I have an Ubuntu server with a static IP for personal use on which I want to install a VPN server. There are a few [unhelpful] tutorials on installing openvpn on Ubuntu but they all are predicated on a bridged adapter. So my question has two parts:
Is it possible to set up a VPN server without a bridged adapter (i.e., all VPN clients will appear to have the same IP as the server)? Unless there are reasons I'm unaware of to make this a poor choice security-wise, this seems simplest option for me. However, virtually all tutorials pre-suppose you have a bridged adapter working.
It seems like instead of openvpn there is simply a pptp package in the Ubuntu reposities, and it requires only password-authentication. Naturally I'm a little wary of that and a quick browse on wikipedia showed that there are a number of vulnerabilities with PPTP. Does anyone recommend going down this path?
Thanks in advance, please pardon my ignorance on some aspects of this topic.
OpenVPN uses either a bridged adapter (tap0, for instance) or a tunneled adapter (tun0). That's set using "dev tap" or "dev tun" in the server's configuration. It can use shared secret (password) or certificate-based authentication, depending on your preference.
Look at the official OpenVPN documentation:
http://openvpn.net/index.php/open-source/documentation/howto.html#quick
You'll find a discussion on the pluses and minuses of tun and tap configurations. FWIW, I've tended to run OpenVPN on CentOS boxes as tun. You can then use iptables rules to SNAT traffic from tun0, as you seem to be describing.
I'm not sure why Ubuntu talks about the bridged adapter in their wiki docs. It's a puzzlement.
Again, FWIW, here's some CentOS-related docs which use tun:
http://docs.cslabs.clarkson.edu/wiki/Install_OpenVPN_on_CentOS_5
Note that the only thing really CentOS-related is "yum install openvpn". Everything else about setting up certificates, etc., is basically from the official HOWTO.