Set Up The Certificate Authority
The OpenVPN server uses certificates to encrypt traffic between the server and various clients. Thus, we need to set up a certificate authority on the VPS to create and manage these certificates.
We can utilize the easy-rsa template by copying it to a new directory, and then entering that directory to move into the configuration.
$ make-cadir ~/openvpn-ca$ cd ~/openvpn-ca
We need to edit some of the variables that help decide how to create the certificates. Use nanoor another favorite editorto open the file. We’ll be editing some variables toward the end of the file.
$ nano vars
Look for the section belowthe easy-rsa template provides some default fields for these variables, but you should change them according to your needs. Make sure you also change the KEY_NAME variable as well. It’s not so important what you change these to, rather that you don’t leave them in the default state, or blank.
# These are the default values for fields# which will be placed in the certificate.# Don't leave any of these fields blank.export KEY_COUNTRY="US"export KEY_PROVINCE="CA"export KEY_CITY="SanFrancisco"export KEY_ORG="Fort-Funston"export KEY_EMAIL=""export KEY_OU="MyOrganizationalUnit"# X509 Subject Fieldexport KEY_NAME="EasyRSA"
After some tweaks:
Now, source the vars file you just edited. If there aren’t any errors, you’ll see the following output.
$ source varsNOTE: If you run ./clean-all, I will be doing a rm -rf on /home/user/openvpn-ca/keys
$ ./clean-all$ ./build-ca
How To Setup A VPN On Ubuntu
5 Minutes Review time
Dont worry. Were here to help you in this regard. Here we prescribe a few easy steps to configure a VPN on Ubuntu. It doesnt matter which VPN service provider you prefer, the one from the list recommended or another as per your convenience. The steps provided will guide you everything about configuring a VPN on Ubuntu.
As compared to other operating systems, Ubuntu is less vulnerable to security threats however, it isnt completely immune to them. Hence, use of a VPN is strongly recommended. Online security isnt the only benefit associated with a VPN though. With a VPN, you embrace true online freedom and evade all geo-restrictions with an ease.
The setup process of a VPN on Ubuntu operating system is straightforward and will only take you 5 minutes. However, you need to have Ubuntu supported device along with a VPN connection. Here is how you can setup VPN on Ubuntu with OpenVPN configuration:
sudo apt-get install network-manager-openvpn
sudo apt-get install network-manager-openvpn
Network Connection Icon Configure VPN OpenVPNCreate
- Mention the connection name
- Now mention the required gateway / the server you want to use
- Select Type: Password
- Write username and password given by ExpressVPN. Click on folder icon from CA Certificate
Open Advanced 1OKSaveNetwork Connections. Network Connection Icon
To disconnect VPN, again click on Network Connection Icon then move towards VPN connections and select Disconnect VPN.
How To Install And Connect The Openvpn Client For Macos
Connect to the OpenVPN Client UI and click the link to download the OpenVPN software for MacOS. Once this package is downloaded, a window will open with the installer package icon.
Follow the standard procedure of MacOS application installation.
Double click on this installer icon and click Open to run the installation.
Once the installation is complete, you will be able to see the OpenVPN icon on your macOS taskbar. You can right click on this icon to see the different options. From here you can connect to OpenVPN.
Once you click the Connect to option, you will see a popup prompting for the OpenVPN username and password. Here you should enter the credentials and click on Connect to establish the Linux VPN server connection.
Also Check: Does Mcafee Have VPN Protection
Enable And Start Wireguard VPN Service
Run the following command on the server to enable auto-start at system boot time and start WireGuard.
sudo systemctl enable sudo systemctl start
Check its status with the following command. You should see active in the output:
sudo systemctl status
To check the interface state and configuration, enter:
sudo wg show wg0
Creating A Pki For Openvpn
Before you can create your OpenVPN servers private key and certificate, you need to create a local Public Key Infrastructure directory on your OpenVPN server. You will use this directory to manage the server and clients certificate requests instead of making them directly on your CA server.
To build a PKI directory on your OpenVPN server, youll need to populate a file called vars with some default values. First you will cd into the easy-rsa directory, then you will create and edit the vars file using nano or your preferred text editor.
