OpenVPN Server on Ubuntu: A Step-by-Step Guide

Introduction: OpenVPN is a popular open-source VPN (Virtual Private Network) solution that allows you to securely connect to your network or browse the internet anonymously. In this tutorial, we’ll show you how to set up an OpenVPN server on Ubuntu, providing a secure connection for your remote clients.


Before we begin, make sure you have the following:

  1. An Ubuntu server (at least version 18.04 or later).
  2. Root or sudo access to the Ubuntu server.
  3. A static public IP address for your server (or a domain name).
  4. Basic knowledge of the Linux command line.

Step 1: Update and Upgrade

First, make sure your Ubuntu server is up-to-date by running:

  sudo apt update
  sudo apt upgrade 

Step 2: Install OpenVPN

To install OpenVPN, run the following command:

  sudo apt install openvpn easy-rsa

Step 3: Configure the Certificate Authority (CA)

OpenVPN requires a Certificate Authority (CA) to issue and manage security certificates. We’ll set up the CA using the “easy-rsa” scripts:

  sudo make-cadir /etc/openvpn/easy-rsa
  cd /etc/openvpn/easy-rsa

Edit the “vars” file with your CA information:

  nano vars 

Change the values as needed (e.g., country, organization, email).

Step 4: Generate Certificate and Key Files

Now, initialize the PKI (Public Key Infrastructure) and create the CA certificate and key:

   source vars

Next, generate server key and certificate:

  ./build-key-server server

Step 5: Generate Diffie-Hellman Parameters

Create the Diffie-Hellman parameters for additional security:


Step 6: Generate HMAC Signature

Generate HMAC signature to enhance data integrity:

  openvpn --genkey --secret keys/ta.key

Step 7: Create Server Configuration File

Copy the sample configuration file and edit it:

   cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
   gunzip /etc/openvpn/server.conf.gz
   nano /etc/openvpn/server.conf

Edit the configuration file as required, paying attention to settings like port, protocol, and network settings.

Step 8: Enable IP Forwarding

Enable IP forwarding by editing the sysctl configuration:

  nano /etc/sysctl.conf

Uncomment the line that says:


Then, run:

  sudo sysctl -p

Step 9: Adjust Firewall Rules

Add firewall rules to allow traffic through the VPN. Assuming you’re using UFW, you can use the following:

  sudo ufw allow 1194/udp
  sudo ufw allow OpenSSH (or your SSH port)
  sudo ufw enable

Step 10: Start and Enable OpenVPN

Start and enable OpenVPN to run at boot:

  sudo systemctl start openvpn@server
  sudo systemctl enable openvpn@server

Step 11: Client Configuration

To configure client devices, transfer the following files to each client:

  • /etc/openvpn/easy-rsa/keys/ca.crt
  • /etc/openvpn/easy-rsa/keys/client.crt
  • /etc/openvpn/easy-rsa/keys/client.key
  • /etc/openvpn/ta.key
  • /etc/openvpn/server.conf

Step 12: Connect to the OpenVPN Server

Use an OpenVPN client to connect to your server using the configuration files you provided to your clients.


In this tutorial, you’ve learned how to set up an OpenVPN server on Ubuntu, securing your connections and allowing remote access to your network. With proper configuration and security measures, OpenVPN can be a valuable tool for privacy and data protection.

Remember to keep your server and certificates secure, regularly update your system, and monitor your VPN for optimal performance and security. Enjoy the benefits of a secure and private network with your new OpenVPN server.

Also Read

Read more: How to Set Up an OpenVPN Server

You may also like

Get the latest

Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Hot news


Lorem ipsum dolor sit amet consectetur adipiscing elit dolor

Most popular