How to Install OpenVPN Server on an Ubuntu 18.04 VPS or Dedicated Server

Introduction

A virtual private network is a technology that creates a safe, secure, encrypted network over a less secure network such as the internet.

It is mainly developed to allow users and other remote offices to be able to access the corporate network and resources over the internet in a much secure way.

The concept works by allowing a client to connect to the organization’s VPN gateway by authenticating themselves either by using SSL or IPSec. The gateway then provides a link back to the internal organization’s resources.

A number of advantages offered the by use of VPN include:

  • Organization members can work even when remotely situated.
  • It can hide a user’s browsing activity.
  • Users may access sites which they might have been blocked from remotely.

OpenVPN is a fully fledged VPN that uses SSL/TLS for key exchange which are then used by peers to communicate to each other.

Before You Start

  • Two Ubuntu 18.04 VPS, one to be used as a server and another one as a client.
  • A non-root user with sudo privileges on both VPS
  • Firewall enabled on both client and server environments

Steps

Update System Packages

$ sudo apt update && sudo apt upgrade

Install OpenVPN Package

$ sudo apt install openvpn

Configure OpenVPN

Normally, OpenVPN authenticates users via various methods such as username and password combination, pre-shared key, certificates, e.t.c. In this tutorial, we will be looking at setting an OpenVPN server and client using a shared secret key.

First off we need to check whether the server and the client can communicate.

On the server side use the following command to test the VPS server.

$ openvpn --dev tun1 --ifconfig 10.9.8.1 10.9.8.2
Tue Oct  919:12:242018 disabling NCP mode (--ncp-disable) because notin P2MP client or server mode
Tue Oct  919:12:242018 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  52018
Tue Oct  919:12:242018 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08
Tue Oct  919:12:242018 ******* WARNING *******: All encryption and authentication features disabled -- All data will be tunnelled as clear text and will not be protected against man-in-the-middle changes. PLEASE DO RECONSIDER THIS CONFIGURATION!
Tue Oct  919:12:242018 TUN/TAP device tun1 opened
Tue Oct  919:12:242018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Oct  919:12:242018 /sbin/ip link set dev tun1 up mtu 1500
Tue Oct  919:12:242018 /sbin/ip addr add dev tun1 local 10.9.8.1 peer 10.9.8.2
Tue Oct  919:12:242018 Could not determine IPv4/IPv6 protocol. Using AF_INET
Tue Oct  919:12:242018 UDPv4 link local (bound): [AF_INET][undef]:1194
Tue Oct  919:12:242018 UDPv4 link remote: [AF_UNSPEC]

When you try to see the network interfaces on another tab, you will notice a new interface has been added. The new interface (tun1) will display as long as the OpenVPN tunnel is open.

$ ifconfig
tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.9.8.1  netmask 255.255.255.255  destination 10.9.8.2
        inet6 fe80::3cd2:9bd7:4b17:a740  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6  bytes 288 (288.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

To test the client, run the following command.

$ openvpn --remote SERVER_IP --dev tun1 --ifconfig 10.9.8.2 10.9.8.1
Tue Oct  922:40:052018 disabling NCP mode (--ncp-disable) because notin P2MP client or server mode
Tue Oct  922:40:052018 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  52018
Tue Oct  922:40:052018 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08
Tue Oct  922:40:052018 ******* WARNING *******: All encryption and authentication features disabled -- All data will be tunnelled as clear text and will not be protected against man-in-the-middle changes. PLEASE DO RECONSIDER THIS CONFIGURATION!
Tue Oct  922:40:052018 TUN/TAP device tun1 opened
Tue Oct  922:40:052018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Oct  922:40:052018 /sbin/ip link set dev tun1 up mtu 1500
Tue Oct  922:40:052018 /sbin/ip addr add dev tun1 local 10.9.8.2 peer 10.9.8.1
Tue Oct  922:40:052018 TCP/UDP: Preserving recently used remote address: [AF_INET]104.248.232.250:1194
Tue Oct  922:40:052018 UDP link local (bound): [AF_INET][undef]:1194
Tue Oct  922:40:052018 UDP link remote: [AF_INET]104.248.232.250:1194
Tue Oct  922:40:152018 Peer Connection Initiated with [AF_INET]104.248.232.250:1194
Tue Oct  922:40:162018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Oct  922:40:162018 Initialization Sequence Completed

Generate a static key

On your server, use the command below to generate a static key:

$ openvpn --genkey --secret static.key

Now get the file via sftp and copy it to /etc/openvpn in your client VPS. It’s highly recommended to use a secure method to transfer these files .e.g scp (Secure Copy).

On the server side, create a new file

$ vim /etc/openvpn/tun0.conf

Add the following code

Dev tun0
Ifconfig 10.9.8.110.9.8.2
Secret /etc/openvpn/secret.key

On the client side, create a new file

$ vim /etc/openvpn/tun0.conf

Add the following code:

Add the following code
Dev tun0
Ifconfig 10.9.8.210.9.8.1
Secret /etc/openvpn/secret.key

You can now go ahead and start the OpenVPN services by running the following command on both the server and client to view the output:

$ openvpn --config /etc/openvpn/tun0.conf --verb 6

At this point, you should be able to ping the 10.9.8.1 IP address from the client VPS and 10.9.8.2 address from the server side.

Conclusion

At this point, we have created a simple VPS using secrete shared keys that can be used to access resources over the internet. You can also look at How to Install and Enable OpenVPN Server.

Check out these top 3 VPS services:

Was this article helpful?