Objective

The objective is to setup a client/server VPN tunnel between two hosts using OpenVPN on Ubuntu 18.04 Bionic Beaver Linux.

The aim is to provide a simple to follow core instruction on how to configure VPN tunnel without much configuration and technical mumbo jumbo.

Operating System and Software Versions

  • Operating System: - Ubuntu 18.04 Bionic Beaver Linux
  • Software: - OpenVPN 2.4.4 or higher

Requirements

  • Privileged access to your Ubuntu System as root or via sudo command is required.
  • You may also need to setup port forwarding on UDP 1194 on your router to host which will be running as OpenVPN server.

Difficulty

EASY

Conventions

  • # - requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
  • $ - requires given linux commands to be executed as a regular non-privileged user

Instructions

OpenVPN Server setup

Let's first setup OpenVPN server. Start by installation of openvpn package. Open up terminal and enter:
$ sudo apt install openvpn
Next, generate static key to be used for VPN tunnel encryption:
$ openvpn --genkey --secret static-OpenVPN.key


Start OpenVPN server fo accepting VPN connection requests:
$ sudo openvpn --dev tun --ifconfig 172.16.0.1 172.16.0.2 --cipher AES-256-CBC --secret static-OpenVPN.key &
disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 10 2018
library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08
TUN/TAP device tun0 opened
do_ifconfig, tt->did_ifconfig_ipv6_setup=0
/sbin/ip link set dev tun0 up mtu 1500
/sbin/ip addr add dev tun0 local 172.16.0.1 peer 172.16.0.2
Could not determine IPv4/IPv6 protocol. Using AF_INET
UDPv4 link local (bound): [AF_INET][undef]:1194
UDPv4 link remote: [AF_UNSPEC]
The OpenVPN process should now run in background. At this satge you should have a new tun0 network interface with IP address 172.16.0.1 up an running:
$ ip a show tun0
8: tun0:  mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none 
    inet 172.16.0.1 peer 172.16.0.2/32 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::fc2a:c31:d5d0:ceb4/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
Furthermore, check for the open UDP 1194 port to confirm that OpenVPN is running correctly:
$ netstat -anu | grep 1194
udp        0      0 0.0.0.0:1194            0.0.0.0:*
Lastly, in case you have a firewall enabled on your Ubuntu 18.04 server open up UFW UDP port 1194 for incoming connection using the below command:
$ sudo ufw allow from any to any port 1194 proto udp
All done. The OpenVPN server side is now ready to receive VPN connection.


OpenVPN Client setup

Let's turn our attention to VPN client. First, make sure that we have openvpn package installed on our system:
$ sudo apt install openvpn
Next, think of a secure way ( eg. SCP ) to transfer static-OpenVPN.key from server to your client machine.

Once you have transferred the OpenVPN static key establish a VPN connection, while replacing the YOUR-OPENVPN-SERVER-IP-OR-HOST string with your OpenVPN server IP or hostname:
$ sudo openvpn --remote YOUR-OPENVPN-SERVER-IP-OR-HOST --dev tun --ifconfig 172.16.0.1 172.16.0.2 --cipher AES-256-CBC --secret static-OpenVPN.key &
The VPN tunnel creation may take few seconds. If successful you should see the following message:
Initialization Sequence Completed
Confirm VPN connection by pinging a remote server:
$ ping -c 1 172.16.0.1
PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data.
64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=0.061 ms

--- 172.16.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.061/0.061/0.061/0.000 ms
All done.