How to Install OpenVPN Server Ultimately on Ubuntu 20.04

Here we going again diving into the Homelab world, I recently got my pfSense router to act as a client for my OpenVPN setup on a VPS instance that is specifically running Ubuntu 20.04 which has public static address for both Internet Protocol standards namely IPv4/IPv6 versions.

The idea is allowing your home network to be a part of another network, which is in my case helping to bypass the Carrier Grade NAT (CGN or CGNAT) that is restricting me from self hosting my own services, that is one benefit for VPN but many people will want to use it for privacy purposes especially hiding your own identity.

However, anyone as a Homelab enthusiast can definitely use this to benefit from the staic IP address provided on a VPS instance, and then you can host hour own services through pfSense firewall from home in case your Internet Service Povider (ISP) doesn't offer you a public IP address, which is awesome.

Install OpenVPN Server on Linux

To be precise, I will explain the easiest and most automated method you will ever find to configure and set up an OpenVPN server in less than a minute on the following Linux distributions:

  • Ubuntu
  • Debian
  • CentOS
  • Fedora

We will make use of a bash script in the process, I am running Ubuntu 20.04 LTS on my end.

Download Installation Script

This bash script will automatically install and configure OpenVPN and here's how you can pull it.

wget https://git.io/vpn -O openvpn-install.sh

Once downloaded into your home directory you should make it executable.

chmod -v +x openvpn-install.sh

If you are curious about its content do not hesitate to check it out.

nano openvpn-install.sh

Run Installation Script

Well, now we can run the script which is going to ask some information to input.

sudo ./openvpn-install.sh

I recommend that you use defaults for all settings by pressing Enter on your keyboard except for one, when it asks you to enter the first client certificate name which is preferably pfSense in my case or any other descriptive name for your use case.

Customize OpenVPN Server Subnet

If you wish to change the default subnet on 10.8.0.0/24 for IP addresses given to OpenVPN clients by the server, then you can follow the instructions below, otherwise you can completely skip this section.

Modify OpenVPN Server Configuration

We'll configure 10.10.10.0/24 subnet instead which looks fanatastic.

sudo nano /etc/openvpn/server/server.conf

Look for 10.8.0.0 and change it to 10.10.10.0 or your own preferred private subnet IP address.

Fix OpenVPN Firewall Rule Configuration

sudo nano /etc/systemd/system/openvpn-iptables.service

You will find four occurances of 10.8.0.0/24 just change all of them to 10.10.10.0/24 or your own preferred private subnet.

Restart OpenVPN Services

sudo service openvpn-iptables restart
sudo service openvpn-server@server restart

This will assure that all of our changes are taking effect.

How to Add New OpenVPN Client

If you wish to add another client and produce a new client certificate, then you should run the installation script again on your OpenVPN server.

sudo ./openvpn-install.sh

This time around, since it's already installed you should see the following displayed to you.

OpenVPN is already installed.

Select an option:
   1) Add a new client
   2) Revoke an existing client
   3) Remove OpenVPN
   4) Exit
Option: 

Input 1 as an option and press enter, then just follow the instructions.

Configure OpenVPN Client Device

Here's how you can connect any OpenVPN client running on Windows, Linux, Android or iOS with the server using the configuration file provided to you.

The installation wizard should have automatically created an ".ovpn" configuration file in the path /root/[Client Certificate Name].ovpn which you should save and copy to your client device to connect with the OpenVPN server.

Save OpenVPN Client Configuration

In my case, it's actually /root/pfSense.ovpn on the OpenVPN server since that's the name I set for my first client. Lets copy that configuration file to our current user home directory.

sudo cp /root/pfSense.ovpn ~/

Okay, now that file will be used on the client device to connect with the server, just make sure to change "pfSense" marked in white to your own client certificate name that you have set during script installation.

cat ~/pfSense.ovpn

This way you can view the content of that configuration file and then use on the client device, but I recommend that you copy the entire file instead, as an example I will copy that file from the OpenVPN server to my Linux desktop.

scp ~/pfSense.ovpn [user]@[Linux Desktop IP]:~/

I should be able to access that file on the home directory inside my Linux desktop now.

Enable OpenVPN Client on Linux Desktop

First of all, make sure you have OpenVPN software package installed on your target Linux desktop client device, for instance if you are running Ubutnu you can install it.

sudo apt install openvpn

Assuming we have the client configuration file on the home directory we can proceed and overwrite it with OpenVPN client file.

sudo cp ~/pfSense.ovpn /etc/openvpn/client.conf

One again, remember to replace the "pfSense" client name marked in white with your own name, which you have set during script installatiion.

Test Connectivity

sudo openvpn --client --config /etc/openvpn/client.conf

Just start the OpenVPN client service on your Linux desktop, once connectivity is confirmed.

sudo systemctl start openvpn@client

That's it.

Troubleshoot OpenVPN Issues

I will provide information on how to troubleshoot OpenVPN issues on the server and client.

Check OpenVPN Services

The ideal approach to inspect issues is by exposing the logs of the services running on the OpenVPN server, let's start with the main process.

sudo service openvpn-server@server status

And then, we also have the firewall service which is specifying rules for iptables.

sudo service openvpn-iptables status

Make sure that they're both active and running well, otherwise check for logs displayed to indentify errors and solve them.

Check OpenVPN Logs

sudo journalctl --identifier openvpn

You can also use this as a general command to find all logs for OpenVPN server. You are welcome to post your issue and ask for help in the comment section below.

Speak Your Mind

Connect

If you like our content, please consider buying us a coffee.
Thank you for your support!

Explore

Discussion