How to Install OpenVPN Server on an Ubuntu 18.04 VPS or Dedicated Server

How to Install OpenVPN Server on an Ubuntu 18.04 VPS or Dedicated Server

Introduction

A virtual private network is a technology that creates a safe, secure, encrypted network over a less secure network such as the internet. It is mainly developed to allow users and other remote offices to be able to access the corporate network and resources over the internet in a much secure way. The concept works by allowing a client to connect to the organization’s VPN gateway by authenticating themselves either by using SSL or IPSec. The gateway then provides a link back to the internal organization’s resources. A number of advantages offered the by use of VPN include:

  • Organization members can work even when remotely situated.
  • It can hide a user’s browsing activity.
  • Users may access sites which they might have been blocked from remotely.

OpenVPN is a fully fledged VPN that uses SSL/TLS for key exchange which are then used by peers to communicate to each other.

Before You Start

  • Two Ubuntu 18.04 VPS, one to be used as a server and another one as a client.
  • A non-root user with sudo privileges on both VPS
  • Firewall enabled on both client and server environments

Steps

Update System Packages

$ sudo apt update && sudo apt upgrade

Install OpenVPN Package

$ sudo apt install openvpn

Configure OpenVPN

Normally, OpenVPN authenticates users via various methods such as username and password combination, pre-shared key, certificates, e.t.c. In this tutorial, we will be looking at setting an OpenVPN server and client using a shared secret key. First off we need to check whether the server and the client can communicate. On the server side use the following command to test the VPS server.

$ openvpn --dev tun1 --ifconfig 10.9.8.1 10.9.8.2
Tue Oct  919:12:242018 disabling NCP mode (--ncp-disable) because notin P2MP client or server mode
Tue Oct  919:12:242018 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  52018
Tue Oct  919:12:242018 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08
Tue Oct  919:12:242018 ******* WARNING *******: All encryption and authentication features disabled -- All data will be tunnelled as clear text and will not be protected against man-in-the-middle changes. PLEASE DO RECONSIDER THIS CONFIGURATION!
Tue Oct  919:12:242018 TUN/TAP device tun1 opened
Tue Oct  919:12:242018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Oct  919:12:242018 /sbin/ip link set dev tun1 up mtu 1500
Tue Oct  919:12:242018 /sbin/ip addr add dev tun1 local 10.9.8.1 peer 10.9.8.2
Tue Oct  919:12:242018 Could not determine IPv4/IPv6 protocol. Using AF_INET
Tue Oct  919:12:242018 UDPv4 link local (bound): [AF_INET][undef]:1194
Tue Oct  919:12:242018 UDPv4 link remote: [AF_UNSPEC]

When you try to see the network interfaces on another tab, you will notice a new interface has been added. The new interface (tun1) will display as long as the OpenVPN tunnel is open.

$ ifconfig
tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.9.8.1  netmask 255.255.255.255  destination 10.9.8.2
        inet6 fe80::3cd2:9bd7:4b17:a740  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6  bytes 288 (288.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

To test the client, run the following command.

$ openvpn --remote SERVER_IP --dev tun1 --ifconfig 10.9.8.2 10.9.8.1
Tue Oct  922:40:052018 disabling NCP mode (--ncp-disable) because notin P2MP client or server mode
Tue Oct  922:40:052018 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  52018
Tue Oct  922:40:052018 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08
Tue Oct  922:40:052018 ******* WARNING *******: All encryption and authentication features disabled -- All data will be tunnelled as clear text and will not be protected against man-in-the-middle changes. PLEASE DO RECONSIDER THIS CONFIGURATION!
Tue Oct  922:40:052018 TUN/TAP device tun1 opened
Tue Oct  922:40:052018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Oct  922:40:052018 /sbin/ip link set dev tun1 up mtu 1500
Tue Oct  922:40:052018 /sbin/ip addr add dev tun1 local 10.9.8.2 peer 10.9.8.1
Tue Oct  922:40:052018 TCP/UDP: Preserving recently used remote address: [AF_INET]104.248.232.250:1194
Tue Oct  922:40:052018 UDP link local (bound): [AF_INET][undef]:1194
Tue Oct  922:40:052018 UDP link remote: [AF_INET]104.248.232.250:1194
Tue Oct  922:40:152018 Peer Connection Initiated with [AF_INET]104.248.232.250:1194
Tue Oct  922:40:162018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Oct  922:40:162018 Initialization Sequence Completed