- cd ~/easy-rsa
Once the file is opened, paste in the following two lines:
set_var EASYRSA_ALGO "ec"set_var EASYRSA_DIGEST "sha512"
These are the only two lines that you need in this vars file on your OpenVPN server since it will not be used as a Certificate Authority. They will ensure that your private keys and certificate requests are configured to use modern Elliptic Curve Cryptography to generate keys and secure signatures for your clients and OpenVPN server.
Configuring your OpenVPN & CA servers to use ECC means when a client and server attempt to establish a shared symmetric key, they can use Elliptic Curve algorithms to do their exchange. Using ECC for a key exchange is significantly faster than using plain Diffie-Hellman with the classic RSA algorithm since the numbers are much smaller and the computations are faster.
- ./easyrsa init-pki
Read Also: Does VPN Make Your Internet Faster
Creating An Openvpn Server Certificate Request And Private Key
Now that your OpenVPN server has all the prerequisites installed, the next step is to generate a private key and Certificate Signing Request on your OpenVPN server. After that youll transfer the request over to your CA to be signed, creating the required certificate. Once you have a signed certificate, youll transfer it back to the OpenVPN server and install it for the server to use.
To start, navigate to the ~/easy-rsa directory on your OpenVPN Server as your non-root user:
- cd ~/easy-rsa
Now youll call the easyrsa with the gen-req option followed by a Common Name for the machine. The CN can be anything you like but it can be helpful to make it something descriptive. Throughout this tutorial, the OpenVPN Servers CN will be server. Be sure to include the nopass option as well. Failing to do so will password-protect the request file which could lead to permissions issues later on.
Note: If you choose a name other than server here, you will have to adjust some of the instructions below. For instance, when copying the generated files to the /etc/openvpn directory, you will have to substitute the correct names. You will also have to modify the /etc/openvpn/server.conf file later to point to the correct .crt and .key files.
- ./easyrsa gen-req server nopass
OutputCommon Name :Keypair and certificate request completed. Your files are:req: /home/sammy/easy-rsa/pki/reqs/server.reqkey: /home/sammy/easy-rsa/pki/private/server.key
Installing Openvpn And Easy
The first step in this tutorial is to install OpenVPN and Easy-RSA. Easy-RSA is a public key infrastructure management tool that you will use on the OpenVPN Server to generate a certificate request that you will then verify and sign on the CA Server.
To start off, update your OpenVPN Servers package index and install OpenVPN and Easy-RSA. Both packages are available in Ubuntus default repositories, so you can use apt for the installation:
- sudo apt update
- sudo apt install openvpn easy-rsa
Next you will need to create a new directory on the OpenVPN Server as your non-root user called ~/easy-rsa:
- mkdir ~/easy-rsa
Now you will need to create a symlink from the easyrsa script that the package installed into the ~/easy-rsa directory that you just created:
- ln -s /usr/share/easy-rsa/* ~/easy-rsa/
Note: While other guides might instruct you to copy the easy-rsa package files into your PKI directory, this tutorial adopts a symlink approach. As a result, any updates to the easy-rsa package will be automatically reflected in your PKIs scripts.
Finally, ensure the directorys owner is your non-root sudo user and restrict access to that user using chmod:
- sudo chown sammy ~/easy-rsa
- chmod 700 ~/easy-rsa
You May Like: Nordvpn Webrtc
Openvpn With Gui For Win
First download and install the latest OpenVPN Windows Installer. As of this writing, the management GUI is included with the Windows binary installer.
You need to start the OpenVPN service. Goto Start > Computer > Manage > Services and Applications > Services. Find the OpenVPN service and start it. Set its startup type to automatic.
When you start the OpenVPN MI GUI the first time you need to run it as an administrator. You have to right click on it and you will see that option.
What Is The Best VPN For Linux
Top 10 Linux VPN Client and Services For You To Get Protected
Recommended Reading: Samsung Smart TV VPN App
Public Key Infrastructure Setup
The first step in building an OpenVPN configuration is to establish a PKI . The PKI consists of:
a separate certificate and private key for the server and each client.
a master Certificate Authority certificate and key, used to sign the server and client certificates.
