Using a Personal VPN offers a secure way to access the internet and safeguard personal data from prying eyes. OpenVPN is a widely used and trusted VPN protocol that allows for creating secure connections over the internet. In this article, I’ll walk you through the process of setting up a Personal VPN using OpenVPN on Ubuntu, one of the most popular and user-friendly Linux-based systems.
OpenVPN is available in the Ubuntu repository, making it easy to install. Once installed, the first step is to generate the server and client keys and certificates necessary for secure communication. The next step is to configure the OpenVPN server by setting up a simple UDP or TCP server and configuring the firewall to allow incoming traffic. This allows clients to connect to the server securely using the provided configuration file. From there, clients can connect to the Personal VPN using the OpenVPN client software.
Setting up a Personal VPN using OpenVPN on Ubuntu is a straightforward process that can be accomplished in a few simple steps. By following these steps, you can rest assured that your internet traffic is encrypted and secure, and your personal data is protected from prying eyes. In the following sections, I’ll provide a step-by-step guide on how to set up and configure the OpenVPN Ubuntu server and clients.
Installing OpenVPN on Ubuntu
To install OpenVPN on Ubuntu, follow these simple steps:
- Open the terminal and update the package list with the following command:
sudo apt-get update.
- After that, you will need to install OpenVPN and the required dependencies by entering this command:
sudo apt-get install openvpn.
- During the installation process, you will be prompted to grant permission to download and install the additional packages. Just enter “y” and hit enter.
- Once the installation process is completed, you will be able to use OpenVPN on Ubuntu.
Configuring OpenVPN on Ubuntu
Before using OpenVPN, you need to configure it first. There are two options: you can either use the OpenVPN configuration file provided by your VPN service provider or create your own configuration file.
To use the OpenVPN configuration file provided by your VPN service provider, simply copy the file to the
/etc/openvpn/ folder. You can do this with the following command:
sudo cp /path/to/config.ovpn /etc/openvpn/client.conf.
If you choose to create your own configuration file, you need to follow these steps:
- Create a new file with your desired name, for example
- Open the file in a text editor and add the following lines at the beginning:
remote <server> <port>
<port> with the server address and port provided by your VPN service provider.
- After that, add the
auth-user-passline followed by the path to your OpenVPN login credentials file. You can create a new file with your OpenVPN username and password in the following format:
- Finally, add the
keylines followed by the path to the respective files. These files can be obtained from your VPN service provider.
- Save the configuration file and close the text editor.
- Copy the configuration file to the
/etc/openvpn/folder with the following command:
sudo cp /path/to/myvpn.conf /etc/openvpn/client.conf.
Once you have followed these steps, you will be able to use OpenVPN on Ubuntu to create a Personal VPN.
Setting up the OpenVPN Server
Now that we have installed OpenVPN on our Ubuntu server, let’s set it up as a personal VPN. The following steps will guide you through the process of configuring the OpenVPN server on your Ubuntu machine:
- Create the OpenVPN configuration file: You can start by creating a new configuration file for OpenVPN. In the terminal window, type
sudo nano /etc/openvpn/server.confto create the file. This file will contain the configuration settings for the OpenVPN server.
- Add the necessary configuration settings: In the
server.conffile, you can add the necessary configuration settings based on your requirements. You can configure settings like port number, protocol, network address pool, DNS servers, and certificate settings.
- Generate the server certificate: In order to secure your VPN connection with encryption, you need to generate a server certificate. You can use the
easy-rsapackage to generate the certificate. If you don’t have it installed, type
sudo apt-get install easy-rsain the terminal window to install it. Once installed, navigate to the
easy-rsadirectory and run the
./easyrsa init-pkicommand to initialize the Public Key Infrastructure (PKI) for your VPN.
- Create the Certificate Authority (CA): Use the
./easyrsa build-cacommand to create the Certificate Authority (CA), which is used to sign the server and client certificates.
- Generate the server key and certificate: Use the
./easyrsa build-server-full servercommand to generate the server key and certificate. This command will create a new key and certificate and sign it using the CA.
