====== Ubuntu - VPN - OpenVPN - Setup an OpenVPN Server ====== ===== Install OpenVPN server and openssl =====


apt install openvpn openssl easy-rsa

**NOTE:** The **easy-rsa** will make the creation of certificates much easier. ---- ===== Change directory to the Easy-RSA directory ===== Change the directory to the easy-rsa directory in the OpenVPN directory:


cd /etc/openvpn/easy-rsa/

**NOTE:** If the directory is not there, copy it over:


cp -R /usr/share/easy-rsa/* easy-rsa/

---- ===== Modify Easy-RSA Config file ===== Modify the vars file in the easy-rsa directory:


vi vars

Change the following lines to your needs: export KEY_SIZE=2048 export KEY_COUNTRY="JE" export KEY_PROVINCE="La Pouquelaye" export KEY_CITY="St. Helier" export KEY_ORG="local" export KEY_EMAIL="openvpn@domain.local" export KEY_OU="domain.local" ---- ===== Export the Easy-RSA settings =====


./vars

---- ===== Remove old certificates and configurations =====


./clean-all

---- ===== Generate the CA ===== **ALERT:** Keep these secure!


./build-ca

**NOTE:** This will create the following files needed for the CA to sign certificates. * ca.crt * ca.key ---- ===== Create a certificate for the OpenVPN server =====


./build-key-server test.domain.local

**NOTE:** This will generate the server certificate files which is used by the OpenVPN server. * test.domain.local.crt * test.domain.local.csr * test.domain.local.key ---- ===== Generate a Diffie-Hellman Parameter file =====


./build-dh

**NOTE:** This will create this file: * dh2048.pem ---- ===== Create the certificates for the clients =====


./build-key client.domain.local

**NOTE:** This needs to be done for every client and will create those files: * client.domain.local.crt * client.domain.local.csr * client.domain.local.key ---- ===== Copy files to the client ===== The following files need to be copied. * ca.crt * client.domain.local.crt * client.domain.local.key