linux

March 14, 2025

How to Install and Configure a VPN Server on Ubuntu

mr rockstar

How to Install and Configure a VPN Server on Ubuntu
Cheap Dedicated Server

A Virtual Private Network (VPN) enhances security and privacy by encrypting internet traffic and masking your IP address. Setting up your own VPN server on Ubuntu ensures control over your data and network security. This guide covers installing and configuring a VPN server on Ubuntu using OpenVPN.

Step 1: Update and Upgrade Your System

First, update your Ubuntu system to ensure all packages are up-to-date:

sudo apt update && sudo apt upgrade -y

Step 2: Install OpenVPN and Easy-RSA

OpenVPN is a widely used open-source VPN solution. Install it along with Easy-RSA, which helps in setting up the certificate authority:
Install OpenVPN and Easy-RSA

sudo apt install openvpn easy-rsa -y

Step 3: Set Up the Certificate Authority (CA)

  1. Copy the Easy-RSA template to a new directory:
    Copy the Easy-RSA template to a new directory
    make-cadir ~/openvpn-ca
cd ~/openvpn-ca
  2. Edit the vars file to customize the certificate details:
    nano vars

    Update fields like country, organization, and email.

  3. Load the variables and clean up previous keys (if any):
    Load the variables and clean up previous keys (if any)
    source vars
./clean-all
  4. Build the Certificate Authority:
    ./build-ca

Step 4: Generate Server Certificate and Keys

  1. Generate the server certificate:
    Generate the server certificate
    ./build-key-server server
  2. Generate the Diffie-Hellman key exchange parameters:
    ./build-dh
  3. Copy the generated keys to OpenVPN’s directory:
    Copy the generated keys to OpenVPN’s directory
    sudo cp keys/{server.crt,server.key,ca.crt,dh2048.pem} /etc/openvpn/

Step 5: Configure the OpenVPN Server

  1. Copy the sample OpenVPN configuration file:
    Copy the sample OpenVPN configuration file
    sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
sudo gzip -d /etc/openvpn/server.conf.gz
  2. Edit the server configuration file:
    Enable IP Forwarding
    sudo nano /etc/openvpn/server.conf

    Adjust settings such as dh dh2048.pem, ca ca.crt, cert server.crt, and key server.key.

Step 6: Enable IP Forwarding

Edit the sysctl configuration file:

sudo nano /etc/sysctl.conf

Uncomment the following line:

net.ipv4.ip_forward=1

Apply changes:

sudo sysctl -p

Step 7: Configure Firewall Rules

Use UFW (Uncomplicated Firewall) to allow VPN traffic:
Configure Firewall Rules

sudo ufw allow 1194/udp
sudo ufw enable

Step 8: Start and Enable OpenVPN Service

Start OpenVPN and enable it on boot:

sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server

Step 9: Create Client Configuration Files

Use Easy-RSA to generate client certificates and keys:

cd ~/openvpn-ca
source vars
./build-key client1

Copy the required client files to distribute securely.

Step 10: Connect to Your VPN

Use an OpenVPN client (such as OpenVPN GUI for Windows or Network Manager for Ubuntu) to connect to your VPN server using the client configuration files.

Conclusion

Setting up a VPN server on Ubuntu ensures secure remote access and encrypted data transfer. By following these steps, you can establish a robust VPN service for personal or business use.

 

How to Install and Configure a VPN Server on Ubuntu (F.A.Q)

Can I use WireGuard instead of OpenVPN?

Yes, WireGuard is a modern alternative to OpenVPN that is easier to configure and offers better performance.

How can I verify that my VPN is working?

Check your public IP address before and after connecting using curl ifconfig.me.

How do I add more clients to my VPN?

Generate new client certificates using Easy-RSA and distribute them securely.

What port does OpenVPN use?

By default, OpenVPN uses UDP port 1194, but you can change this in the configuration file.

Popular Blog Posts