Professional Documents
Culture Documents
Install OpenVPN On Ubuntu 16
Install OpenVPN On Ubuntu 16
Install OpenVPN On Ubuntu 16
blog.ssdnodes.com
Prerequisites
1 of 14 11/19/2018, 11:05 AM
How to install OpenVPN on Ubuntu 16.04 | Serverwise about:reader?url=https://blog.ssdnodes.com/blog/tutorial-installing-open...
Ready to learn more about what you get from an honest VPS
provider? Here’s a hint: Our 24GB RAM + KVM VPS is only
$9.99/mo.
Let’s start by updating our apt cache and installing both openvpn
and easy-rsa, which we’ll use to set up certificates.
$ make-cadir ~/openvpn-ca
$ cd ~/openvpn-ca
2 of 14 11/19/2018, 11:05 AM
How to install OpenVPN on Ubuntu 16.04 | Serverwise about:reader?url=https://blog.ssdnodes.com/blog/tutorial-installing-open...
$ nano vars
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL= class="hljs-
string">"me@myhost.mydomain"
export KEY_OU="MyOrganizationalUnit"
export KEY_NAME="EasyRSA"
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="Tustin"
export KEY_ORG="SSD Nodes"
3 of 14 11/19/2018, 11:05 AM
How to install OpenVPN on Ubuntu 16.04 | Serverwise about:reader?url=https://blog.ssdnodes.com/blog/tutorial-installing-open...
export KEY_NAME="vpnserver"
Now, source the vars file you just edited. If there aren’t any errors,
you’ll see the following output.
$ source vars
NOTE: If you run ./clean-all, I will be doing a rm
-rf on /home/user/openvpn-ca/keys
Now we can clean up the environment and then build up our CA.
$ ./clean-all
$ ./build-ca
A new RSA key will be created, and you’ll be asked to confirm the
details you entered into the vars file earlier. Just hit Enter to
confirm.
Next up, you need to create the server certificate and key pair.
When you run the below command you can change [server] to
the name of your choice. Later, you’ll need to reference this name.
For the sake of this tutorial, we’re choosing with vpnserver.
4 of 14 11/19/2018, 11:05 AM
How to install OpenVPN on Ubuntu 16.04 | Serverwise about:reader?url=https://blog.ssdnodes.com/blog/tutorial-installing-open...
$ ./build-key-server [server]
$ ./build-dh
This process will create a single client key and certificate. If you
have multiple users, you’ll want to create multiple pairs.
$ source vars
$ ./build-key client1
$ source vars
$ ./build-key-pass client1
$ cd ~/openvpn-ca/keys
$ sudo cp ca.crt ca.key vpnserver.crt
5 of 14 11/19/2018, 11:05 AM
How to install OpenVPN on Ubuntu 16.04 | Serverwise about:reader?url=https://blog.ssdnodes.com/blog/tutorial-installing-open...
$ gunzip -c /usr/share/doc/openvpn/examples
/sample-config-files/server.conf.gz | sudo tee
/etc/openvpn/server.conf
First, let’s ensure that OpenVPN is looking for the right .crt and
.key files.
Before:
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
ca ca.crt
cert vpnserver.crt
key vpnserver.key # This file should be kept
secret
Before:
;tls-auth ta.key 0
After:
tls-auth ta.key 0
6 of 14 11/19/2018, 11:05 AM
How to install OpenVPN on Ubuntu 16.04 | Serverwise about:reader?url=https://blog.ssdnodes.com/blog/tutorial-installing-open...
key-direction 0
Because we are going to use this VPN to route our traffic to the
internet, we need to uncomment a few lines to help us
establish DNS. You should also remove bypass-dhcp from the
first line in question.
If you would prefer to use a DNS other than opendns, you should
change the two lines that begin with push "dhcp-option.
Before:
After:
7 of 14 11/19/2018, 11:05 AM
How to install OpenVPN on Ubuntu 16.04 | Serverwise about:reader?url=https://blog.ssdnodes.com/blog/tutorial-installing-open...
