Quick Installation and configuration of OpenVPN on Ubuntu 16.04

New

Quick Installation and configuration of OpenVPN on Ubuntu 16.04:In this tutorial, we will explain how to install and configure an OpenVPN server which is one of the most popular VPN software solutions on an Ubuntu 16.04 VPS, on both server-side and client-side. This guide should work on other Linux VPS systems as well but was tested and written for Ubuntu 16.04 VPS.

Login to your VPS via SSH

ssh user@vps

Install necessary packages

Update the system:

sudo apt-get update && sudo apt-get -y upgrade

and install OpenVPN:

sudo apt-get install openvpn openssl

Generate local certificate authority

First, generate the Diffie-Hellman parameters. This command can take a while to run depending on the server.

openssl dhparam -out /etc/openvpn/dh.pem 2048

Generate ca.pem  (certificate authority) file:

sudo openssl genrsa -out /etc/openvpn/ca-key.pem 2048
sudo chmod 600 /etc/openvpn/ca-key.pem
sudo openssl req -new -key /etc/openvpn/ca-key.pem -out /etc/openvpn/ca-csr.pem -subj /CN=OpenVPN-CA/
sudo openssl x509 -req -in /etc/openvpn/ca-csr.pem -out /etc/openvpn/ca.pem -signkey /etc/openvpn/ca-key.pem -days 365
sudo echo 01 > /etc/openvpn/ca.srl


Configure OpenVPN server

The following commands will generate a server certificate and key:

sudo openssl genrsa -out /etc/openvpn/server-key.pem 2048
sudo chmod 600 /etc/openvpn/server-key.pem
sudo openssl req -new -key /etc/openvpn/server-key.pem -out /etc/openvpn/server-csr.pem -subj /CN=OpenVPN/
sudo openssl x509 -req -in /etc/openvpn/server-csr.pem -out /etc/openvpn/server-cert.pem -CA /etc/openvpn/ca.pem -CAke

Create server configuration file:

sudo nano /etc/openvpn/server.conf

server 10.8.0.0 255.255.255.0
verb 3
key server-key.pem
ca ca.pem
cert server-cert.pem
dh dh.pem
keepalive 10 120
persist-key
persist-tun
comp-lzo
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

user nobody
group nogroup

proto udp
port 1194
dev tun1194
status openvpn-status.log

save the file and enable and start the OpenVPN service with:

sudo systemctl enable openvpn@server
sudo systemctl start openvpn@server


Note: If you are running an openvz based VPS
open the /lib/systemd/system/openvpn\@.service file and comment the LimitNPROC=10 line

Add the following iptables rule so that traffic can leave the VPN. Change the eth0 with the public network interface of your server.

 

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Note: If you are running an openvz based VPS
instead of the rule above add:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source <YOUR_SERVER_IP>

Finally, we also need to allow IP forwarding:

sed -i 's|#net.ipv4.ip_forward=1|net.ipv4.ip_forward=1|' /etc/sysctl.conf
echo 1 > /proc/sys/net/ipv4/ip_forward

OpenVPN client configuration

The following commands will generate a client certificate and key:

openssl genrsa -out /etc/openvpn/client-key.pem 2048
chmod 600 /etc/openvpn/client-key.pem
openssl req -new -key /etc/openvpn/client-key.pem -out /etc/openvpn/client-csr.pem -subj /CN=OpenVPN-Client/
openssl x509 -req -in /etc/openvpn/client-csr.pem -out /etc/openvpn/client-cert.pem -CA /etc/openvpn/ca.pem -CAkey - 
/etc/openvpn/ca-key.pem -days 36525

Next, copy the following files to your client machine

/etc/openvpn/ca.pem
/etc/openvpn/client-cert.pem
/etc/openvpn/client-key.pem

and start your OpenVPN client with the following configuration.

client
nobind
dev tun
redirect-gateway def1 bypass-dhcp
remote  1194 udp
comp-lzo yes

key /etc/openvpn/client-key.pem
cert /etc/openvpn/client-cert.pem
ca /etc/openvpn/ca.pem

Do not forget to change <YOUR_SERVER_IP> with your OpenVPN server IP address.

That’s it. You have successfully installed a configured an OpenVPN server on your Ubuntu 16.04 VPS.

 

Leave your comment for any Issue regarding installation and configuration.

 
 
 

Comments

comments

board1