How to Install OpenVPN on Ubuntu 18.04 LTS

In this article, We are going to perform How to Install OpenVPN on Ubuntu 18.04 LTS or any other cloud platform like Amazon EC2, Azure VM, Google Cloud Compute,etc. with preinstalled Ubuntu OS.

Introduction

OpenVPN is free and open-source, Virtual Private Network (VPN) encryption protocol. It is used to secure tunnel between two points in a network.

Prerequisites

  • Ubuntu Server 16.04/18.04 LTS
  • SSH access with sudo privileges
  • Open Firewall Ports 1194

update the system packages

$ sudo apt-get update

Step 1: Install Git

Install git using below command

$ sudo apt-get install git

Step 2: Install OpenVPN on Ubuntu

Clone the below git repo

$ sudo git clone https://github.com/Nyr/openvpn-install.git

Output:

Cloning into 'openvpn-install'...

remote: Enumerating objects: 392, done.

remote: Total 392 (delta 0), reused 0 (delta 0), pack-reused 392

Receiving objects: 100% (392/392), 115.17 KiB | 14.40 MiB/s, done.

Resolving deltas: 100% (197/197), done.

Navigate to openvpn-install folder

$ cd openvpn-install/

List the folder contents

$ ls

Output:

LICENSE.txt

README.md

openvpn-install.sh

Make it executable openvpn-install.sh script

$ sudo chmod +x openvpn-install.sh

Run the openvpn-install.sh script

$ sudo ./openvpn-install.sh

You will be prompted to select IP, protocol,port and certificate name.

Welcome to this OpenVPN road warrior installer!

I need to ask you a few questions before starting setup.

You can use the default options and just press enter if you are ok with them.

This server is behind NAT. What is the public IPv4 address or hostname?

Public IPv4 address / hostname [192.168.100.55]: 192.168.100.55


Which protocol do you want for OpenVPN connections?

   1) UDP (recommended)

   2) TCP

Protocol [1]: 1

What port do you want OpenVPN listening to?

Port [1194]: 1194

Which DNS do you want to use with the VPN?

   1) Current system resolvers

   2) 1.1.1.1

   3) Google

   4) OpenDNS

   5) Verisign

DNS [1]: 1

Finally, tell me a name for the client certificate.

Client name [client]: client

Okay, that was all I needed. We are ready to set up your OpenVPN server now.

Press any key to continue... Press Enter

Press Enter after entering all answers, at the end you will get Finished message.

Signature ok

The Subject's Distinguished Name is as follows

commonName            :ASN.1 12:'client'

Certificate is to be certified until Nov 15 11:00:15 2029 GMT (3650 days)

Write out database with 1 new entries

Data Base Updated

Using SSL: openssl OpenSSL 1.1.1  11 Sep 2018

Using configuration from ./safessl-easyrsa.cnf

Can't load /etc/openvpn/server/easy-rsa/pki/.rnd into RNG

139692549542336:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/etc/openvpn/server/easy-rsa/pki/.rnd

An updated CRL has been created.

CRL file: /etc/openvpn/server/easy-rsa/pki/crl.pem

Created symlink /etc/systemd/system/multi-user.target.wants/openvpn-iptables.service → /etc/systemd/system/openvpn-iptables.service.

Created symlink /etc/systemd/system/multi-user.target.wants/[email protected] → /lib/systemd/system/[email protected].

Finished!

Your client configuration is available at: /home/fosstechnix/client.ovpn

If you want to add more clients, just run this script again!

To check OpenVPN configuration, Go to below path, looks like as shown below

$ cat  /etc/openvpn/server/server.conf

Output:

local 10.0.31.5

port 1194

proto udp

dev tun

ca ca.crt

cert server.crt

key server.key

dh dh.pem

auth SHA512

tls-crypt tc.key

topology subnet

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push "redirect-gateway def1 bypass-dhcp"

push "dhcp-option DNS 8.8.8.8"

keepalive 10 120

cipher AES-256-CBC

user nobody

group nogroup

persist-key

persist-tun

status openvpn-status.log

verb 3

crl-verify crl.pem

explicit-exit-notify

Step 3: Creating User Profile in OpenVPN

OpenVPN is ready for use, to create user profile navigate the openvpn-install folder and run the openvpn-install.sh script which we have used to install openvpn.

$ sudo ./openvpn-install.sh

You will prompted below options.

Looks like OpenVPN is already installed.

What do you want to do?

   1) Add a new user

   2) Revoke an existing user

   3) Remove OpenVPN

   4) Exit

Select an option: 1

Tell me a name for the client certificate.

Client name: FOSS.Technix

Using SSL: openssl OpenSSL 1.1.1  11 Sep 2018

Generating a RSA private key

.......................+++++

.......................+++++

writing new private key to '/etc/openvpn/server/easy-rsa/pki/private/FOSS_TechNix.key.J2Auf22bKO'

-----

Check that the request matches the signature

Signature ok

The Subject's Distinguished Name is as follows

commonName            :ASN.1 12:'FOSS_Technix'

Certificate is to be certified until Nov 15 11:14:08 2029 GMT (3650 days)

Write out database with 1 new entries

Data Base Updated

Client FOSS_TechNix added, configuration is available at: /home/fosstechnix/FOSS_Technix.ovpn

Succefully,We have preformed install OpenVPN on Ubuntu.

Copy the FOSS_Technix.ovpn file from users home directory and add into OpenVPN client profile and then connect to OpenVPN server.

Install OpenVPN client on Windows

Download OpenVPN client from below link and Install
After installing go to the below path and Place your OpenVPN file
C:\Program Files\OpenVPN\config
After placing go to the Taskbar:

Right click on OpenVPN GUI icon and import your File and select your file and click on connect

Conclusion

In this article, We have covered Install OpenVPN on Ubuntu, configure OpenVPN , Creating user profile.

Related Articles

How to Configure Sendmail to Relay Emails using Gmail SMTP on Ubuntu 18.04/16.04 LTS

How to Install and Configure mutt on Ubuntu/CentOS 7

Reference

https://github.com/Nyr/openvpn-install

FOSS TechNix

FOSS TechNix (Free,Open Source Software's and Technology Nix*) founded in 2019 is a community platform where you can find How-to Guides, articles for DevOps Tools,Linux and Databases.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share via
Copy link
Powered by Social Snap