Set Up OpenVPN

Ubuntu: How to Set Up OpenVPN

OpenVPN is a flexible and secure Virtual Private Networking (VPN) solution. It uses SSL/TLS for key exchange and encryption, allowing you to connect safely to remote networks or protect traffic over untrusted connections. This guide explains how to install and configure OpenVPN on Ubuntu 20.04, 22.04, or later.

Step 1: Install OpenVPN and Easy-RSA

sudo apt update

sudo apt install openvpn easy-rsa -y

Step 2: Set Up the Public Key Infrastructure (PKI)

Easy-RSA helps generate SSL/TLS certificates for authentication.

make-cadir ~/openvpn-ca

cd ~/openvpn-ca

source vars

./clean-all

./build-ca

Step 3: Generate Server Certificate and Key

./build-key-server server

./build-dh

openvpn --genkey --secret keys/ta.key

Step 4: Configure the OpenVPN Server

Edit the server configuration file:

sudo nano /etc/openvpn/server.conf

Set parameters like port (default 1194), protocol (UDP recommended), and paths to certificates/keys.

Step 5: Enable and Start OpenVPN

sudo systemctl start openvpn@server

sudo systemctl enable openvpn@server

Check status:

sudo systemctl status openvpn@server

Step 6: Configure Client Certificates

./build-key client1

Transfer the client certificate, key, and configuration file to the client system.

Step 7: Connect from Client

On the client machine:

sudo openvpn --config client1.ovpn

Best Practices

• Use UDP on port 1194 for best performance
• Always generate unique certificates for each client
• Enable firewall rules to allow VPN traffic
• Use ta.key for TLS authentication to prevent DoS attacks
• Regularly rotate keys and monitor logs in /var/log/openvpn.log

Note: HostPalace offers managed VPN hosting solutions with OpenVPN pre-configured for secure client access.