How to Install and Configure OpenVPN Server on Ubuntu 22.04 LTS

Step 1: Install OpenVPN

First, you'll need to install the OpenVPN server software. You can do this by running the following command:

sudo apt install openvpn

Step 2: Generate certificates and keys

You'll need to generate some certificates and keys that will be used to secure the VPN connection. You can do this by running the following command:

sudo openssl dhparam -out /etc/openvpn/dh.pem 2048
sudo openssl genpkey -algorithm RSA -out /etc/openvpn/ca-key.pem
sudo openssl req -new -x509 -key /etc/openvpn/ca-key.pem -out /etc/openvpn/ca.pem -days 3650
sudo openssl genpkey -algorithm RSA -out /etc/openvpn/server-key.pem
sudo openssl req -new -key /etc/openvpn/server-key.pem -out /etc/openvpn/server.csr
sudo openssl x509 -req -in /etc/openvpn/server.csr -CA /etc/openvpn/ca.pem -CAkey /etc/openvpn/ca-key.pem -out /etc/openvpn/server.pem -days 3650

Step 3: Configure OpenVPN

Next, you'll need to create a configuration file for OpenVPN. You can do this by copying the sample configuration file to a new location:

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
sudo gzip -d /etc/openvpn/server.conf.gz

Then, open the configuration file for editing:

sudo nano /etc/openvpn/server.conf

Find the lines that begin with "ca", "cert", and "key", and replace the paths with the following:

ca /etc/openvpn/ca.pem
cert /etc/openvpn/server.pem
key /etc/openvpn/server-key.pem

Uncomment the line that says "user nobody" and "group nogroup".

Find the line that says "cipher AES-256-CBC" and uncomment it.

Add the following line to the end of the file:

push "redirect-gateway def1"

This will route all client traffic through the VPN server.

Step 4: Enable IP forwarding

To enable IP forwarding, you can edit the /etc/sysctl.conf file:

sudo nano /etc/sysctl.conf

Find the line that says "#net.ipv4.ip_forward=1" and remove the "#" to uncomment it.

Save and exit the file.

Step 5: Configure firewall rules

To allow incoming VPN connections, you'll need to configure the firewall. You can do this by running the following commands:

sudo ufw allow 1194/udp
sudo ufw allow OpenSSH
sudo ufw enable

This will allow incoming VPN connections on UDP port 1194, as well as SSH connections.

Step 6: Start the OpenVPN server

Now that everything is configured, you can start the OpenVPN server by running the following command:

sudo systemctl start openvpn@server

Step 7: Create client configurations

To connect to the VPN server, you'll need to create client configurations. You can do this by copying the sample client configuration file to a new location:

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/

Then, open the configuration file for editing:

sudo nano /etc/openvpn/client.conf

Find the lines that begin with "ca", "cert", and "key", and replace the paths with the following:

ca /etc/openvpn/ca.pem
cert /etc/openvpn/client.pem
key /etc/openvpn/client-key.pem

Uncomment the line that says "user nobody" and "group nogroup".

Find the line that says "cipher AES-256-CBC" and uncomment it.

Add the following line to the end of the file:

remote your_server_ip 1194 udp

Replace "your_server_ip" with the IP address of your server.

Save and exit the file by pressing Ctrl+X, followed by Y and Enter.

Step 8: Generate client certificates and keys

You'll need to generate some certificates and keys for each client that will connect to the VPN. You can do this by running the following command:

sudo openssl genpkey -algorithm RSA -out /etc/openvpn/client-key.pem
sudo openssl req -new -key /etc/openvpn/client-key.pem -out /etc/openvpn/client.csr
sudo openssl x509 -req -in /etc/openvpn/client.csr -CA /etc/openvpn/ca.pem -CAkey /etc/openvpn/ca-key.pem -out /etc/openvpn/client.pem -days 3650

Step 9: Start the OpenVPN service

To start the OpenVPN service, you can run the following command:

sudo systemctl start openvpn@server

This will start the OpenVPN service and make it available for clients to connect to.

Step 10: Verify the VPN connection

To verify that the VPN connection is working, you can try connecting from a client computer. Copy the client configuration file and the client certificates to the client computer. Then, run the following command:

sudo openvpn --config client.conf

This will initiate the VPN connection. You should see some output indicating that the connection was successful.

That's it! You've successfully configured an OpenVPN server on Ubuntu 22.04.