Site iconSite iconLinews – The Tech Blog

Installing OpenVPN on Ubuntu 22.04: A Step-by-Step Guide

OpenVPN is a robust and secure open-source VPN (Virtual Private Network) solution that allows you to create a secure connection over the internet. In this guide, we’ll walk through the process of installing OpenVPN on Ubuntu 22.04, providing you with a secure and private connection for your online activities.

Step 1: Update Your System

sudo apt update
sudo apt upgrade

Step 2: Find out your server’s public IP address

$ wget -qO - icanhazip.com
OR
$ dig +short myip.opendns.com @resolver1.opendns.com

Step 3: Download the installer script

$ curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
$ chmod +x openvpn-install.sh

Step 4: Run the installer

$ sudo bash openvpn-install.sh

Add public IPv4 address behind NAT of your VPN server (e.g. 192.168.0.20)

jacob@alpha:~$ sudo bash openvpn-install.sh
Welcome to the OpenVPN installer!
The git repository is available at: https://github.com/angristan/openvpn-install

I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.

I need to know the IPv4 address of the network interface you want OpenVPN listening to.
Unless your server is behind NAT, it should be your public IPv4 address.
IP address: 192.168.0.20

Add public IPv4 address or your hostname if you are using DDNS

It seems this server is behind NAT. What is its public IPv4 address or hostname?
We need it for the clients to connect to the server.
Public IPv4 address or hostname: 94.17...

If you want to enable IPv6

Checking for IPv6 connectivity...

Your host does not appear to have IPv6 connectivity.

Do you want to enable IPv6 support (NAT)? [y/n]: n

Choose the port and open this port on your router (default is 1194)

What port do you want OpenVPN to listen to?
   1) Default: 1194
   2) Custom
   3) Random [49152-65535]
Port choice [1-3]: 1

Choose the protocol – remember, VPN on UDP working faster

What protocol do you want OpenVPN to use?
UDP is faster. Unless it is not available, you shouldn't use TCP.
   1) UDP
   2) TCP
Protocol [1-2]: 1

Choose the resolvers

What DNS resolvers do you want to use with the VPN?
   1) Current system resolvers (from /etc/resolv.conf)
   2) Self-hosted DNS Resolver (Unbound)
   3) Cloudflare (Anycast: worldwide)
   4) Quad9 (Anycast: worldwide)
   5) Quad9 uncensored (Anycast: worldwide)
   6) FDN (France)
   7) DNS.WATCH (Germany)
   8) OpenDNS (Anycast: worldwide)
   9) Google (Anycast: worldwide)
   10) Yandex Basic (Russia)
   11) AdGuard DNS (Anycast: worldwide)
   12) NextDNS (Anycast: worldwide)
   13) Custom
DNS [1-12]: 11
Do you want to use compression? It is not recommended since the VORACLE attack make use of it.
Enable compression? [y/n]: n

Do you want to customize encryption settings?
Unless you know what you're doing, you should stick with the default parameters provided by the script.
Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN's defaults)
See https://github.com/angristan/openvpn-install#security-and-encryption to learn more.

Customize encryption settings? [y/n]: n

Okay, that was all I needed. We are ready to setup your OpenVPN server now.
You will be able to generate a client at the end of the installation.
Press any key to continue...

After installation add PEM phrase (e.g. <your password>)

Using SSL: openssl OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
read EC key
writing EC key
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

Add user

Tell me a name for the client.
The name must consist of alphanumeric character. It may also include an underscore or a dash.
Client name: jacob

.ovpn file you can find

Do you want to protect the configuration file with a password?
(e.g. encrypt the private key with a password)
   1) Add a passwordless client
   2) Use a password for the client
Select an option [1-2]: 1

Note: using Easy-RSA configuration from: /etc/openvpn/easy-rsa/vars
Using SSL: openssl OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
-----
Using configuration from /etc/openvpn/easy-rsa/pki/easy-rsa-326295.a8kmYo/tmp.oGOM6s
Enter pass phrase for /etc/openvpn/easy-rsa/pki/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'jacob'
Certificate is to be certified until May 25 13:03:03 2026 GMT (825 days)

Write out database with 1 new entries
Data Base Updated

Client jacob added.

The configuration file has been written to /home/jacob/jacob.ovpn.
Download the .ovpn file and import it in your OpenVPN client.

Congratulations! You’ve successfully installed OpenVPN on Ubuntu 22.04. You now have a secure and private connection to the internet, ensuring your online activities remain confidential.

Remember to consult your VPN service provider’s documentation for any specific configurations or additional steps they may require. Stay secure online!

Step 5: Set up your OpenVPN client

Open VPN Client on Ubuntu 22.04 (Settings > Network)

And import from file…

If you want to add a new VN user or revoke an existing user or remove the OpenVPN server from your system, simply run the installer script again. Then select what you wish to do from the list of options and follow the prompts.

jacob@alpha:~$ sudo bash openvpn-install.sh
[sudo] password for jacob: 
Welcome to OpenVPN-install!
The git repository is available at: https://github.com/angristan/openvpn-install

It looks like OpenVPN is already installed.

What do you want to do?
   1) Add a new user
   2) Revoke existing user
   3) Remove OpenVPN
   4) Exit
Select an option [1-4]: 

That brings us to the end of this guide. To share any thoughts with us or ask questions, use the feedback form below.

Exit mobile version