Ubuntu 22.04 LTS Set Up OpenVPN Server

Setting up an OpenVPN server on Ubuntu 22.04 LTS can be done in just a few minutes by following these steps:

  1. Install OpenVPN:
sudo apt update
sudo apt install openvpn
  1. Generate the necessary encryption keys and certificates:
sudo easyrsa init-pki
sudo easyrsa build-ca
sudo easyrsa build-server-full server nopass

This will create the necessary keys and certificates in the /etc/openvpn/easy-rsa/pki directory.

  1. Create the server configuration file:
sudo nano /etc/openvpn/server.conf
  1. Add the following contents to the file, replacing the IP address with the IP of your server:
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
  1. Enable IP forwarding:
sudo nano /etc/sysctl.conf

and add or uncomment the following line:

net.ipv4.ip_forward=1
  1. Enable the OpenVPN service:
sudo systemctl start openvpn@server
  1. Enable the OpenVPN service to start automatically at boot time:
sudo systemctl enable openvpn@server
  1. Configure the firewall to allow OpenVPN traffic, you can use ufw for that.
sudo ufw allow 1194/udp
sudo ufw enable
  1. Create a client configuration file, you can use a .ovpn extension for it.
sudo nano /etc/openvpn/client.ovpn
  1. Add the following contents to the file, replacing the IP address with the IP of your server:
client
dev tun
proto udp
remote <your server IP> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>

You can copy the ca, cert and key from the server’s /etc/openvpn/easy-rsa/pki directory.

Leave a Comment