ObjectiveThe objective is to setup a client/server VPN tunnel between two hosts using OpenVPN on Ubuntu 18.04 Bionic Beaver Linux.
The aim is to provide a simple to follow core instruction on how to configure VPN tunnel without much configuration and technical mumbo jumbo.
Operating System and Software Versions
- Operating System: - Ubuntu 18.04 Bionic Beaver Linux
- Software: - OpenVPN 2.4.4 or higher
- Privileged access to your Ubuntu System as root or via
sudocommand is required.
- You may also need to setup port forwarding on UDP 1194 on your router to host which will be running as OpenVPN server.
- # - requires given linux commands to be executed with root privileges either directly as a root user or by use of
- $ - requires given linux commands to be executed as a regular non-privileged user
OpenVPN Server setupLet's first setup OpenVPN server. Start by installation of
openvpnpackage. Open up terminal and enter:
$ sudo apt install openvpnNext, generate static key to be used for VPN tunnel encryption:
$ openvpn --genkey --secret static-OpenVPN.key
Start OpenVPN server fo accepting VPN connection requests:
$ sudo openvpn --dev tun --ifconfig 172.16.0.1 172.16.0.2 --cipher AES-256-CBC --secret static-OpenVPN.key & disabling NCP mode (--ncp-disable) because not in P2MP client or server mode OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 10 2018 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08 TUN/TAP device tun0 opened do_ifconfig, tt->did_ifconfig_ipv6_setup=0 /sbin/ip link set dev tun0 up mtu 1500 /sbin/ip addr add dev tun0 local 172.16.0.1 peer 172.16.0.2 Could not determine IPv4/IPv6 protocol. Using AF_INET UDPv4 link local (bound): [AF_INET][undef]:1194 UDPv4 link remote: [AF_UNSPEC]The OpenVPN process should now run in background. At this satge you should have a new
tun0network interface with IP address
172.16.0.1up an running:
$ ip a show tun0 8: tun0:Furthermore, check for the open UDP 1194 port to confirm that OpenVPN is running correctly:
mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100 link/none inet 172.16.0.1 peer 172.16.0.2/32 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::fc2a:c31:d5d0:ceb4/64 scope link stable-privacy valid_lft forever preferred_lft forever
$ netstat -anu | grep 1194 udp 0 0 0.0.0.0:1194 0.0.0.0:*Lastly, in case you have a firewall enabled on your Ubuntu 18.04 server open up UFW UDP port 1194 for incoming connection using the below command:
$ sudo ufw allow from any to any port 1194 proto udpAll done. The OpenVPN server side is now ready to receive VPN connection.
OpenVPN Client setupLet's turn our attention to VPN client. First, make sure that we have
openvpnpackage installed on our system:
$ sudo apt install openvpnNext, think of a secure way ( eg. SCP ) to transfer
static-OpenVPN.keyfrom server to your client machine.
Once you have transferred the OpenVPN static key establish a VPN connection, while replacing the
YOUR-OPENVPN-SERVER-IP-OR-HOSTstring with your OpenVPN server IP or hostname:
$ sudo openvpn --remote YOUR-OPENVPN-SERVER-IP-OR-HOST --dev tun --ifconfig 172.16.0.1 172.16.0.2 --cipher AES-256-CBC --secret static-OpenVPN.key &The VPN tunnel creation may take few seconds. If successful you should see the following message:
Initialization Sequence CompletedConfirm VPN connection by pinging a remote server:
$ ping -c 1 172.16.0.1 PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data. 64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=0.061 ms --- 172.16.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.061/0.061/0.061/0.000 msAll done.