How To Install OpenVPN on Ubuntu 24.04 LTS

In today’s digital landscape, secure communication is paramount. Virtual Private Networks (VPNs) have emerged as a crucial tool for protecting data and maintaining privacy online. Among the various VPN solutions available, OpenVPN stands out as a robust and reliable open-source option. Ubuntu 24.04 LTS, with its stability and long-term support, provides an ideal platform for setting up an OpenVPN server. In this comprehensive guide, we will walk you through the process of installing and configuring OpenVPN on Ubuntu 24.04 LTS, empowering you to establish secure connections and safeguard your network traffic.

Table of Contents

Prerequisites

Before diving into the installation process, let’s ensure your system meets the necessary requirements. OpenVPN can run on modest hardware, but for optimal performance, it’s recommended to have at least 1GB of RAM and a dual-core processor. Additionally, make sure your Ubuntu 24.04 LTS system is up to date by running the following command in the terminal:

sudo apt update && sudo apt upgrade

Familiarity with basic terminal commands will also come in handy throughout this guide.

Installing OpenVPN

To begin the installation process, open your terminal and execute the following command:

sudo apt install openvpn easy-rsa

This command will install the OpenVPN package along with Easy-RSA, a utility for managing a Public Key Infrastructure (PKI). PKI is crucial for VPNs as it enables secure authentication and encryption of network traffic.

Configuring the OpenVPN Server

Generating Server Certificates and Keys

With Easy-RSA installed, we can now generate the necessary certificates and keys for our OpenVPN server. Follow these steps:

Create a directory for Easy-RSA:

sudo mkdir /etc/openvpn/easy-rsa

Copy the Easy-RSA files to the new directory:

sudo cp -r /usr/share/easy-rsa/* /etc/openvpn/easy-rsa/

Edit the vars file:

sudo nano /etc/openvpn/easy-rsa/vars

Uncomment and set the KEY_NAME variable to “server”.

Generate the CA and server certificates:

cd /etc/openvpn/easy-rsa
sudo ./easyrsa init-pki
sudo ./easyrsa build-ca
sudo ./easyrsa gen-req server nopass
sudo ./easyrsa sign-req server server

Configuring the Server File

With the certificates and keys generated, it’s time to configure the OpenVPN server file. Open the file with the following command:

sudo nano /etc/openvpn/server.conf

In this file, you’ll need to specify various settings such as the VPN protocol, port, encryption ciphers, and paths to the generated certificates and keys. Here’s an example configuration:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

Enabling IP Forwarding

To allow traffic to flow through the VPN, we need to enable IP forwarding on the server. Open the sysctl configuration file:

sudo nano /etc/sysctl.conf

Uncomment the following line:

net.ipv4.ip_forward=1

Save the file and apply the changes with:

sudo sysctl -p

Setting Up Firewall Rules

To ensure the VPN traffic can pass through the firewall, we need to configure UFW (Uncomplicated Firewall). First, allow traffic on the OpenVPN port (default UDP port 1194):

sudo ufw allow 1194/udp

Next, modify the UFW configuration to allow forwarding of VPN traffic:

sudo nano /etc/default/ufw

Change the DEFAULT_FORWARD_POLICY to “ACCEPT”:

DEFAULT_FORWARD_POLICY="ACCEPT"

Save the file and restart UFW:

sudo ufw disable
sudo ufw enable

Starting and Enabling OpenVPN Service

With the configuration complete, it’s time to start the OpenVPN service:

sudo systemctl start openvpn@server

To ensure OpenVPN starts automatically on boot, enable the service:

sudo systemctl enable openvpn@server

Configuring the Client

Installing OpenVPN Client on Ubuntu Desktop

To connect to your OpenVPN server, you’ll need to install the OpenVPN client on your Ubuntu desktop:

sudo apt install openvpn

Copying Configuration Files

Transfer the necessary certificates and keys from the server to the client. You can use secure methods like SCP or SFTP. Place the files in the /etc/openvpn directory on the client.

Editing Client Configuration File

Create a new client configuration file:

sudo nano /etc/openvpn/client.conf

Add the following lines, replacing “server_ip” with your OpenVPN server’s IP address:

client
dev tun
proto udp
remote server_ip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
cipher AES-256-CBC
verb 3

Testing the VPN Connection

To verify the VPN connection from the client side, run:

sudo systemctl start openvpn@client

Check the connection status and ensure there are no errors. If you encounter issues, common troubleshooting steps include:

- Verifying that the server’s IP address and port are correct in the client configuration file.

- Ensuring the necessary ports are open on the server’s firewall.

- Checking for any DNS leaks using online tools.

Security Considerations

To maintain a secure VPN setup, it’s crucial to use strong encryption methods. The example configuration in this guide uses AES-256-CBC, which is considered highly secure. Additionally, regularly update both your Ubuntu system and OpenVPN to protect against any discovered vulnerabilities.

Congratulations! You have successfully installed OpenVPN. Thanks for using this tutorial for installing the OpenVPN server in Ubuntu 24.04 LTS system. For additional help or useful information, we recommend you check the official OpenVPN website.

VPS Manage Service Offer

If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!