Setting up an OpenVPN server on Ubuntu is a great way to secure your internet traffic and protect your online privacy. OpenVPN is a popular open-source VPN protocol that is easy to use and configure. In this guide, we will show you how to set up an OpenVPN server on Ubuntu step by step.
Prerequisites:
- An Ubuntu server with a public IP address
- Root access to your Ubuntu server
- A text editor, such as nano or vi
Step 1: Install OpenVPN and Easy-RSA
First, we need to install OpenVPN and Easy-RSA, which is a tool for generating certificates and keys. Open a terminal window and run the following command:
Bash
sudo apt install openvpn easy-rsa
Step 2: Generate Certificates and Keys
Next, we need to generate certificates and keys for our OpenVPN server. This can be done using the following commands:
Bash
cd /etc/openvpn
mkdir easy-rsa
cp -rf /usr/share/doc/openvpn/examples/easy-rsa/ .
./easy-rsa/pkitool init-config
./easy-rsa/pkitool genkey
./easy-rsa/pkitool req-cert server
./easy-rsa/pkitool sign-cert server
Step 3: Configure OpenVPN
Now, we need to configure the OpenVPN server. Open the following file in a text editor:
Bash
sudo nano /etc/openvpn/server.conf
Add the following lines to the file:
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh.pem
server 192.168.1.0 255.255.255.0
ifclient /etc/openvpn/client.list
push "redirect-gateway def1"
push "dhcp-renew-time 120"
push "dhcp-release-time 3600"
push "DNS 8.8.8.8"
push "DNS 8.8.4.4"
Replace 192.168.1.0 with the subnet of your VPN network. You can also add more DNS servers to the push directives.
Step 4: Create Client Configuration Files
Next, we need to create client configuration files for each user who wants to connect to the VPN server. For example, to create a client configuration file for a user named user1, run the following command:
Bash
cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/client-configs/user1.ca.crt
cp /etc/openvpn/easy-rsa/keys/ta.key /etc/openvpn/client-configs/user1.ta.key
cp /etc/openvpn/easy-rsa/keys/user1.crt /etc/openvpn/client-configs/user1.crt
cp /etc/openvpn/easy-rsa/keys/user1.key /etc/openvpn/client-configs/user1.key
cp /etc/openvpn/server.conf /etc/openvpn/client-configs/user1.ovpn
Step 5: Start and Enable OpenVPN
Now, we can start the OpenVPN server and enable it to start automatically at boot. Run the following commands:
Bash
sudo systemctl start openvpn-server@server
sudo systemctl enable openvpn-server@server
Step 6: Connect to the VPN Server
To connect to the VPN server, you will need to distribute the client configuration files to your users. Users can then connect to the VPN server using an OpenVPN client. There are many different OpenVPN clients available for Windows, macOS, Linux, and Android.
Additional Notes:
- You can change the port that the OpenVPN server listens on by editing the
portdirective in the/etc/openvpn/server.conffile. - You can add more clients to the VPN server by creating additional client configuration files.
Leave a Reply