Ubuntu - VPN - OpenVPN - Setup an OpenVPN Server

Ubuntu - VPN - OpenVPN - Setup an OpenVPN Server

Install OpenVPN server and openssl

apt install openvpn openssl easy-rsa

NOTE: The easy-rsa will make the creation of certificates much easier.

Change directory to the Easy-RSA directory

Change the directory to the easy-rsa directory in the OpenVPN directory:

cd /etc/openvpn/easy-rsa/

NOTE: If the directory is not there, copy it over:

cp -R /usr/share/easy-rsa/* easy-rsa/

Modify Easy-RSA Config file

Modify the vars file in the easy-rsa directory:

vi vars

Change the following lines to your needs:

/etc/openvpn/easy-rsa/vars

export KEY_SIZE=2048
export KEY_COUNTRY="JE"
export KEY_PROVINCE="La Pouquelaye"
export KEY_CITY="St. Helier"
export KEY_ORG="local"
export KEY_EMAIL="openvpn@domain.local"
export KEY_OU="domain.local"

Export the Easy-RSA settings

./vars

Remove old certificates and configurations

./clean-all

Generate the CA

ALERT: Keep these secure!

./build-ca

NOTE: This will create the following files needed for the CA to sign certificates.

ca.crt
ca.key

Create a certificate for the OpenVPN server

./build-key-server test.domain.local

NOTE: This will generate the server certificate files which is used by the OpenVPN server.

test.domain.local.crt
test.domain.local.csr
test.domain.local.key

Generate a Diffie-Hellman Parameter file

./build-dh

NOTE: This will create this file:

dh2048.pem

Create the certificates for the clients

./build-key client.domain.local

NOTE: This needs to be done for every client and will create those files:

client.domain.local.crt
client.domain.local.csr
client.domain.local.key

Copy files to the client

The following files need to be copied.

ca.crt
client.domain.local.crt
client.domain.local.key

Table of Contents