Generate a static key

On your server, use the command below to generate a static key:

$ openvpn --genkey --secret static.key

Now get the file via sftp and copy it to /etc/openvpn in your client VPS. It’s highly recommended to use a secure method to transfer these files .e.g scp (Secure Copy). On the server side, create a new file

$ vim /etc/openvpn/tun0.conf

Add the following code

Dev tun0
Ifconfig 10.9.8.110.9.8.2
Secret /etc/openvpn/secret.key

On the client side, create a new file

$ vim /etc/openvpn/tun0.conf

Add the following code:

Add the following code
Dev tun0
Ifconfig 10.9.8.210.9.8.1
Secret /etc/openvpn/secret.key

You can now go ahead and start the OpenVPN services by running the following command on both the server and client to view the output:

$ openvpn --config /etc/openvpn/tun0.conf --verb 6

At this point, you should be able to ping the 10.9.8.1 IP address from the client VPS and 10.9.8.2 address from the server side.

Conclusion

At this point, we have created a simple VPS using secrete shared keys that can be used to access resources over the internet. You can also look at How to Install and Enable OpenVPN Server.

Check out these top 3 VPS services:

Kamatera
$4.00 /mo
Starting price
Visit Kamatera
Rating based on expert review
  • User Friendly
    3.5
  • Support
    3.0
  • Features
    3.9
  • Reliability
    4.0
  • Pricing
    4.3
Hostinger
$2.99 /mo
Starting price
Visit Hostinger
Rating based on expert review
  • User Friendly
    4.7
  • Support
    4.7
  • Features
    4.8
  • Reliability
    4.8
  • Pricing
    4.7
Webdock
$0.95 /mo
Starting price
Visit Webdock
Rating based on expert review
  • User Friendly
    3.8
  • Support
    4.5
  • Features
    4.5
  • Reliability
    4.3
  • Pricing
    4.3
  • Do you need the best VPS? Read about our different offers.
 

How to Install Own Cloud On an an Ubuntu 18.04 Dedicated Server or VPS

You can create your own self-hosted cloud storage services by installing the ope
less than a minute
Idan Cohen
Idan Cohen
Marketing Expert

How to Install a Let’s Encrypt Certificate on your Ubuntu 18.04 Dedicated Server or VPS

If you are hosting your website on a VPS server running Ubuntu 18.04, we will sh
less than a minute
Michael Levanduski
Michael Levanduski
Expert Hosting Writer & Tester

How to Enable Two-Factor Authentication on an Ubuntu 18.04 VPS or Dedicated Server

This guide will show you how you enable two-factor authentication to improve the
less than a minute
Max Ostryzhko
Max Ostryzhko
Senior Web Developer, HostAdvice CTO

How to harden Nginx Web Server on an Ubuntu 18.04 VPS or Dedicated Server

Nginx is one of the most popular web servers which is vulnerable to hacking atta
less than a minute
Max Ostryzhko
Max Ostryzhko
Senior Web Developer, HostAdvice CTO
HostAdvice.com provides professional web hosting reviews fully independent of any other entity. Our reviews are unbiased, honest, and apply the same evaluation standards to all those reviewed. While monetary compensation is received from a few of the companies listed on this site, compensation of services and products have no influence on the direction or conclusions of our reviews. Nor does the compensation influence our rankings for certain host companies. This compensation covers account purchasing costs, testing costs and royalties paid to reviewers.
Click to go to the top of the page
Go To Top