Install and Configure OpenVPN in Ubuntu 22.04

Considerations

The following guide provides steps and information on how to install and configure an OpenVPN Server in Ubuntu 22.04.

OpenVPN offers a secure open-source alternative for creating a VPN connection, whether for personal or business use. This guide uses Community Edition, but there is also a paid version available.

The tutorial aims for clarity, providing instructions and code snippets to replicate the process of installing and configuring OpenVPN Community Edition.

How to Install OpenVPN

Note: We will be using the terminal for this installation.

Testing for Permissions

First make sure that you have enough permissions to install and configure OpenVPN by running the command sudo apt update. You will be prompted for a password in the first instance if you have not used it in a while.

Note: If you are given permission errors ensure that your username has enough permissions or ask your system administrator.

Once the update has completed, ensure that no pending packages are pending to be installed by running sudo apt upgrade and accept the installation of the packages by typing y and pressing enter.

Ensuring the Timezone is Setup Correctly

First we need to confirm that the package tzdata is installed correctly. To do this, we can do apt install tzdata – if the package is installed already, it will confirm that no new packages were needed; otherwise it will proceed to install the package.

To ensure that our timezone is configured correctly, run the following command sudo dpkg-reconfigure tzdata and follow the instructions on screen to configure your correct timezone.

Note: It is important that the timezone is configured correctly, as this provides clear visibility in the logs. Additionally, NTP should be properly configured to ensure time synchronization is working correctly.

Installing OpenVPN Server Community Edition

Note: Remember to responsibly investigate and use scripts found on the internet.

To install OpenVPN Server, we will use a script built by Angristan. This saves us time and reduces potential human error.

To do this, we will first confirm that the curl command is available by running sudo apt install curl. If installed, we will receive a notification; otherwise a prompt will ask us to install it.

Note: The following commands are recommended to be run in a space where you can easily locate and run the script

sudo curl -O <https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh>
sudo chmod +x openvpn-install.sh
sudo ./openvpn-install.sh

Configuring OpenVPN Server Community Edition

When running the script, the following questions will need to be answered:

1. What IP Address will OpenVPN be listening to? This IP address can be internal. Refer to step 2 for more details. Note: Port forwarding will be required if you have a Firewall.
2. If the server is behind a NAT, such as a Firewall, it will also ask for the public IP Address or a Hostname. Using a domain is also a valid way – just remember to use it as mydomain.com
3. Enable IPv6 only if required.
4. The default port for OpenVPN Server is 1194. If you want to change it, just make sure it is available and not within the range of the first 1024 ports.
5. For the communication type, always use UDP. If not possible, use TCP – but note that this may cause connectivity issues.
6. Configure the DNS Resolvers according to your needs. The list provided is comprehensive with instructions for internal DNS resolving.
7. Do not enable compression. This is due to a potential security exploit.
8. For the customized security options, leave them as default unless you want to make specific changes. For this example, we will be using the default setup.

Once you finish answering the prompts, press enter, and the installation and configuration process will begin.

Creation of OpenVPN Initial Client Certificate

Once finished, it will prompt for a client name. This will be for your first client. We will be naming it main-client and using a passwordless client, but in other instances it is recommended to use a password for real-life scenarios.

The resulting main-client.ovpn file will be needed to allow a client to connect this server. If you need to create additional users to allow them to connect to the OpenVPN Server, you can rerun the openvpn-install.sh script and follow the steps to create a new user.

To test the OpenVPN Client, we need to be outside of the network where the OpenVPN Server is currently located at.

Final Notes

Installing and configuring an OpenVPN Server in Ubuntu 22.04 can sound like a daunting task, but the steps provided will make all of this a breeze.

Remember the following items:

• In some cases, it may be required to do port forwarding or open ports to the internet to access your OpenVPN Server. Consult the appropriate documentation for this step.
• The installation script will also allow you to create additional users.
• It can remove existing users in your OpenVPN Server as well.
• If required, it can also remove your OpenVPN Server completely.
• Remember to always use a password with your OpenVPN Client certificates.