Install and Configure OpenVpn Server

1.Update Ubuntu’s repository lists

 #apt-get update

2.Install OpenVPN and Easy-RSA

#apt-get install openvpn easy-rsa

3.Copy default openvpn server configuration

#gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf

4.Open /etc/openvpn/server.conf

#vim /etc/openvpn/server.conf

5.Edit openvpn server.conf and add local IP address and by uncomment same config below, then save and exit vim

......
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
local 172.31.100.37 #(put your actual public ip address)
......
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
push "redirect-gateway def1 bypass-dhcp"

# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
# The addresses below refer to the public
# DNS servers provided by opendns.com.
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
......
# You can uncomment this out on
# non-Windows systems.
user nobody
group nogroup
.....

6.Forward traffic from client

#echo 1 > /proc/sys/net/ipv4/ip_forward

or Open sysctl.conf for permanent by uncomment net.ipv4.ip_forward

#vim /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
#sysctl -p

Create a CA and Server-Side Certificate and Key

1.Copy Easy-RSA scripts to OpenVpn Directory and create keys directory

#cp -r /usr/share/easy-rsa/ /etc/openvpn
#mkdir /etc/openvpn/easy-rsa/keys

2.Open variables config for creating certificates and edit according to your preference.

vim /etc/openvpn/easy-rsa/vars
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="PH"
export KEY_PROVINCE="NCR"
export KEY_CITY="Makati"
export KEY_ORG="My Own VPN"
export KEY_EMAIL="[email protected]"
export KEY_OU="IT"

# X509 Subject Field
export KEY_NAME="server"

3.Generate the Diffie-Hellman parameters and edit server.conf dh from dh1024.pem to dh2048.pem

#openssl dhparam -out /etc/openvpn/dh2048.pem 2048
#vim  /etc/openvpn/server.conf
# 2048 bit keys.
#dh dh1024.pem
dh dh2048.pem

4.Change directories and build Certificate Authority

#cd /etc/openvpn/easy-rsa
#. ./vars
#./clean-all
#./build-ca

Simply press enter to pass through every promt

Generate a Certificate and Key for the Server

1.Build Key for the server Similar output from ./build-ca, there’s “A challenge password” and “An optional company name” promt, let it blank and press ENTER to pass through.And last type (y) response for “Sign the certificate? [y/n]” and  “1 out of 1 certificate requests certified, commit? [y/n]”

#./build-key-server server

2.Move the Server Certificates and keys and verify the files in /etc/openvpn directory

#cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt} /etc/openvpn
#ls -l /etc/openvpn

3.Adding network address translation and IP masquerading

#iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

4.Start OpenVpn server and check status and should “* VPN ‘server’ is running” Status

#service openvpn start
service openvpn status

Generate Certificates and Keys for Clients

1.Create and build OpenVpn client, vpnclient1 is the client name change for your preference.

#cd /etc/openvpn/easy-rsa && source ./vars && ./build-key vpnclient1

2.Copy default client configuration and we will change it from .conf to .ovpn (for windows client device)

#cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/vpnclient1.ovpn

note:Repeat 1 & 2 under Generate Certificates and Keys for Clients for multiple clients

3.Next is we archive the client certificate.

#tar -czvf vpnclient1.tar.gz vpnclient1.crt vpnclient1.key vpnclient1.ovpn ca.crt

 

4.Now we successfully archive & generate client certificate and keys next is setup on client devices

Configuring OpenVPN Client Devices

For windows client devices

1.Download the client certificate and ovpn profile using WinScp (you can download WinScp Installer HERE)

Download this files;

  • vpnclient1.crt
  • vpnclient1.key
  • vpnclient1.ovpn
  • ca.crt

2.Open vpnclient1.ovpn and edit profile configuration put the ip address of you OpenVpn server on remote and uncomment by removing “;” on “user nobody” & “group nogroup”

remote openvpn-server-ip-address 1194
user nobody
group nogroup

3.Install OpenVpn Client, on Windows  can be found on OpenVpn Download HERE

4.After installing OpenVPN, copy the files that you download from your openvpn server and put the files on,

C:\Program Files\OpenVPN\config

5. Launch OpenVpn Application and right click on icon in the taskbar and click “connect”

6.Now you connect on your own VPN server using windows.

For ubuntu client devices using terminal

1.Open Termibal window (ctrl+alt+T

2.Instal open openvpn

#sudo apt-get install openvpn

3.Copy the client certificate, keys and profile config from your openvpn server to local device.

#sudo scp [email protected]openvpn-server-ip:/etc/openvpn/easy-rsa/keys/vpnclient.tar.gz ~/Downloads

4.Extract downloaded files from openvpn server.

5.Open terminal again and copy all files downloaded to /etc/openvpn/ directory

# sudo cd ~/Downloads

#sudo cp vpnclient1/* /etc/openvpn/

6.Open vpnclient1.ovpn and edit your preference.

#vi /etc/open/vpnclient1.ovpn

edit:

;remote my-server-1 1194

to

remote openvpn-server-ip

edit:

ca ca.crt

cert client.crt

key client.key

to

ca ca.crt

cert vpnclient1.cert

key vpnclient1.key

 

6.Start openvpn service and connect using command;

#sudo cd /etc/openvpn/

#sudo service openvpn start

#sudo openvpn --config vpnclient1.ovpn

7.Now you connect on your own VPN server using ubuntu desktop.

note:ctrl+c to disconnect

For ubuntu client devices using GUI

1.Open terminal ctrl+alt+T and install Network manager OpenVPN plugin

#sudo apt-get install network-manager-openvpn network-manager-openvpn-gnome‎

2.Select Network connection form upper right corner > VPN Connection > Configure VPN

 

3.Add OpenVpn configuration.

4.Import cert. and key created from openvpn server and edit your own OpenVpn configuration.

Note:Gateway is your OpenVpn Server IP

5.Connect to OpenVpn server and you will got message “VPN connection has beed successfully establish.

6.Now you connect on your own VPN server using ubuntu desktop GUI.

To disconnect go to Network connection form upper right corner > VPN Connection > OpenVpn_Name_Connection.

 

3 thoughts on “How to setup your own VPN server using OpenVpn in ubuntu 14.04 LTS

  1. Why is the last part pertinent to Windows? I was trying to do this on my Ubuntu computer and now I’m unfortunately stuck without the next step once we’re talking about WinScp…

  2. Ok, i will add linux, ios and android client for the next tutorials. Currently it is windows client. And also add some security on the server side. 🙂

Leave a Reply

Your email address will not be published.