Basic Ubuntu 20.04 OpenVPN Client/Server connection setup

by

Setting up a VPN is a great way for a server to share network resources with a client. Configuring one, however, can seem a little intimidating to some users. In this guide, we’ll show you how to setup a VPN using OpenVPN on Ubuntu 20.04 Focal Fossa, while managing to avoid advanced configuration and technical jargon along the way.

In this tutorial you will learn:

  • How to install OpenVPN
  • How to configure an OpenVPN Server
  • How to connect to a VPN server from client machine
  • How to verify a successful VPN connection

Starting OpenVPN Server on Ubuntu 20.04

Starting OpenVPN Server on Ubuntu 20.04

Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Installed Ubuntu 20.04 or upgraded Ubuntu 20.04 Focal Fossa
Software OpenVPN
Other Privileged access to your Linux system as root or via the sudo command.

You may also need to setup port forwarding on UDP 1194 on your router to host which will be running as OpenVPN server.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

OpenVPN Server setup

In this section, we will cover the steps to setup OpenVPN Server. A server listens for incoming connections from clients, and grants them access to the network upon successful authentication. If you only need to setup OpenVPN Client, which gives you the ability to connect to remote servers, then skip ahead to the next section.

  1. Start by opening a terminal and typing the following command to install OpenVPN Server: 
    $ sudo apt install openvpn
  2. Once OpenVPN is installed, we need to generate a static key to be used for VPN tunnel encryption: 
    $ openvpn --genkey --secret static-OpenVPN.key
  3. Next, we need to start the OpenVPN server in order to accept incoming connection requests: 
    $ sudo openvpn --dev tun --ifconfig 172.16.0.1 172.16.0.2 --cipher AES-256-CBC --secret static-OpenVPN.key &

    Note that the & ampersand in the above command will background the OpenVPN process so it won’t be necessary to keep a terminal open for the service to continue running.

    Starting OpenVPN process to receive connections

    Starting OpenVPN process to receive connections

  4. If you’ve followed along correctly, your system should now have a new network interface named tun0 with an IP address of 172.16.0.1. Type this command to verify: 
    $ ip a show tun0
    Tunnel interface created on OpenVPN server

    Tunnel interface created on OpenVPN server

  5. For additional verification that the VPN server is operating correctly, check that UDP port 1194 is open on your system: 
    $ netstat -anu | grep 1194
    6. UDP port 1194 is opened for connections

    UDP port 1194 is opened for connections

    NOTE
    You may need to install net-tools for the netstat command to work. Use this command: sudo apt install net-tools
  6. Lastly, enter this command to configure Ubuntu’s UFW firewall to allow incoming connections on UDP port 1194: 
    $ sudo ufw allow from any to any port 1194 proto udp
    Allow UDP port 1194 through UFW

    Allow UDP port 1194 through UFW

That’s all the configuration you’ll need to do for the OpenVPN Server. It should now be capable of receiving incoming connections.

OpenVPN Client setup

Now we will cover how to use OpenVPN Client in order to connect to a OpenVPN Server. Follow the steps in this section if you wish to connect to your server from a remote client.

  1. Start by opening a terminal and typing the following command to install OpenVPN Server: 
    $ sudo apt install openvpn
  2. Your client machine will need the static-OpenVPN.key encryption key file from the OpenVPN Server in order to connect. Transfer the file from the server to the client in a secure manner, with scp (secure copy) for example.

    This is the command we’d issue from our client machine. Use your own scp command or another secure method to transfer the file:

    $ scp user1@linuxconfig:/home/user1/static-OpenVPN.key .
  3. Now, we’re ready to establish a VPN tunnel to the server. Use this command but replace the YOUR-OPENVPN-SERVER-IP-OR-HOST string with the IP address or hostname of the VPN server you’re connecting to: 
    $ sudo openvpn --remote YOUR-OPENVPN-SERVER-IP-OR-HOST --dev tun --ifconfig 172.16.0.1 172.16.0.2 --cipher AES-256-CBC --secret static-OpenVPN.key &
  4. The VPN tunnel creation may take few seconds. If successful, you should see the following message: 
    Initialization Sequence Completed
  5. To confirm a successful connection to the VPN server, try pinging a host on the remote network: 
    $ ping -c 1 172.16.0.1
PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data.
64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=0.061 ms

--- 172.16.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.061/0.061/0.061/0.000 ms

    Your VPN connection is now established.

Conclusion

In this guide, we learned how to configure a VPN server to receive incoming connections with OpenVPN. We also saw how to connect to a VPN server from a client machine.

Using the methods illustrated in this guide should allow you to establish a secure VPN connection between a server and client machine.

Related Linux Tutorials: