Setting up a VPN is a great way for a server to share network resources with a client. Configuring one, however, can seem a little intimidating to some users. In this guide, we'll show you how to setup a VPN using OpenVPN on Ubuntu 20.04 Focal Fossa, while managing to avoid advanced configuration and technical jargon along the way.

In this tutorial you will learn:
  • How to install OpenVPN
  • How to configure an OpenVPN Server
  • How to connect to a VPN server from client machine
  • How to verify a successful VPN connection
Starting OpenVPN Server on Ubuntu 20.04
Starting OpenVPN Server on Ubuntu 20.04
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Installed Ubuntu 20.04 or upgraded Ubuntu 20.04 Focal Fossa
Software OpenVPN
Other Privileged access to your Linux system as root or via the sudo command.
You may also need to setup port forwarding on UDP 1194 on your router to host which will be running as OpenVPN server.
Conventions # - requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ - requires given linux commands to be executed as a regular non-privileged user

OpenVPN Server setup


SUBSCRIBE TO NEWSLETTER
Subscribe to Linux Career NEWSLETTER and receive latest Linux news, jobs, career advice and tutorials.


In this section, we will cover the steps to setup OpenVPN Server. A server listens for incoming connections from clients, and grants them access to the network upon successful authentication. If you only need to setup OpenVPN Client, which gives you the ability to connect to remote servers, then skip ahead to the next section.

  1. Start by opening a terminal and typing the following command to install OpenVPN Server:
    $ sudo apt install openvpn
    
  2. Once OpenVPN is installed, we need to generate a static key to be used for VPN tunnel encryption:
    $ openvpn --genkey --secret static-OpenVPN.key
    
  3. Next, we need to start the OpenVPN server in order to accept incoming connection requests:
    $ sudo openvpn --dev tun --ifconfig 172.16.0.1 172.16.0.2 --cipher AES-256-CBC --secret static-OpenVPN.key &
    
    Note that the & ampersand in the above command will background the OpenVPN process so it won't be necessary to keep a terminal open for the service to continue running.
    Starting OpenVPN process to receive connections
    Starting OpenVPN process to receive connections
  4. If you've followed along correctly, your system should now have a new network interface named tun0 with an IP address of 172.16.0.1. Type this command to verify:
    $ ip a show tun0
    


  • For additional verification that the VPN server is operating correctly, check that UDP port 1194 is open on your system:
    $ netstat -anu | grep 1194
    
  • UDP port 1194 is opened for connections
    UDP port 1194 is opened for connections
    NOTE
    You may need to install net-tools for the netstat command to work. Use this command: sudo apt install net-tools
  • Lastly, enter this command to configure Ubuntu's UFW firewall to allow incoming connections on UDP port 1194:
    $ sudo ufw allow from any to any port 1194 proto udp
    
    Allow UDP port 1194 through UFW
    Allow UDP port 1194 through UFW


  • That's all the configuration you'll need to do for the OpenVPN Server. It should now be capable of receiving incoming connections.

    OpenVPN Client setup

    Now we will cover how to use OpenVPN Client in order to connect to a OpenVPN Server. Follow the steps in this section if you wish to connect to your server from a remote client.

    1. Start by opening a terminal and typing the following command to install OpenVPN Server:
      $ sudo apt install openvpn
      
    2. Your client machine will need the static-OpenVPN.key encryption key file from the OpenVPN Server in order to connect. Transfer the file from the server to the client in a secure manner, with scp (secure copy) for example.

      This is the command we'd issue from our client machine. Use your own scp command or another secure method to transfer the file:
      $ scp user1@linuxconfig:/home/user1/static-OpenVPN.key .
      
    3. Now, we're ready to establish a VPN tunnel to the server. Use this command but replace the YOUR-OPENVPN-SERVER-IP-OR-HOST string with the IP address or hostname of the VPN server you're connecting to:
      $ sudo openvpn --remote YOUR-OPENVPN-SERVER-IP-OR-HOST --dev tun --ifconfig 172.16.0.1 172.16.0.2 --cipher AES-256-CBC --secret static-OpenVPN.key &
      

    4. SUBSCRIBE TO NEWSLETTER
      Subscribe to Linux Career NEWSLETTER and receive latest Linux news, jobs, career advice and tutorials.


    5. The VPN tunnel creation may take few seconds. If successful, you should see the following message:
      Initialization Sequence Completed
      
    6. To confirm a successful connection to the VPN server, try pinging a host on the remote network:
      $ ping -c 1 172.16.0.1
      PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data.
      64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=0.061 ms
      
      --- 172.16.0.1 ping statistics ---
      1 packets transmitted, 1 received, 0% packet loss, time 0ms
      rtt min/avg/max/mdev = 0.061/0.061/0.061/0.000 ms
      
      Your VPN connection is now established.

    Conclusion

    In this guide, we learned how to configure a VPN server to receive incoming connections with OpenVPN. We also saw how to connect to a VPN server from a client machine.

    Using the methods illustrated in this guide should allow you to establish a secure VPN connection between a server and client machine.

    FIND LATEST LINUX JOBS on LinuxCareers.com
    Submit your RESUME, create a JOB ALERT or subscribe to RSS feed.
    LINUX CAREER NEWSLETTER
    Subscribe to NEWSLETTER and receive latest news, jobs, career advice and tutorials.
    DO YOU NEED ADDITIONAL HELP?
    Get extra help by visiting our LINUX FORUM or simply use comments below.

    You may also be interested in:



    Comments and Discussions