Setting up a VPN is a great way for a server to share network resources with a client. Configuring one, however, can seem a little intimidating to some users. In this guide, we’ll show you how to setup a VPN using OpenVPN on Ubuntu 20.04 Focal Fossa, while managing to avoid advanced configuration and technical jargon along the way.
In this tutorial you will learn:
- How to install OpenVPN
- How to configure an OpenVPN Server
- How to connect to a VPN server from client machine
- How to verify a successful VPN connection
Category | Requirements, Conventions or Software Version Used |
---|---|
System | Installed Ubuntu 20.04 or upgraded Ubuntu 20.04 Focal Fossa |
Software | OpenVPN |
Other | Privileged access to your Linux system as root or via the sudo command.You may also need to setup port forwarding on UDP 1194 on your router to host which will be running as OpenVPN server. |
Conventions |
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
OpenVPN Server setup
In this section, we will cover the steps to setup OpenVPN Server. A server listens for incoming connections from clients, and grants them access to the network upon successful authentication. If you only need to setup OpenVPN Client, which gives you the ability to connect to remote servers, then skip ahead to the next section.
- Start by opening a terminal and typing the following command to install OpenVPN Server:
$ sudo apt install openvpn
- Once OpenVPN is installed, we need to generate a static key to be used for VPN tunnel encryption:
$ openvpn --genkey --secret static-OpenVPN.key
- Next, we need to start the OpenVPN server in order to accept incoming connection requests:
$ sudo openvpn --dev tun --ifconfig 172.16.0.1 172.16.0.2 --cipher AES-256-CBC --secret static-OpenVPN.key &
Note that the
&
ampersand in the above command will background the OpenVPN process so it won’t be necessary to keep a terminal open for the service to continue running. - If you’ve followed along correctly, your system should now have a new network interface named
tun0
with an IP address of172.16.0.1
. Type this command to verify:$ ip a show tun0
- For additional verification that the VPN server is operating correctly, check that UDP port 1194 is open on your system:
$ netstat -anu | grep 1194
- Lastly, enter this command to configure Ubuntu’s UFW firewall to allow incoming connections on UDP port 1194:
$ sudo ufw allow from any to any port 1194 proto udp
You may need to install net-tools for the
netstat
command to work. Use this command: sudo apt install net-tools
That’s all the configuration you’ll need to do for the OpenVPN Server. It should now be capable of receiving incoming connections.
OpenVPN Client setup
Now we will cover how to use OpenVPN Client in order to connect to a OpenVPN Server. Follow the steps in this section if you wish to connect to your server from a remote client.
- Start by opening a terminal and typing the following command to install OpenVPN Server:
$ sudo apt install openvpn
- Your client machine will need the
static-OpenVPN.key
encryption key file from the OpenVPN Server in order to connect. Transfer the file from the server to the client in a secure manner, withscp
(secure copy) for example.This is the command we’d issue from our client machine. Use your own
scp
command or another secure method to transfer the file:$ scp user1@linuxconfig:/home/user1/static-OpenVPN.key .
- Now, we’re ready to establish a VPN tunnel to the server. Use this command but replace the
YOUR-OPENVPN-SERVER-IP-OR-HOST
string with the IP address or hostname of the VPN server you’re connecting to:$ sudo openvpn --remote YOUR-OPENVPN-SERVER-IP-OR-HOST --dev tun --ifconfig 172.16.0.1 172.16.0.2 --cipher AES-256-CBC --secret static-OpenVPN.key &
- The VPN tunnel creation may take few seconds. If successful, you should see the following message:
Initialization Sequence Completed
- To confirm a successful connection to the VPN server, try pinging a host on the remote network:
$ ping -c 1 172.16.0.1 PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data. 64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=0.061 ms --- 172.16.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.061/0.061/0.061/0.000 ms
Your VPN connection is now established.
Conclusion
In this guide, we learned how to configure a VPN server to receive incoming connections with OpenVPN. We also saw how to connect to a VPN server from a client machine.
Using the methods illustrated in this guide should allow you to establish a secure VPN connection between a server and client machine.