homehowtokbslinksaboutcontactprojectsmusic
AccountosDeployAsteriskMySQL
Index > Help Tutorials > OpenVPN on Ubuntu 20.04

Server Setup

  1. Install packages 
    sudo apt install openvpn easy-rsa
  2. Create easy-rsa directory 
    sudo make-cadir /etc/openvpn/easy-rsa
  3. Change directory 
    cd /etc/openvpn/easy-rsa
  4. Initiate PKI 
    ./easyrsa init-pki
  5. Build CA 
    ./easyrsa build-ca nopass
  6. Generate key pair for the server 
    ./easyrsa gen-req server nopass
  7. Generate Diffie Hellman parameters 
    ./easyrsa gen-dh
  8. Sign server certificate 
    ./easyrsa sign-req server server
  9. Copy server certificates and keys to main configuration directory 
    cp -v pki/{dh.pem,ca.crt,issued/server.crt,private/server.key} /etc/openvpn/
  10. Copy or move dh file to match entry in OpenVPN configuration 
    cp /etc/openvpn/dh.pem /etc/openvpn/dh2048.pem
  11. Generate client certificate 
    ./easyrsa gen-req client nopass
  12. Sign client certificate 
    ./easyrsa sign-req client client
  13. Copy sample server configuration 
    sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/server.conf.gz
  14. Unzip server sample configuration 
    sudo gzip -d /etc/openvpn/server.conf.gz
  15. Generate secret key 
    cd /etc/openvpn
sudo openvpn --genkey --secret ta.key
  16. Verify the followings in server.conf 
    port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.tx
tls-auth ta.key 0 # This file is secret
cipher AES-256-GCM
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log         /var/log/openvpn/openvpn.log
log-append  /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1
# user authentication
;client-cert-not-required
# ldap/ad authentication
;plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/plugin/auth-ldap.conf
  17. Start openvpn server 
    sudo systemctl start openvpn@server
  18. Check status 
    sudo systemctl status openvpn@server
  19. Copy clients certificates and keys 
    mkdir -pv ~/vpn
cp /etc/openvpn/easy-rsa/pki/{ca.crt,issued/client.crt,private/client.key} ~/vpn
cp /etc/openvpn/ta.key ~/vpn
  20. Enable OpenVPN service and restart it 
    sudo systemctl enable openvpn && sudo systemctl restart openvpn
  21. References 
    https://ubuntu.com/server/docs/service-openvpn
https://linuxconfig.org/how-to-setup-a-openvpn-server-on-ubuntu-20-04

Client Setup

  1. Windows (default config), C:\Program Files\OpenVPN\config\client.ovpn 
    ;################### Global Configuration ###################################
client
remote vpn.example.com
port 1194
proto udp
dev tun
dev-type tun
dev-node VPN
remote-cert-tls server
cipher AES-256-GCM
;reneg-sec 86400
;comp-lzo yes
verb 3
auth-nocache
auth-retry interact
;################### Connection Encryption ##################################
ca ca.crt
tls-auth ta.key 1
;################### Certificate authentication #############################
cert client.crt ; This certificate is needed for authentication
key client.key ; This key is needed for authentication
;################### Password authentication ################################
;auth-user-pass