OpenVPN supports bidirectional authentication based on certificates, meaning that the client must authenticate the server certificate and the server must authenticate the client certificate before mutual trust is established.
Both server and client will authenticate the other by first verifying that the presented certificate was signed by the master certificate authority , and then by testing information in the now-authenticated certificate header, such as the certificate common name or certificate type .
Addition Or Removal Of Clients
$ sudo ./openvpn-ubuntu-install.sh
$ sudo systemctl start
Using the following mentioned command, you can stop OpenVPN:
$ sudo systemctl stop
Using the following command, you can restart OpenVPN:
$ sudo systemctl restart
Using the following mentioned command, you can display the status of OpenVPN:
$ sudo systemctl status
Also Check: Att Uverse Block Websites
How To Install Openvpn In Ubuntu 2004
OpenVPN is an open-source, fast, popular program for creating a VPN . It uses both the TCP and UDP transmission protocols, and VPN tunnels are secured with OpenVPN protocol with SSL/TLS authentication, certificates, credentials, and optionally MAC address lock as well as multi-factor authentication.
It can be used on a wide variety of devices and systems. Like most VPN protocols out there, it has a client-server architecture. The OpenVPN access server runs on a Linux system, and the clients can be installed on other Linux systems, Windows, macOS, as well as mobile operating systems such as Android, Windows mobile, and iOS.
The OpenVPN access server accepts incoming VPN connections and OpenVPN Connect clients or any open-source clients compatible with OpenVPN can initiate a connection to the server.
In this article, you will learn how to set up an OpenVPN access server on Ubuntu 20.04 and connect VPN clients from other Linux systems.
- A freshly installed Ubuntu 20.04 Server.
Add Users To A Linux VPN Server Running Openvpn
The free OpenVPN client supports two users. To create more users, you would need to select any of the paid plans. You can add additional users from the admin UI. Navigate to the User Management tab, and click the User Permissions link.
Enter the new username as shown below:
For this new user configure additional settings by clicking the More Settings link. Here you can provide the password and other details.
Save these settings and click on Update Running Server option.
You May Like: Does VPN Work In Incognito
How To Install And Connect The Openvpn Client For Linux
The client installation for Linux is slightly different. Download and install the OpenVPN client software on CentOS using the below command:
sudo yum install OpenVPN
Similarly, you can install the OpenVPN client software on Debian or Ubuntu using the below command:
sudo apt-get install openvpn
Open the OpenVPN client UI and download the appropriate profile for your OS. Alternatively, you can use wget or curl command and provide the URL to download the software.
Copy the downloaded profile to location /etc/openvpn and rename it to client.conf. You can start the OpenVPN Tunnel service where you will be prompted for the username and password. You can start the operation by using:
sudo service openvpn start
You can use ipconfig or ip addr to view the network connections. Once the VPN interface is available, you will see a tun0 interface added to the existing list shown in the output.
Connecting The Wireguard Client To The Server
Run the following command on the client machine to connect the VPN client to the VPN server:
sudo systemctl start
Now you should be connected to the WireGuard VPN server, and the traffic from your client machine should be routed through it.
Thats all! Both client and server must be connected securely using a peer-to-peer WireGuard VPN on Ubuntu.
To test the connection, return to the VPN client and ping from it to the VPN server to see if the tunnel works.
ping -c 3 10.0.0.1
Additionally, you can check the connection with:
sudo systemctl stop
You May Like: Nordvpn Apk Fire TV
Creating The Client Configuration Infrastructure
Creating configuration files for OpenVPN clients can be somewhat involved, as every client must have its own config and each must align with the settings outlined in the servers configuration file. Rather than writing a single configuration file that can only be used on one client, this step outlines a process for building a client configuration infrastructure which you can use to generate config files on-the-fly. You will first create a base configuration file then build a script which will allow you to generate unique client config files, certificates, and keys as needed.
