How to setup an OpenVPN server on Ubuntu 18.04,20.04,22.04 LTS
Introduction
The OpenVPN is an open source Virtual Private Network (VPN) project. It creates secure connections over the Internet using a custom security protocol that utilizes SSL/TLS.
VPN software protects your information by masking your device’s IP address, encrypting your data and routing it through secure networks to servers in far away states or even other countries. In doing so it hides your online identity, ensuring that you are able to browse the Internet securely and anonymously.
This how-to provides instructions for configuring an OpenVPN server on Ubuntu 18.04,20.04,22.04 LTS server.
Upgrade your system
To install your OpenVPN server, start updating your operating system to avoid any incompatibilities.
Perform a full update of your operating system with the following apt command
If you are working as root user
apt update && apt full-upgrade -y && apt autoremove -y && apt autoclean
If you are working as normal user
sudo apt update && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt autoclean
Find your server’s IP address
To get the ip address run the following command.
ip address show up
You will get an output similar to this the ip will be the one highlighted.
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 192.168.121.241/24 brd 192.168.121.255 scope global dynamic eth0
valid_lft 2900sec preferred_lft 2900sec
inet6 0000::0000:ff:fe8c:0000/64 scope link
valid_lft forever preferred_lft forever
Save this ip address, we will need it for the next steps.
Download OpenVPN server installer script by Angristan
This script will let you setup your own secure VPN server in just a few seconds.
First, get the script and make it executable:
If you are working as root user
apt install curl -y && curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh && chmod +x openvpn-install.sh
If you are working as normal user
sudo apt install curl -y && sudo curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh && sudo chmod +x openvpn-install.sh
Run OpenVPN server installer script by Angristan
You need to run the script as root and have the TUN module enabled.
The first time you run it, you’ll have to follow the assistant and answer a few questions to setup your VPN server.
If you are working as root user
./openvpn-install.sh
If you are working as Normal user
sudo ./openvpn-install.sh
Configuration of OpenVPN server with the script by Angristan
Once you have run the script follow the steps below to complete the installation of your OpenVPN server.
Step 1
Welcome to the OpenVPN installer!
The git repository is available at: https://github.com/angristan/openvpn-install
I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.
I need to know the IPv4 address of the network interface you want OpenVPN listening to.
Unless your server is behind NAT, it should be your public IPv4 address.
IP address: [YOUR-SERVER-IP-ADDRESS]
If the IP printed by the script is correct and corresponds to the one taken with the previous step, press enter.
Step 2
Checking for IPv6 connectivity...
Your host does not appear to have IPv6 connectivity.
Do you want to enable IPv6 support (NAT)? n
If your Server has an ipv6 the script should recognize it automatically otherwise you will have n and you just have to press enter.
Step 3
What port do you want OpenVPN to listen to?
1) Default: 1194
2) Custom
3) Random [49152-65535]
Port choice [1-3]: 1
If you have other services listening on OpenVPN’s default port choose 2 and enter the port you want to use, but by default just hit enter.
Step 4
What protocol do you want OpenVPN to use?
UDP is faster. Unless it is not available, you shouldn't use TCP.
1) UDP
2) TCP
Protocol [1-2]: 1
Hit enter to select UDP protocol (Best performance), or write 2 instead of 1 if you want use TCP protocol (Best stability).
Step 5
What DNS resolvers do you want to use with the VPN?
1) Current system resolvers (from /etc/resolv.conf)
2) Self-hosted DNS Resolver (Unbound)
3) Cloudflare (Anycast: worldwide)
4) Quad9 (Anycast: worldwide)
5) Quad9 uncensored (Anycast: worldwide)
6) FDN (France)
7) DNS.WATCH (Germany)
8) OpenDNS (Anycast: worldwide)
9) Google (Anycast: worldwide)
10) Yandex Basic (Russia)
11) AdGuard DNS (Anycast: worldwide)
12) NextDNS (Anycast: worldwide)
13) Custom
DNS [1-12]: 11
Choose the DNS server you prefer 11 to block ads, otherwise choose the cloudflare DNS servers by typing 3, when you’ve done hit enter.
Step 6
Do you want to use compression? It is not recommended since the VORACLE attack makes use of it.
Enable compression? [y/n]: n
Here for safety, leave compression disabled by pressing only enter.
Step 7
Do you want to customize encryption settings?
Unless you know what you're doing, you should stick with the default parameters provided by the script.
Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN's defaults)
See https://github.com/angristan/openvpn-install#security-and-encryption to learn more.
Customize encryption settings? [y/n]: n
You can proceed leaving the default parameters of the script by pressing enter here as well.
Step 8
Tell me a name for the client.
The name must consist of alphanumeric character. It may also include an underscore or a dash.
Client name: [VPN-CLIENT-NAME]
Write what you prefer and hit enter in this step as well.
Step 9
Do you want to protect the configuration file with a password?
(e.g. encrypt the private key with a password)
1) Add a passwordless client
2) Use a password for the client
Select an option [1-2]: 1
This is the last step. Proceed by pressing enter if you want to create a client without a password, otherwise if you want to be asked for a password during the connection, type 2 and press enter.
Remember that to access your VPN server you still need to have the file that OpenVPN generates at the end of the script.
The End
Download the .ovpn file and import it in your OpenVPN client.
Now download the file that you find inside the folder where you downloaded the script and insert it in any OpenVPN client.
How to create more clients
Re-run the installation script to add a new client that will be able to connect to your OpenVPN server
Welcome to OpenVPN-install!
The git repository is available at: https://github.com/angristan/openvpn-install
It looks like OpenVPN is already installed.
What do you want to do?
1) Add a new user
2) Revoke existing user
3) Remove OpenVPN
4) Exit
Select an option [1-4]: 1
Type 1 and press enter and follow the procedure of steps 8 and 9.
If you want to install your OpenVPN server, you can buy a VPS or Dedicated server on LyraHosting.com