Objective
The objective is to setup a client/server VPN tunnel between two hosts using OpenVPN on Ubuntu 18.04 Bionic Beaver Linux.
The aim is to provide a simple to follow core instruction on how to configure VPN tunnel without much configuration and technical mumbo jumbo.
Operating System and Software Versions
- Operating System: – Ubuntu 18.04 Bionic Beaver Linux
- Software: – OpenVPN 2.4.4 or higher
Requirements
- Privileged access to your Ubuntu System as root or via
sudo
command is required. - You may also need to setup port forwarding on UDP 1194 on your router to host which will be running as OpenVPN server.
Conventions
- # – requires given linux commands to be executed with root privileges either directly as a root user or by use of
sudo
command - $ – requires given linux commands to be executed as a regular non-privileged user
Other Versions of this Tutorial
Instructions
OpenVPN Server setup
Let’s first setup OpenVPN server. Start by installation of openvpn
package. Open up terminal and enter:
$ sudo apt install openvpn
Next, generate static key to be used for VPN tunnel encryption:
$ openvpn --genkey --secret static-OpenVPN.key
Start OpenVPN server fo accepting VPN connection requests:
$ sudo openvpn --dev tun --ifconfig 172.16.0.1 172.16.0.2 --cipher AES-256-CBC --secret static-OpenVPN.key & disabling NCP mode (--ncp-disable) because not in P2MP client or server mode OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 10 2018 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08 TUN/TAP device tun0 opened do_ifconfig, tt->did_ifconfig_ipv6_setup=0 /sbin/ip link set dev tun0 up mtu 1500 /sbin/ip addr add dev tun0 local 172.16.0.1 peer 172.16.0.2 Could not determine IPv4/IPv6 protocol. Using AF_INET UDPv4 link local (bound): [AF_INET][undef]:1194 UDPv4 link remote: [AF_UNSPEC]
The OpenVPN process should now run in background. At this satge you should have a new tun0
network interface with IP address 172.16.0.1
up an running:
$ ip a show tun0 8: tun0:mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100 link/none inet 172.16.0.1 peer 172.16.0.2/32 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::fc2a:c31:d5d0:ceb4/64 scope link stable-privacy valid_lft forever preferred_lft forever
Furthermore, check for the open UDP 1194 port to confirm that OpenVPN is running correctly:
$ netstat -anu | grep 1194 udp 0 0 0.0.0.0:1194 0.0.0.0:*
Lastly, in case you have a firewall enabled on your Ubuntu 18.04 server open up UFW UDP port 1194 for incoming connection using the below command:
$ sudo ufw allow from any to any port 1194 proto udp
All done. The OpenVPN server side is now ready to receive VPN connection.
OpenVPN Client setup
Let’s turn our attention to VPN client. First, make sure that we have openvpn
package installed on our system:
$ sudo apt install openvpn
Next, think of a secure way ( eg. SCP ) to transfer static-OpenVPN.key
from server to your client machine.
Once you have transferred the OpenVPN static key establish a VPN connection, while replacing the YOUR-OPENVPN-SERVER-IP-OR-HOST
string with your OpenVPN server IP or hostname:
$ sudo openvpn --remote YOUR-OPENVPN-SERVER-IP-OR-HOST --dev tun --ifconfig 172.16.0.1 172.16.0.2 --cipher AES-256-CBC --secret static-OpenVPN.key &
The VPN tunnel creation may take few seconds. If successful you should see the following message:
Initialization Sequence Completed
Confirm VPN connection by pinging a remote server:
$ ping -c 1 172.16.0.1 PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data. 64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=0.061 ms --- 172.16.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.061/0.061/0.061/0.000 ms
All done.