# OpenVPN Setup Guide ## Installing OpenVPN on Ubuntu #### Prerequisites * Create an OpenVPN account at (optional) * Create VPS where you will host your OpenVPN server * Create DNS A-record pointing to your server * If you run this at home, without a static IP, you can also create a dynamic domain name with NOIP for example. You can use this domain name later in the guide instead of the domain name from the A-record. Optionally, you can use a CNAME record to point to the dynamic DNS domain name. #### Installation ### Update Ubuntu, setup firewall, install openvpn Access Server and create letsencrypt certificate `sudo apt update && sudo apt upgrade` `sudo ufw allow 22` (SSH) `sudo ufw allow 80` (for certbot certificate request) `sudo ufw allow 443` (for our client webserver) `sudo ufw allow 943` (for our admin webserver) `sudo ufw allow 1194/udp` (for our VPN connection) `sudo apt update && sudo apt -y install ca-certificates wget net-tools gnupg` `sudo wget https://as-repository.openvpn.net/as-repo-public.asc -qO /etc/apt/trusted.gpg.d/as-repository.asc` `echo "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/as-repository.asc] http://as-repository.openvpn.net/as/debian jammy main" | sudo tee -a /etc/apt/sources.list.d/openvpn-as-repo.list` `sudo apt update && sudo apt -y install openvpn-as >> output-$(date +"%Y%m%d%H%M").log` Optionally, you can add your timezone here too, should your server be in a different timezone, like this: `output-$(TZ="Belgium/Brussels" date +"%Y%m%d%H%M").log` We will save the output for later in the outputxxx.log file, should we lose the information displayed on the terminal in some way. `sudo apt install certbot` `sudo certbot certonly --standalone --preferred-challenges http -d your.domain.name` You should get this in the output. Take note of the location: > Certificate is saved at: /etc/letsencrypt/live/your.domain.com/fullchain.pem > Key is saved at: /etc/letsencrypt/live/your.domain.com/privkey.pem Log in to OpenVPN Access server admin webserver by opening the log file and copying the admin url and the openvpn account password. ### Go to network settings and change * the hostname to your FQDN * listen on only one network interface (The public-facing interface) * VPN protocol UDP only on port 1194 (optional, but I recommend this) * Admin webserver on public network interface, on port 943 (if you are running the server locally, run the admin webserver only the local interface) * Client webserver on public network interface, on port 443 ### Go to VPN settings and change * Network address (optional) * Private network address for routing (optional) ### Go to Web Server and * Go to User provided certificate, and add the cert and private key we created with certbot/letsencrypt ### Got to the user management/user permission and: * Change password for openvpn admin user * Add a new user to create a new VPN profile ### Go to authentication and set up 2FA ### Go to your vpn webserver client login and log in * Download and install the openvpn client for your OS [ Add a ](https://github.com/herbertech/Install-OpenVPN/wiki/_new?wiki%5Bname%5D=_Footer) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://herbertech.gitbook.io/openvpn-setup-guide/openvpn-setup-guide.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.