Guide to Install OpenVPN on Ubuntu 20.04

Step 1: Update System Packages

sudo apt update
sudo apt upgrade -y

Step 2: Install OpenVPN and Easy-RSA

sudo apt install openvpn easy-rsa -y

Step 3: Set Up the Certificate Authority (CA)

1. Create a directory for Easy-RSA:

make-cadir ~/openvpn-ca
cd ~/openvpn-ca

2. Edit the vars file to customize CA settings:

nano vars

Update the following lines with your information:

set_var EASYRSA_REQ_COUNTRY    "US"
set_var EASYRSA_REQ_PROVINCE   "California"
set_var EASYRSA_REQ_CITY       "Los Angeles"
set_var EASYRSA_REQ_ORG        "MyOrganization"
set_var EASYRSA_REQ_EMAIL      "admin@example.com"
set_var EASYRSA_REQ_OU         "MyOrganizationalUnit"

Step 4: Build the CA

./easyrsa init-pki
./easyrsa build-ca nopass

Step 5: Generate Server Certificate and Key

./easyrsa gen-req server nopass
sudo cp pki/private/server.key /etc/openvpn/

Step 6: Sign Server Certificate

./easyrsa sign-req server server
sudo cp pki/issued/server.crt /etc/openvpn/
sudo cp pki/ca.crt /etc/openvpn/

Step 7: Generate Diffie-Hellman Parameters

./easyrsa gen-dh
sudo cp pki/dh.pem /etc/openvpn/

Step 8: Configure OpenVPN Server

1. Copy the sample configuration file:

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
cd /etc/openvpn/
sudo gzip -d server.conf.gz

2. Edit the server configuration file:

sudo nano server.conf

Uncomment or set the following lines:

ca ca.crt
cert server.crt
key server.key  # keep secret
dh dh.pem
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

Step 9: Enable IP Forwarding

Edit the sysctl configuration:

sudo nano /etc/sysctl.conf

Uncomment this line:

net.ipv4.ip_forward=1

Apply changes:

sudo sysctl -p

Step 10: Start and Enable OpenVPN

sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server

Step 11: Configure Firewall (if UFW is enabled)

sudo ufw allow 1194/udp
sudo ufw allow OpenSSH
sudo ufw enable

Step 12: Generate Client Certificates

cd ~/openvpn-ca
./easyrsa gen-req client1 nopass
./easyrsa sign-req client client1
cp pki/private/client1.key /etc/openvpn/
cp pki/issued/client1.crt /etc/openvpn/

Step 13: Create Client Configuration File

Create a client config file client1.ovpn:

client
dev tun
proto udp
remote your_server_ip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<ca>
$(cat /etc/openvpn/ca.crt)
</ca>
<cert>
$(cat /etc/openvpn/client1.crt)
</cert>
<key>
$(cat /etc/openvpn/client1.key)
</key>

Step 14: Connect to VPN

Transfer the client1.ovpn file to your client machine and connect using:

openvpn --config client1.ovpn

OpenVPN is now installed and configured on your Ubuntu 20.04 server.