- Start the OpenVPN service: Once you have completed all the steps above, start the OpenVPN service using the
sudo systemctl start openvpn@servercommand. You can check the status of the service by running the
sudo systemctl status openvpn@servercommand.
Congratulations! You have now set up the OpenVPN server on your Ubuntu machine. In the next section, we will configure the client-side settings to connect to the VPN.
Generating Certificates and Keys
In this section, I will guide you through the process of generating certificates and keys for your Personal VPN using OpenVPN on Ubuntu. This step is crucial as it will ensure maximum security and privacy of your connection.
- The first step is to install easy-rsa, which is a package that provides you with a set of scripts to generate the required certificates and keys. You can install easy-rsa by running the following command:
sudo apt-get install easy-rsa
- Once easy-rsa is installed, navigate to /usr/share/easy-rsa/ directory and create a new directory to store your certificates and keys by running the following command:
sudo mkdir /etc/openvpn/easy-rsa
- Copy the contents of the /usr/share/easy-rsa/ directory to the new directory you just created by running the following command:
sudo cp -r /usr/share/easy-rsa/* /etc/openvpn/easy-rsa/
- Next, navigate to the
/etc/openvpn/easy-rsa/directory and open the vars file using a text editor. This file contains variables that need to be configured before generating certificates and keys. Edit the variables to match your requirements.
- Once you have configured the variables, execute the following command to initialize the PKI (Public Key Infrastructure):
sudo easy-rsa init-pki
- Once the PKI is initialized, you can generate certificates and keys by executing the following command:
sudo easy-rsa build-ca
This will generate a root certificate which will be used to sign all other certificates.
- Next, generate the server certificate and key by executing the following command:
sudo easy-rsa build-server-full server
- Finally, generate the client certificate and key by running the following command, replacing “client” with a name of your choice:
sudo easy-rsa build-client-full client
Once executed, a client certificate and key will be generated. You can repeat this step for each client you want to connect to your Personal VPN.
By now, you should have a set of certificates and keys generated for your OpenVPN Ubuntu Personal VPN. In the next section, I will show you how to configure the OpenVPN server itself.
Configuring the OpenVPN Server
Now that we have installed OpenVPN on our Ubuntu server, it’s time to configure it. In this section, I’ll walk you through the process of setting up the OpenVPN server and creating client keys and certificates.
Step 1: Create server configuration file
To configure the OpenVPN server, the first thing we need to do is create a configuration file. This file will tell OpenVPN how to operate and what network settings to use. Open your terminal window and type in:
sudo nano /etc/openvpn/server.conf
This will create and open the configuration file at
/etc/openvpn/server.conf. In this file, we will define several settings such as IP address, port number, protocol, and encryption.
Step 2: Set up TLS authentication
To provide an additional layer of security, we can use TLS authentication to ensure that only clients with the correct key can connect to our VPN server. We can do this by adding the following line to our server.conf file:
tls-auth ta.key 0
This tells OpenVPN to use
ta.key as the keyfile for TLS authentication. We need to create this keyfile before we can proceed. To do this, type in:
sudo openvpn --genkey --secret ta.key
This will create the
ta.key file in the
Step 3: Configure network settings
Next, we need to specify the IP addresses of our VPN server and the virtual network that OpenVPN will create for our clients to connect to. Add the following lines to the server.conf file:
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
The first line specifies the IP addresses that OpenVPN will use for the virtual network. The second line tells OpenVPN to redirect all client traffic through the VPN server, such that all internet traffic passes through the VPN.
Step 4: Create keys and certificates
Now it’s time to create keys and certificates for our clients to use when connecting to the VPN. We will use EasyRSA, a simple PKI (public key infrastructure) management tool that comes with OpenVPN. Type in:
sudo ./easyrsa init-pki
sudo ./easyrsa build-ca
sudo ./easyrsa gen-dh
sudo ./easyrsa build-server-full server nopass
These commands will create a public key infrastructure, generate a CA certificate, create a Diffie-Hellman key exchange, and generate a server key and certificate.
