OpenVPN Server on Ubuntu: A Step-by-Step Guide
Introduction: OpenVPN is a popular open-source VPN (Virtual Private Network) solution that allows you to securely connect to your network or browse the internet anonymously. In this tutorial, we’ll show you how to set up an OpenVPN server on Ubuntu, providing a secure connection for your remote clients.
Prerequisites:
Before we begin, make sure you have the following:
- An Ubuntu server (at least version 18.04 or later).
- Root or sudo access to the Ubuntu server.
- A static public IP address for your server (or a domain name).
- Basic knowledge of the Linux command line.
Step 1: Update and Upgrade
First, make sure your Ubuntu server is up-to-date by running:
sudo apt update
sudo apt upgrade
Step 2: Install OpenVPN
To install OpenVPN, run the following command:
sudo apt install openvpn easy-rsa
Step 3: Configure the Certificate Authority (CA)
OpenVPN requires a Certificate Authority (CA) to issue and manage security certificates. We’ll set up the CA using the “easy-rsa” scripts:
sudo make-cadir /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa
Edit the “vars” file with your CA information:
nano vars
Change the values as needed (e.g., country, organization, email).
Step 4: Generate Certificate and Key Files
Now, initialize the PKI (Public Key Infrastructure) and create the CA certificate and key:
source vars
./clean-all
./build-ca
Next, generate server key and certificate:
./build-key-server server
Step 5: Generate Diffie-Hellman Parameters
Create the Diffie-Hellman parameters for additional security:
./build-dh
Step 6: Generate HMAC Signature
Generate HMAC signature to enhance data integrity:
openvpn --genkey --secret keys/ta.key
Step 7: Create Server Configuration File
Copy the sample configuration file and edit it:
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
gunzip /etc/openvpn/server.conf.gz
nano /etc/openvpn/server.conf
Edit the configuration file as required, paying attention to settings like port, protocol, and network settings.
Step 8: Enable IP Forwarding
Enable IP forwarding by editing the sysctl configuration:
nano /etc/sysctl.conf
Uncomment the line that says:
#net.ipv4.ip_forward=1
Then, run:
sudo sysctl -p
Step 9: Adjust Firewall Rules
Add firewall rules to allow traffic through the VPN. Assuming you’re using UFW, you can use the following:
sudo ufw allow 1194/udp
sudo ufw allow OpenSSH (or your SSH port)
sudo ufw enable
Step 10: Start and Enable OpenVPN
Start and enable OpenVPN to run at boot:
sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server
Step 11: Client Configuration
To configure client devices, transfer the following files to each client:
- /etc/openvpn/easy-rsa/keys/ca.crt
- /etc/openvpn/easy-rsa/keys/client.crt
- /etc/openvpn/easy-rsa/keys/client.key
- /etc/openvpn/ta.key
- /etc/openvpn/server.conf
Step 12: Connect to the OpenVPN Server
Use an OpenVPN client to connect to your server using the configuration files you provided to your clients.
Conclusion:
In this tutorial, you’ve learned how to set up an OpenVPN server on Ubuntu, securing your connections and allowing remote access to your network. With proper configuration and security measures, OpenVPN can be a valuable tool for privacy and data protection.
Remember to keep your server and certificates secure, regularly update your system, and monitor your VPN for optimal performance and security. Enjoy the benefits of a secure and private network with your new OpenVPN server.
- A Step-By-Step Guide to Installing a LAMP Server on Ubuntu
- What are Linux, Unix, and Windows
- The Linux command line for beginners
- How to Set Up an OpenVPN Server
- How to Create a Website – Step by Step
