Ubuntu: Set up OpenVPN server - how it works
You can also easily set up an OpenVPN server under Ubuntu. In this practical tip we will show you how.
Set up OpenVPN server on Ubuntu - so it'll work
- First carry out an update of your server with "sudo apt-get update" before you then download the necessary server files with "sudo apt-get install openvpn easy-rsa".
- Create a new directory with "make-cadir ~ / openvpn-ca" and change to the directory just created with "cd ~ / openvpn-ca".
- Enter "nano vars" to edit the variables and fill in the lower variables (Country, Province, City, Org, Email and Ou) so that they do not remain empty. Save with [Ctrl] + [O].
- To use the variables, change to the directory and execute them there: "cd ~ / openvpn-ca source vars".
- Then you should clean up with "/ clean-all" before you create the required certificate with "./build-ca". Confirm with [Enter].
- Continue creating the keys for the server. Use "./build-key-server server". Here too you must confirm with [Enter] or [Y].
- Then additional variables and files are created with "./build-dh". Wait for this process to finish.
- Then use "openvpn --genkey --secret keys / ta.key" to apply the key to your OpenVPN installation.
Setting up the OpenVPN server on Ubuntu - Settings
- After the server has been configured so far, you must now set up the clients. To do this, enter the following commands: "cd ~ / openvpn-ca source vars ./build-key client1". Note: if you prefer to create a password-protected user, use "build-key-pass" instead of "build-key".
- Now move all files into the appropriate directory: "cd ~ / openvpn-ca / keys sudo cp ca.crt ca.key server.crt server.key ta.key dh2048.pem / etc / openvpn".
- Using "gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf" the archive of the server files is extracted.
- You then have to adapt the configuration file with "sudo nano /etc/openvpn/server.conf". The file should contain the following: "tls-auth ta.key 0 # This file is secret key-direction 0 cipher AES-128-CBC auth SHA256 user nobody group nogroup". Save again here with [Ctrl] + [O].
- So that the server can also communicate, you have to open the system configuration with "sudo nano /etc/sysctl.conf". Make sure that the file contains the following: "net.ipv4.ip_forward = 1". Save the changes. With "sudo sysctl -p" the changes are applied.
- Now you have to release the port. Enter "sudo ufw allow 1194 / udp sudo ufw allow OpenSSH" and apply the changes with sudo ufw disable sudo ufw enable ".
- The server is then started with the command "sudo systemctl start ".
In the next practical tip, learn how to set up OpenVPN on Android.