How to set up OpenVPN on Ubuntu

Although Linux is well known for its superior security compared with Windows or macOS, it still makes sense to reinforce your network protections via a Virtual Private Network. If you need to do so, adding OpenVPN is likely to be the best way to go.

Given its popularity, there’s a very good chance that you’ll be installing OpenVPN on an Ubuntu build. So how can you go about doing so? This guide will explain the ins and outs of setting up OpenVPN with Ubuntu, making the initial process as hassle-free as possible.

Why Would You Need to Set Up OpenVPN On Ubuntu?

Before we run through the steps involved, it’s probably handy to explain a bit more about why OpenVPN makes sense when you are implementing a Linux VPN.

For those who don’t know, OpenVPN is an open-source VPN client, which was created by coder James Yohan in 2001. It uses both SSL and TLS encryption to create VPN tunnels from Linux to the external web, working on OSI layers 2 and 3.

The great benefit of using OpenVPN over off-the-shelf alternatives is flexibility. With OpenVPN, network managers can implement various authentication systems (including 2FA and smart cards), they can modulate firewall rules, set up individual or group access to specific resources, and set up multiple clients for different purposes and workstations.

OpenVPN is available for Windows and macOS, both of which tend to involve simple executables. Unfortunately, the process of adding OpenVPN to a Ubuntu build is slightly more complex. It’s not beyond any Linux user, but it does require following a few steps and tidying up the little details to make sure everything has been carried out properly.

So let’s quickly outline the setup process, and help you create an Ubuntu VPN setup that meets all of your security requirements.

A Quick Guide to Installing OpenVPN on Ubuntu

1. Find Out Your Server’s IP Address

Before we can install OpenVPN, we’ll need to create a server to host the VPN. The first step is to ascertain the IP address of your Ubuntu server. Doing so is very simple.

Just head to the terminal command line and enter the following command:

$ IP Addr Show eth0 (or eth1 if eth0 doesn't work)

This should produce a read-out including your IP information, To find the address, scan down, and it should be present inside inverted commas. This is the public address of your current Ubuntu server. Note it down, and move to the next step.

Alternatively, you can find the IP of your server in a control panel if you’re using a hosting provider.

2. Set Up Your Status as a Root User

The first step involves firing up the Ubuntu terminal to set the correct user privileges. To do so, type the command

$ SSH root@[the IP address you just noted down]"

This will log you into the Ubuntu server, giving you “root” privileges. These are required to complete the OpenVPN installation, so it’s important to get this stage right.

3. Create a New Server User With the Right Privileges

Now, we’ll need to create a user to install OpenVPN on the server. To do so, type:

# adduser [user name of your choice]

Choose a solid password for the new user, press enter, and then turn that new user into a “super user” with root privileges. To do so, type:

# usermod -ag sudo [user name]

This also adds the user to a sudo group, enabling them to actually download the OpenVPN software.

4. Create a Firewall

Creating a firewall is always a good idea when setting up a VPN, and that’s no exception for Ubuntu. To do so, you can use a tool called Uncomplicated Firewall, which comes bundled with Ubuntu.

First, type:

# ufw allow OpenSSH

This is very important, as it enables us to communicate with the server across the UFW firewall.
When that’s done, type:

# ufw enable

and choose “y”.

5. Finishing Up the Firewall

The server is almost done. To ensure that we can access it over the firewall, two more commands are required:

$ sudo ufw allow OpenSSH
$ sudo ufw allow 1194/udp

This gives our OpenVPN a really strong security footing, even before the VPN tunnel is switched on.

6. Download the OpenVPN Software

Now, you’re all set to download OpenVPN for Ubuntu. Again, this requires a simple terminal command, which goes as follows:

sudo apt-get update && sudo apt-get upgrade -y

(which updates your system, including your existing VPN software)

sudo apt install openvpn

(which downloads the latest OpenVPN build for Ubuntu)

When OpenVPN installs, you will be prompted to answer a few questions. When asked, enter the IP address of your server, and enter 1194 for the port. Choose OpenDNS or Google options, and give the client a suitable name.

This will complete the basic OpenVPN installation. Now, you’ll need to log in and set up OpenVPN to suit your needs.

7. Configure OpenVPN

To set up a suitable user name and password, type the following:

echo [user name of your choice] >> /etc/openvpn/credentials
echo [password of your choice for that user name] >> /etc/openvpn/credentials

Now, run OpenVPN using the following command:

openvpn --config /etc/openvpn/ovpn.conf --daemon

8. Test OpenVPN to Make Sure You Are Protected

Finally, we’ll need to test the OpenVPN configuration. To do so, leave your CLI for about 2 minutes. Now, type the following command:

curl https://www.ovpn.com/v1/api/client/ptr

This should return a string of code, with your IP address on the right hand side. If the IP address “status” is “true”, you should be protected by OpenVPN. Not only that, but when you shut down Ubuntu, OpenVPN should reboot automatically.

Running OpenVPN With Major Linux VPNs

If you want to use your OpenVPN configuration with VPNs like Hide.me or Torguard, you will need to download those VPN’s configuration files into the OpenVPN directory.

Most VPNs will provide config files in .zip or .tgz format on their websites. In almost all cases, you can download them via:

sudo wget [link to config files]
sudo unzip OpenVPN [name of downloaded zip file]

After that, different VPNs have their own requirements. For instance, TorGuard needs the config files to be moved into the /etc/openvpn directory, and the OVPN config files to be renamed. So check for specific setup commands for each provider.

Add a VPN to Your Ubuntu Setup to Lock Down Your Web Traffic

Linux isn’t invulnerable to security concerns. Ubuntu’s Snap Store has been flagged as a common source of malware, and security experts advise that the Linux build is almost as vulnerable to malicious attacks as Microsoft Windows. So only foolish network managers or personal users would leave their systems unprotected.

OpenVPN offers a flexible basis for solid protection. Compatible with numerous VPN providers, it’s not hard to set up, and offers a level of encryption and anonymization that’s increasingly making it an Ubuntu essential.


About the Author

This article was submitted to us by a third-party writer. The views and opinions expressed in this article are those of the author and do not reflect the views and opinions of ThisHosting.Rocks. If you want to write for ThisHosting.Rocks, go here.

This post was last modified on August 1, 2019 2:46 pm

Categories: Knowledgebase
Related Post