other iso image copied on USB stick as a virtual guest operating system, just set it up following same steps.

This work was supported by TEKES as part of the Future Internet program of TIVIT (Finnish Strategic Centre for Science, Technology and Innovation in the field of ICT).