ubuntu:vpn:openvpn:setup_an_openvpn_server
Table of Contents
Ubuntu - VPN - OpenVPN - Setup an OpenVPN Server
Install OpenVPN server and openssl
apt install openvpn openssl easy-rsa
NOTE: The easy-rsa will make the creation of certificates much easier.
Change directory to the Easy-RSA directory
Change the directory to the easy-rsa directory in the OpenVPN directory:
cd /etc/openvpn/easy-rsa/
NOTE: If the directory is not there, copy it over:
cp -R /usr/share/easy-rsa/* easy-rsa/
Modify Easy-RSA Config file
Modify the vars file in the easy-rsa directory:
vi vars
Change the following lines to your needs:
- /etc/openvpn/easy-rsa/vars
export KEY_SIZE=2048 export KEY_COUNTRY="JE" export KEY_PROVINCE="La Pouquelaye" export KEY_CITY="St. Helier" export KEY_ORG="local" export KEY_EMAIL="openvpn@domain.local" export KEY_OU="domain.local"
Export the Easy-RSA settings
./vars
Remove old certificates and configurations
./clean-all
Generate the CA
ALERT: Keep these secure!
./build-ca
NOTE: This will create the following files needed for the CA to sign certificates.
- ca.crt
- ca.key
Create a certificate for the OpenVPN server
./build-key-server test.domain.local
NOTE: This will generate the server certificate files which is used by the OpenVPN server.
- test.domain.local.crt
- test.domain.local.csr
- test.domain.local.key
Generate a Diffie-Hellman Parameter file
./build-dh
NOTE: This will create this file:
- dh2048.pem
Create the certificates for the clients
./build-key client.domain.local
NOTE: This needs to be done for every client and will create those files:
- client.domain.local.crt
- client.domain.local.csr
- client.domain.local.key
Copy files to the client
The following files need to be copied.
- ca.crt
- client.domain.local.crt
- client.domain.local.key
ubuntu/vpn/openvpn/setup_an_openvpn_server.txt · Last modified: 2021/07/02 16:16 by peter