Enabling IP Forwarding and Firewall
To ensure that our personal VPN created using OpenVPN on Ubuntu can forward traffic from clients to the internet, we must first enable IP forwarding. IP forwarding is a technique used to exchange network traffic between two networks using a Linux kernel-based router system’s routing table. It allows traffic to flow from one network to another, in this case from our VPN clients to the internet.
We can enable IP forwarding by modifying the value of the net.ipv4.ip_forward kernel parameter. To do this, we edit the
/etc/sysctl.conf file by running the following command:
$ sudo nano /etc/sysctl.conf
Then, we add the following line at the end of the file:
After adding this line, we save and close the file, then apply the changes by running the following command:
$ sudo sysctl -p /etc/sysctl.conf
Now that IP forwarding is enabled, we can proceed to set up the firewall for our personal VPN. A firewall helps to secure our VPN by screening and blocking unwanted traffic, including malicious traffic, from accessing our network.
We can set up a firewall using iptables, which is a Linux kernel-based packet-filtering firewall. We start by allowing traffic on our VPN server’s tun interface, which is used to route traffic within our VPN network. We can do this by running the following commands:
$ sudo iptables -A INPUT -i tun0 -j ACCEPT
$ sudo iptables -A FORWARD -i tun0 -j ACCEPT
This allows traffic on the tun0 interface to be accepted by the server and forwarded to the internet. We also need to enable NAT (Network Address Translation) to translate our VPN clients’ private IP addresses to the server’s public IP address. We can do this using the following command:
$ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
With the above commands, we have successfully enabled IP forwarding and configured a firewall for our personal VPN created using OpenVPN on Ubuntu.
Creating OpenVPN Client Configurations
Now that we have successfully set up the OpenVPN server on Ubuntu and configured the firewall rules, the next step is to create OpenVPN client configurations. This will allow us to connect to the server and use our Personal VPN, so we can access our private network or browse the internet securely.
To create the client configuration, we need to install the OpenVPN client on our local machine. This can be downloaded from the OpenVPN website, and the installation process may vary depending on your Operating System. Once installed, follow the below steps:
- Copy the
client.conffile from the
/etc/openvpn/serverdirectory to your local machine. This file contains the server’s configuration settings which are needed for the client configuration.
- Copy the client certificate (
client.crt) and key file (
client.key) from the
/etc/openvpn/server/easy-rsa/keys/directory to your local machine. These files will be required for the client authentication process.
- Open the
client.conffile with a text editor and replace the following parameters:
remote my-server-1 1194 ... cert client.crt key client.key
my-server-1with the public IP address or DNS name of your OpenVPN server.
- Save the
client.conffile and transfer it to the OpenVPN client directory. This can vary depending on your Operating System.
- Finally, start the OpenVPN client and connect to the server using the
client.ovpnconfiguration file. You will need to authenticate with the same credentials used for generating the client certificate and key file.
By following these steps, you will now have a fully-functional Personal VPN using OpenVPN on Ubuntu. You can now access your private network remotely or browse the internet securely.
Establishing a Connection to the VPN Server
Now that we have set up OpenVPN on our Ubuntu machine, the next step is to connect to the VPN server we have configured.
To establish a connection to the Personal VPN server, we need to follow the below steps:
- First, launch the terminal and enter the following command to start the OpenVPN client:
sudo openvpn --config /path/to/client.ovpn
/path/to/client.ovpnwith the path to your OpenVPN client file.
- You will then be prompted to enter your VPN username and password. Enter the credentials you created earlier when configuring your VPN server.
- Once you have entered the username and password, the OpenVPN client will negotiate a secure connection with the server and will assign an IP address to your machine. If the connection is successful, you will see a message that confirms the connection.
- You can verify that your connection has been established by checking your IP address. You can do this by entering the following command in the terminal:
If the IP address displayed on the terminal matches the IP address of your VPN server, then you are connected to the VPN server and your internet traffic is being routed over a secure tunnel.
It’s worth noting that when you are connected to the VPN server, your internet traffic is being routed through the VPN and hence you will have a different public IP address than your actual IP address. This adds an extra layer of security to your internet connection and ensures that your online activities are not visible to anyone who might be monitoring your network.
