How to Set Up OpenVPN on Linux

OpenVPN is a popular open-source VPN solution that enables secure point-to-point or site-to-site connections in routed or bridged configurations. This tutorial will guide you through the process of installing and configuring OpenVPN on a Linux server.

Prerequisites

• A server running a Linux distribution (Ubuntu, CentOS, or Debian).
• Root or sudo privileges on the server.
• Basic knowledge of terminal commands.

1. Installing OpenVPN

To install OpenVPN, use the following commands based on your distribution:

• For Ubuntu:

  sudo apt update
  sudo apt install openvpn easy-rsa -y

• For CentOS:

  sudo yum install epel-release -y
  sudo yum install openvpn easy-rsa -y

• For Debian:

  sudo apt update
  sudo apt install openvpn easy-rsa -y

2. Setting Up the Public Key Infrastructure (PKI)

The next step is to set up the PKI to manage the keys used for encryption. Create a directory for the PKI files:

make-cadir ~/openvpn-ca
cd ~/openvpn-ca

Open the vars file to configure the CA details:

nano vars

Customize the variables according to your desired settings. Then, run the following commands to build the CA:

. ./vars
./clean-all
./build-ca

3. Generating Server and Client Certificates

To generate certificates for the server:

./build-key-server server

Then generate Diffie-Hellman parameters:

./build-dh

Next, generate a certificate for a client (replace client1 with your desired client name):

./build-key client1

4. Configuring the OpenVPN Server

Navigate to the OpenVPN directory and create a configuration file for the server:

sudo nano /etc/openvpn/server.conf

Here’s an example configuration:

port 1194
proto udp
dev tun

ca ca.crt
cert server.crt
key server.key

dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
verb 3

Save and close the file.

5. Starting the OpenVPN Server

To start the OpenVPN server using the configuration file, run:

sudo systemctl start openvpn@server

To enable the service to start on boot:

sudo systemctl enable openvpn@server

6. Configuring the Client

Copy the necessary certificates and keys to your client device. You will need:

• ca.crt
• client1.crt
• client1.key

Create a client configuration file:

client
dev tun
proto udp
remote your_server_ip 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
verb 3
<ca>
-----BEGIN CERTIFICATE-----
(Your CA Certificate)
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
(Your Client Certificate)
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
(Your Client Key)
-----END PRIVATE KEY-----
</key>

7. Connecting to the VPN

To connect to your OpenVPN server, run the following command on your client:

sudo openvpn --config client.ovpn

Make sure you replace client.ovpn with the path to your client's configuration file.

8. Conclusion

By following this guide, you have successfully set up OpenVPN on Linux. This VPN will provide secure remote access to your network. Make sure to explore OpenVPN's features and configurations to maximize your setup!

About the Author

Dorian Kane

Author

View All Posts