OpenVPN Setup Guide

Installing OpenVPN on Ubuntu

Prerequisites

  • Create an OpenVPN account at https://myaccount.openvpn.com/signup (optional)

  • Create VPS where you will host your OpenVPN server

  • Create DNS A-record pointing to your server

  • If you run this at home, without a static IP, you can also create a dynamic domain name with NOIP for example. You can use this domain name later in the guide instead of the domain name from the A-record. Optionally, you can use a CNAME record to point to the dynamic DNS domain name.

Installation

Update Ubuntu, setup firewall, install openvpn Access Server and create letsencrypt certificate

sudo apt update && sudo apt upgrade

sudo ufw allow 22 (SSH)

sudo ufw allow 80 (for certbot certificate request)

sudo ufw allow 443 (for our client webserver)

sudo ufw allow 943 (for our admin webserver)

sudo ufw allow 1194/udp (for our VPN connection)

sudo apt update && sudo apt -y install ca-certificates wget net-tools gnupg

sudo wget https://as-repository.openvpn.net/as-repo-public.asc -qO /etc/apt/trusted.gpg.d/as-repository.asc

echo "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/as-repository.asc] http://as-repository.openvpn.net/as/debian jammy main" | sudo tee -a /etc/apt/sources.list.d/openvpn-as-repo.list

sudo apt update && sudo apt -y install openvpn-as >> output-$(date +"%Y%m%d%H%M").log

Optionally, you can add your timezone here too, should your server be in a different timezone, like this:

output-$(TZ="Belgium/Brussels" date +"%Y%m%d%H%M").log

We will save the output for later in the outputxxx.log file, should we lose the information displayed on the terminal in some way.

sudo apt install certbot

sudo certbot certonly --standalone --preferred-challenges http -d your.domain.name You should get this in the output. Take note of the location:

Certificate is saved at: /etc/letsencrypt/live/your.domain.com/fullchain.pem

Key is saved at: /etc/letsencrypt/live/your.domain.com/privkey.pem

Log in to OpenVPN Access server admin webserver by opening the log file and copying the admin url and the openvpn account password.

Go to network settings and change

  • the hostname to your FQDN

  • listen on only one network interface (The public-facing interface)

  • VPN protocol UDP only on port 1194 (optional, but I recommend this)

  • Admin webserver on public network interface, on port 943 (if you are running the server locally, run the admin webserver only the local interface)

  • Client webserver on public network interface, on port 443

Go to VPN settings and change

  • Network address (optional)

  • Private network address for routing (optional)

Go to Web Server and

  • Go to User provided certificate, and add the cert and private key we created with certbot/letsencrypt

Got to the user management/user permission and:

  • Change password for openvpn admin user

  • Add a new user to create a new VPN profile

Go to authentication and set up 2FA

Go to your vpn webserver client login and log in

  • Download and install the openvpn client for your OS

Add a

Last updated