In the next section, we will discuss how to troubleshoot common issues that you might face while setting up a Personal VPN with OpenVPN on Ubuntu.
Monitoring OpenVPN Server Logs
After setting up a personal VPN using OpenVPN on Ubuntu, monitoring server logs is an important step to ensure its smooth and secure operation. Server logs provide valuable information about the status of the VPN server, including how many clients are connected, what IP addresses they are using, how much data is being transferred, and any errors that may be occurring.
To access the OpenVPN server logs, simply SSH into the server and use the following command:
sudo tail -f /var/log/syslog
This command will show all of the latest log entries in real-time. It’s important to note that OpenVPN logs are normally located in the syslog file, so make sure to specify that file when using the tail command.
One of the most useful pieces of information that can be found in the OpenVPN server logs is the status of the client connections. This includes the start and stop time of the connection, the IP address of the client, and the amount of data that has been transferred. By monitoring these logs, you can quickly identify any connection issues or abnormal activity.
Another important thing to look for in the OpenVPN server logs is any error messages. These could indicate configuration issues, network problems, or security breaches. By identifying and troubleshooting these errors quickly, you can ensure that your personal VPN remains secure and reliable.
It’s also worth noting that OpenVPN has several log verbosity levels, which can be set in the server configuration file. By setting the log level to a higher value, more detailed information will be recorded in the server logs. This can be particularly useful for debugging issues or monitoring performance.
In conclusion, monitoring the OpenVPN server logs is critical for maintaining the security and performance of your personal VPN. By checking for client connections, errors, and other important information, you can quickly identify and resolve any issues that may arise.
When setting up a Personal VPN using OpenVPN on Ubuntu, one may encounter some issues. It’s essential to troubleshoot and resolve any problems that arise to ensure that the VPN is functioning correctly. Here are some solutions to common problems:
Unable to Connect to the VPN
When you’re unable to connect to the VPN, review your OpenVPN configuration files. Check for any errors in the file and make sure all the necessary information is added, such as the server IP, port number, and username/password.
Also, verify if the OpenVPN service is running on your Ubuntu system. Check the status by running the command:
sudo systemctl status openvpn@server
If the status displays as inactive, start the service by running the command:
sudo systemctl start openvpn@server
If you’re experiencing connectivity issues, check your firewall settings to ensure that they aren’t blocking the VPN connection.
If your Ubuntu firewall is running, add OpenVPN rules to allow traffic through. To do this, run the following commands to enable the OpenVPN port and protocol in firewall settings:
sudo ufw allow 1194/udp
sudo ufw status
DNS leaks can occur when the DNS server sends queries outside of the VPN tunnel, making your online activity visible to your internet service provider (ISP). To prevent these leaks, add the following line to your OpenVPN configuration file:
push "dhcp-option DNS 18.104.22.168"
Alternatively, you can install the openvpn-systemd-resolved package to prevent DNS leaks and configure the resolver appropriately.
Creating your own personal VPN using OpenVPN on Ubuntu has never been easier. With a few simple configurations and a little patience, you can secure your online activities and enhance your privacy while browsing the internet.
In this tutorial, I have shown you how to install and configure OpenVPN on Ubuntu. We started with the basics of VPNs and talked about different types of VPN protocols. Then, we discussed the advantages of OpenVPN and how to install it on your Ubuntu machine.
We also covered how to create a certificate authority, generate server and client certificates, open firewall ports, and configure the OpenVPN server and client side.
Now that you have a personal VPN running on your Ubuntu machine, you can browse the web safely from any location. Your online traffic is now encrypted, and you have better control of your online privacy.
Remember to keep your OpenVPN server updated and properly secured, and always connect to reliable VPN providers. You can further customize and optimize your OpenVPN configurations to suit your needs, depending on your internet usage and requirements.
I hope this tutorial has been informative and helpful in setting up your personal VPN using OpenVPN on Ubuntu. Feel free to browse the OpenVPN documentation and explore its functionalities to get the most out of your VPN experience.