OpenVPN Setup Guide
Installing OpenVPN on Ubuntu
Prerequisites
Create an OpenVPN account at https://myaccount.openvpn.com/signup (optional)
Create VPS where you will host your OpenVPN server
Create DNS A-record pointing to your server
If you run this at home, without a static IP, you can also create a dynamic domain name with NOIP for example. You can use this domain name later in the guide instead of the domain name from the A-record. Optionally, you can use a CNAME record to point to the dynamic DNS domain name.
Installation
Update Ubuntu, setup firewall, install openvpn Access Server and create letsencrypt certificate
sudo apt update && sudo apt upgrade
sudo ufw allow 22
(SSH)
sudo ufw allow 80
(for certbot certificate request)
sudo ufw allow 443
(for our client webserver)
sudo ufw allow 943
(for our admin webserver)
sudo ufw allow 1194/udp
(for our VPN connection)
sudo apt update && sudo apt -y install ca-certificates wget net-tools gnupg
sudo wget https://as-repository.openvpn.net/as-repo-public.asc -qO /etc/apt/trusted.gpg.d/as-repository.asc
echo "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/as-repository.asc] http://as-repository.openvpn.net/as/debian jammy main" | sudo tee -a /etc/apt/sources.list.d/openvpn-as-repo.list
sudo apt update && sudo apt -y install openvpn-as >> output-$(date +"%Y%m%d%H%M").log
Optionally, you can add your timezone here too, should your server be in a different timezone, like this:
output-$(TZ="Belgium/Brussels" date +"%Y%m%d%H%M").log
We will save the output for later in the outputxxx.log file, should we lose the information displayed on the terminal in some way.
sudo apt install certbot
sudo certbot certonly --standalone --preferred-challenges http -d your.domain.name
You should get this in the output. Take note of the location:
Certificate is saved at: /etc/letsencrypt/live/your.domain.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/your.domain.com/privkey.pem
Log in to OpenVPN Access server admin webserver by opening the log file and copying the admin url and the openvpn account password.
Go to network settings and change
the hostname to your FQDN
listen on only one network interface (The public-facing interface)
VPN protocol UDP only on port 1194 (optional, but I recommend this)
Admin webserver on public network interface, on port 943 (if you are running the server locally, run the admin webserver only the local interface)
Client webserver on public network interface, on port 443
Go to VPN settings and change
Network address (optional)
Private network address for routing (optional)
Go to Web Server and
Go to User provided certificate, and add the cert and private key we created with certbot/letsencrypt
Got to the user management/user permission and:
Change password for openvpn admin user
Add a new user to create a new VPN profile
Go to authentication and set up 2FA
Go to your vpn webserver client login and log in
Download and install the openvpn client for your OS
Last updated