Get started by creating a new directory where you will store client configuration files within the client-configs directory you created earlier:
- mkdir -p ~/client-configs/files
Next, copy an example client configuration file into the client-configs directory to use as your base configuration:
- cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/client-configs/base.conf
Open this new file using nano or your preferred text editor:
- nano ~/client-configs/base.conf
Inside, locate the remote directive. This points the client to your OpenVPN server address the public IP address of your OpenVPN server. If you decided to change the port that the OpenVPN server is listening on, you will also need to change 1194 to the port you selected:
. . .# The hostname/IP and port of the server.# You can have multiple remote entries# to load balance between the servers.remote your_server_ip1194. . .
How Do I Create A VPN Tunnel Between Two Sites
Configure the X-Series Firewall at Location 1 with the dynamic WAN IP as the active peer.
- Log into the X-Series Firewall at Location 1.
- Go to the VPN > Site-to-Site VPN page.
- In the Site-to-Site IPSec Tunnels section, click Add.
- Enter a Name for the VPN tunnel.
- Configure the settings for Phase 1 and Phase 2.
You May Like: Does Opera VPN Log
Top 5 VPNs That You Need To Consider For Ubuntu
First, acceptance and adaptability of this open source platform were minimal as compared to other operating systems and alternatives. However, with the passage of time, users preferences evolved which eventually boosted Ubuntus usage. If youre looking for totally free solutions, you can view the blog about top free VPN services for Ubuntu.
However, we live in the world full of hackers, phishers and identity thieves. There are a cyber-goons at every corner of this digital universe, waiting for an opportunity to infiltrate our security. No matter what motives their actions fulfill, cyber-goons are always a threat to us and Ubuntu is vulnerable to aforementioned threats just like its alternatives.
Seeing the popularity of Ubuntu, VPN service providers started to enrich the device compatibility of their service. A VPN is one of the efficient tools to safeguard your security and prevents you from any unwanted security infiltration vulnerability.
Based on the performance, we have compiled a list of top 5 VPNs for Ubuntu. These VPNs are tried, tested and recommended afterward. The purpose of providing such information is to facilitate your purchase decision. There are hundreds of service providers trading in VPN industry, finding appropriate service provider is just like finding a needle in a haystack. So, here is a list of the 5 best VPNs for Ubuntu that you need to consider.
How To Install L2tp/ipsec For Networkmanager
NetworkManager-l2tp is a VPN plugin for NetworkManager 1.2+ which includes support for L2TP/IPsec.
To install, fire up Terminal and enter the following commands:
sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
sudo apt-get update
sudo apt-get install network-manager-l2tp
You may be prompted to install additional binaries , in which case go ahead. Restart your PC and L2TP should now be enabled in NetworkManager.
Setup is very similar to using PPTP , except that you will need to enter some additional IPSec authentication details. Again, your VPN should be able to provide these, and generic settings are fine.
Update May 2018: There is currently a bug in xl2tpd which may compromise its use with the IPSec protocol. The issue has already been fixed in Fedora, so I would expect it to be patched in Ubuntu and Debian soon. Please see here for the details and latest updates.
Read Also: VPN On Att Router
Start Up The Openvpn Server
Before we configure our clients, let’s make sure the OpenVPN server is running as we hope it will.
Make sure to turn on TUN/TAP in the SSD Nodes dashboard.
$ sudo systemctl enable$ sudo systemctl start
You can double-check that OpenVPN is running with the systemctl status command:
$ sudo systemctl status
If you’re having problems getting OpenVPN to start, commenting out the LimitNPROC in /lib/systemd/system/, as discovered in this Ask Ubuntu thread may be useful. You’ll then need to run sudo systemctl daemon-reload and then sudo systemctl start .
You will also need to set up iptables to properly direct traffic. First, look for the default interface.
$ sudo ip route | grep defaultdefault dev venet0 scope link
The venet0 field is what we’re looking for. And then we set up iptables. In order to ensure this rule is persistent between reboots, isntall the iptables-persistent package, which will prompt you to save existing rules. Choose Yes and your rules will be persisted moving forward.
$ sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE$ sudo apt-get install iptables-persistent