Ubuntu: Set up OpenVPN server - how it works

You can also easily set up an OpenVPN server under Ubuntu. In this practical tip we will show you how.

Set up OpenVPN server on Ubuntu - so it'll work

1. First carry out an update of your server with "sudo apt-get update" before you then download the necessary server files with "sudo apt-get install openvpn easy-rsa".
2. Create a new directory with "make-cadir ~ / openvpn-ca" and change to the directory just created with "cd ~ / openvpn-ca".
3. Enter "nano vars" to edit the variables and fill in the lower variables (Country, Province, City, Org, Email and Ou) so that they do not remain empty. Save with [Ctrl] + [O].
4. To use the variables, change to the directory and execute them there: "cd ~ / openvpn-ca source vars".
5. Then you should clean up with "/ clean-all" before you create the required certificate with "./build-ca". Confirm with [Enter].
6. Continue creating the keys for the server. Use "./build-key-server server". Here too you must confirm with [Enter] or [Y].
7. Then additional variables and files are created with "./build-dh". Wait for this process to finish.
8. Then use "openvpn --genkey --secret keys / ta.key" to apply the key to your OpenVPN installation.

Setting up the OpenVPN server on Ubuntu - Settings

1. After the server has been configured so far, you must now set up the clients. To do this, enter the following commands: "cd ~ / openvpn-ca source vars ./build-key client1". Note: if you prefer to create a password-protected user, use "build-key-pass" instead of "build-key".
2. Now move all files into the appropriate directory: "cd ~ / openvpn-ca / keys sudo cp ca.crt ca.key server.crt server.key ta.key dh2048.pem / etc / openvpn".
3. Using "gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf" the archive of the server files is extracted.
4. You then have to adapt the configuration file with "sudo nano /etc/openvpn/server.conf". The file should contain the following: "tls-auth ta.key 0 # This file is secret key-direction 0 cipher AES-128-CBC auth SHA256 user nobody group nogroup". Save again here with [Ctrl] + [O].
5. So that the server can also communicate, you have to open the system configuration with "sudo nano /etc/sysctl.conf". Make sure that the file contains the following: "net.ipv4.ip_forward = 1". Save the changes. With "sudo sysctl -p" the changes are applied.
6. Now you have to release the port. Enter "sudo ufw allow 1194 / udp sudo ufw allow OpenSSH" and apply the changes with sudo ufw disable sudo ufw enable ".
7. The server is then started with the command "sudo systemctl start ".

In the next practical tip, learn how to set up OpenVPN on Android.