OpenVPN is a popular open-source software for creating secure virtual private networks (VPNs). It provides a robust and secure way to establish encrypted connections between remote devices and a server. This guide will walk you through the process of installing and configuring OpenVPN on an Ubuntu Server.
Prerequisites
Before you begin, ensure you have:
- An Ubuntu Server (20.04 or later recommended)
- Root or sudo access
- A static IP address
- Basic knowledge of the Linux command line
Step 1: Update Your Server
Start by updating your server’s package list and installing updates:
sudo apt update
sudo apt upgradeStep 2: Install OpenVPN and Easy-RSA
Install OpenVPN and Easy-RSA, a tool for certificate management:
sudo apt install openvpn easy-rsaStep 3: Set Up the Certificate Authority (CA)
Create a directory for the CA and navigate to it:
make-cadir ~/openvpn-ca
cd ~/openvpn-caInitialize the CA variables:
source vars
./clean-all
./build-caYou’ll be prompted for information like country, state, and organization. Fill in the details as required.
Step 4: Generate the Server Certificate and Key
Create the server certificate and key:
./build-key-server serverEnsure you sign the certificate and commit the changes.
Step 5: Generate the Diffie-Hellman Parameters
./build-dhThis process can take some time.
Step 6: Generate a HMAC Key
openvpn --genkey --secret keys/ta.keyStep 7: Configure the OpenVPN Server
Create a new configuration file for the server:
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
sudo gzip -d /etc/openvpn/server.conf.gz
sudo nano /etc/openvpn/server.confEdit the configuration file with the following:
- Uncomment the
tls-authanddhdirectives. - Set the paths to your certificates and keys.
Step 8: Adjust Network Configuration
Enable IP forwarding:
sudo nano /etc/sysctl.confUncomment the line:
net.ipv4.ip_forward=1Apply the changes:
sudo sysctl -pConfigure firewall rules:
sudo apt install ufw
sudo ufw allow ssh
sudo ufw allow 1194/udp
sudo ufw enableStep 9: Start and Enable OpenVPN
Start the OpenVPN service:
sudo systemctl start openvpn@server
sudo systemctl enable openvpn@serverStep 10: Generate Client Certificates
Create a client certificate and key:
cd ~/openvpn-ca
source vars
./build-key client1Step 11: Create a Client Configuration File
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/client/client1.ovpn
sudo nano /etc/openvpn/client/client1.ovpnEdit the file to match the server’s IP address and certificates.
Step 12: Transfer Client Files
Transfer the .ovpn file securely to the client machine using scp or a USB drive.
Step 13: Connect to the VPN
On the client machine, use the OpenVPN client to connect:
sudo openvpn --config client1.ovpnConclusion
You have successfully set up and configured OpenVPN on Ubuntu Server. This secure VPN will help protect your online activities and provide secure remote access to your network.
