How to Install OpenVPN on Ubuntu (Step-by-Step Guide)
OpenVPN is a powerful and highly flexible VPN solution that offers secure access to private networks over the internet. If you’re using Ubuntu, setting it up is straightforward. In this guide, we’ll walk you through the process of installing OpenVPN on an Ubuntu server.
Step 1: Update Your System
Start by updating your system packages to ensure everything is current.
sudo apt update && sudo apt upgrade -y
Step 2: Install OpenVPN and Easy-RSA
Install OpenVPN and Easy-RSA, a tool for managing SSL certificates.
sudo apt install openvpn easy-rsa -y
Step 3: Set Up the Public Key Infrastructure (PKI)
Copy Easy-RSA files to your preferred directory:
make-cadir ~/openvpn-ca
cd ~/openvpn-ca
Initialize the PKI environment:
./easyrsa init-pki
Build the Certificate Authority (CA):
./easyrsa build-ca
(You’ll be prompted to enter a passphrase and Common Name.)
Step 4: Create Server Certificate, Key, and Encryption Files
./easyrsa gen-req server nopass
./easyrsa sign-req server server
Generate Diffie-Hellman parameters:
./easyrsa gen-dh
Create an HMAC signature to strengthen the server’s TLS integrity:
openvpn --genkey --secret ta.key
Step 5: Configure the OpenVPN Server
Copy the example configuration:
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf
Edit /etc/openvpn/server.conf to match your cert paths and preferences:
sudo nano /etc/openvpn/server.conf
Look for these lines and set the correct paths:
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-auth ta.key 0
Step 6: Enable IP Forwarding
Edit sysctl.conf:
sudo nano /etc/sysctl.conf
Uncomment or add:
net.ipv4.ip_forward=1
Apply it:
sudo sysctl -p
Step 7: Start and Enable OpenVPN
sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server
Check status:
sudo systemctl status openvpn@server
Step 8: Set Up Client Configuration
Copy the generated client certificate and keys to your client device, and configure a .ovpn file using the server’s public IP.
Open Source Cloud Storage vs Paid Services like Google Drive & MEGA (F.A.Q)
Do I need root access to install OpenVPN?
Yes, installing and configuring OpenVPN requires root or sudo privileges.
Can I use OpenVPN with a dynamic IP?
Yes, but using a static IP or Dynamic DNS (e.g., DuckDNS) is recommended for stability.
Is OpenVPN secure out of the box?
OpenVPN is secure by default, especially when using TLS authentication and strong encryption settings.
Can I run OpenVPN on Raspberry Pi?
Absolutely! The process is similar and works well on Pi 3/4 models.