Before:
;cipher BF-CBC
;cipher AES-128-CBC
;cipher DES-EDE3-CBC
After:
8 of 14 11/19/2018, 11:05 AM
How to install OpenVPN on Ubuntu 16.04 | Serverwise about:reader?url=https://blog.ssdnodes.com/blog/tutorial-installing-open...
;cipher BF-CBC
cipher AES-256-CBC
;cipher DES-EDE3-CBC
auth SHA512
user openvpn
group nogroup
You can now save and close this file in order to create that user:
9 of 14 11/19/2018, 11:05 AM
How to install OpenVPN on Ubuntu 16.04 | Serverwise about:reader?url=https://blog.ssdnodes.com/blog/tutorial-installing-open...
The venet0 field is what we’re looking for. And then we set up
iptables. In order to ensure this rule is persistent between
reboots, isntall the iptables-persistent package, which will
prompt you to save existing rules. Choose Yes and your rules will
be persisted movign forward.
Lastly, you need to create client configurations. You can store these
in any folder you’d like—they don’t need to be kept secret—as long
as it isn’t the /etc/openvpn folder. We’ll create a directory in
home for this purpose.
$ cd ~
$ mkdir openvpn-clients
cd openvpn-clients
Now, copy the sample client configuration into this new directory,
10 of 14 11/19/2018, 11:05 AM
How to install OpenVPN on Ubuntu 16.04 | Serverwise about:reader?url=https://blog.ssdnodes.com/blog/tutorial-installing-open...
$ cp /usr/share/doc/openvpn/examples/sample-
config-files/client.conf ~/openvpn-clients
/base.conf
$ nano base.conf
Look for the following block of lines. You’ll need to change the my-
server-1 to the public IP address of this VPS. You can find this
information in the SSD Nodes dashboard, or by typing in the
ifconfig command and looking for the inet field that does not
look like 127.0.0.x.
Before:
After:
11 of 14 11/19/2018, 11:05 AM
How to install OpenVPN on Ubuntu 16.04 | Serverwise about:reader?url=https://blog.ssdnodes.com/blog/tutorial-installing-open...
Before:
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca ca.crt
cert client.crt
key client.key
After:
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
;ca ca.crt
;cert client.crt
;key client.key
Finally, jump to the bottom of the file and add the following lines.
The first two mirror the cipher/auth options we added to the
server.conf file earlier, and the third establishes that this files
will be used to connect to the server, not the other way around.
12 of 14 11/19/2018, 11:05 AM
How to install OpenVPN on Ubuntu 16.04 | Serverwise about:reader?url=https://blog.ssdnodes.com/blog/tutorial-installing-open...
conf.
# script-security 2
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
Finally, you need to embed the keys and certificates into an .ovpn
file using base.conf as a framework. Copy this entire command
and execute it to embed the keys and create a final
client1.ovpn file.
$ cat base.conf
<(echo -e '<ca>') ~/openvpn-ca/keys/ca.crt
<(echo -e '</ca>')
<(echo -e '<cert>') ~/openvpn-ca/keys
/client1.crt <(echo -e '</cert>n')
<(echo -e '<key>') ~/openvpn-ca/keys/client1.key
<(echo -e '</key>n')
<(echo -e '<tls-auth>') ~/openvpn-ca/keys/ta.key
<(echo -e '</tls-auth>')
>> client1.ovpn
13 of 14 11/19/2018, 11:05 AM
How to install OpenVPN on Ubuntu 16.04 | Serverwise about:reader?url=https://blog.ssdnodes.com/blog/tutorial-installing-open...
Additional resources
If you’re having issues, post them in the comments and we’ll do our
best to help you work through them. If we see common issues, we’ll
add a troubleshooting area with workarounds and fixes.
14 of 14 11/19/2018, 11:05 AM