Greenhost
Control Panel
  • Home
  •   »  
  • How to Set Up and Configure an OpenVPN Server on Ubuntu
December 8, 2024
openvpn

How to Set Up and Configure an OpenVPN Server on Ubuntu

In today’s digital landscape, securing your online communication has never been more critical. An OpenVPN server is a fantastic solution for creating a secure tunnel for your internet traffic, allowing for safe browsing and secure access to resources on a network. In this post, we’ll take you through the steps needed to set up and configure an OpenVPN server on an Ubuntu system.

What is OpenVPN?

OpenVPN is an open-source VPN (Virtual Private Network) software that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations. It uses a custom security protocol that employs SSL/TLS for key exchange, ensuring that your data is transmitted safely.

Prerequisites

Before we start, make sure you have the following:

  1. Ubuntu Server: Ensure that you have a fresh installation of Ubuntu 20.04 or later.
  2. Root Access: You’ll need to have root privileges or use sudo for administrative commands.
  3. Static IP Address: It’s advisable to use a static IP address for your VPN server.

Step 1: Update Your System

Start by updating your package repository and installed packages to the latest version. Open your terminal and execute the following commands:

sudo apt update
sudo apt upgrade -y

Step 2: Install OpenVPN and Easy-RSA

Next, install OpenVPN and Easy-RSA, which will help you manage your certificates. Run the following:

sudo apt install openvpn easy-rsa -y

Step 3: Set Up the Certificate Authority

Create a new directory for Easy-RSA, and copy the Easy-RSA files into it:

make-cadir ~/openvpn-ca
cd ~/openvpn-ca

Now, edit the vars file to set up your certificate authority (CA) variables:

nano vars

Find and modify the following lines according to your organization:

export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="San Francisco"
export KEY_ORG="MyOrganization"
export KEY_EMAIL="[email protected]"
export KEY_OU="MyOrganizationalUnit"

Save and exit (if you are using Nano, it’s CTRL + X, then Y to confirm save).

Step 4: Build the CA Certificate

Next, build the CA certificate and key by executing:

source vars
./clean-all
./build-ca

You’ll be prompted several times to confirm the details you set in the vars file.

Step 5: Create the Server Certificate, Key, and Encryption Files

Now, we will create the server certificate and key files:

./build-key-server server

After that, generate the Diffie-Hellman key exchange file:

./build-dh

Next, generate an HMAC signature to add an additional layer of security:

openvpn --genkey --secret keys/ta.key

Step 6: Configure OpenVPN Server

Navigate to the OpenVPN directory and create a new configuration file:

cd /etc/openvpn
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz .
sudo gunzip server.conf.gz
sudo nano server.conf

Edit the server configuration file to reflect your settings:

  • Update the paths for ca, cert, key, dh, and tls-auth to point to the newly created files in /etc/openvpn/keys/.
  • Set server to your desired VPN subnet.
  • For better security, uncomment the lines related to tls-auth and cipher.

Step 7: Enable IP Forwarding

To allow traffic to be routed between your VPN clients and the rest of the internet, enable IP forwarding:

sudo nano /etc/sysctl.conf

Uncomment the line:

net.ipv4.ip_forward=1

Then, apply the changes:

sudo sysctl -p

Step 8: Start the OpenVPN Server

Start your OpenVPN server with the following command:

sudo systemctl start openvpn@server

To enable it to start on boot, run:

sudo systemctl enable openvpn@server

Step 9: Set Up Client Configuration

Now, let’s create client configuration files. You can use the sample configuration file as a starting point:

cd ~/openvpn-ca/keys
./build-key clientname

Copy the .ovpn configuration template and create your desired configuration:

nano client.ovpn

Modify the client configuration file with relevant server details and ensure that the appropriate CA certificate and key file paths are defined.

Step 10: Connect the Client

Lastly, transfer the client configuration file to your client machine. If you are using a Linux machine, you can use the command:

scp client.ovpn user@client-ip:~

Install the OpenVPN client on your machine and import the client.ovpn file. Start your connection:

sudo openvpn --config client.ovpn

Wrapping Up

Congratulations! You now have a fully functional OpenVPN server running on Ubuntu. This setup allows secure connections, ensuring your data stays private and safe as it travels across the internet.

For further enhancements, consider implementing additional security features such as access control lists, firewall rules, or using your own DNS servers for improved privacy.

We hope this guide was helpful. For more tips on cloud hosting and security practices, stay tuned to the Greenhost.cloud blog.

command line tutorial
Encryption
Linux networking
Network Security
open source
openvpn
remote access
Server Configuration
Ubuntu
vpn setup
OVH
Joker
Hetzner
AlibabaCloud
Greenhost Logo

Copyright 2023 Greenhost.cloud
All Rights Reserved.

Our Services

About Us

Legal

Contact Us

Customers' reviews on Hostings.info
Facebook-f Twitter Instagram Youtube
Greenhost Footer