Ubuntu VPN Server: A Comprehensive Guide

ubuntu vpn server

Are you looking for a secure and reliable way to access your home or office network remotely? A Virtual Private Network (VPN) is a great solution for this. In this guide, we will show you how to set up an Ubuntu VPN server using OpenVPN. This guide is suitable for both home and office users.


Before we get started, you will need to have the following:

  • An Ubuntu server with root access
  • A basic understanding of the command line
  • A domain name or static IP address
  • A firewall enabled on your server

Step 1: Install OpenVPN

The first step is to install OpenVPN on your Ubuntu server. Open a terminal window and run the following command:

sudo apt-get update
sudo apt-get install openvpn easy-rsa

Step 2: Configure OpenVPN

Once OpenVPN is installed, you need to configure it. Open the OpenVPN server configuration file by running the following command:

sudo nano /etc/openvpn/server.conf

In this file, you need to make the following changes:

  • Uncomment the user and group lines and set them to nobody
  • Uncomment the ;push "redirect-gateway def1 bypass-dhcp" line
  • Uncomment the ;user nobody and ;group nogroup lines
  • Uncomment the ;log-append /var/log/openvpn.log line
  • Uncomment the ;status /var/log/openvpn-status.log line
  • Uncomment the ;verb 3 line

Once you have made these changes, save and close the file.

Step 3: Configure Firewall

Next, you need to configure your firewall to allow OpenVPN traffic. Run the following commands:

sudo ufw allow 1194/udp
sudo ufw allow OpenSSH
sudo ufw enable

Step 4: Create Certificates and Keys

To create certificates and keys, you need to use the easy-rsa tool that was installed in step 1. Run the following commands:

cd /usr/share/easy-rsa/
sudo ./easyrsa init-pki
sudo ./easyrsa build-ca
sudo ./easyrsa build-server-full server

Step 5: Generate Client Certificates and Keys

To generate client certificates and keys, run the following command:

sudo ./easyrsa build-client-full client1

You can replace client1 with any name you want.

Step 6: Copy Certificates and Keys

Copy the server certificate, key, and DH parameters to the OpenVPN configuration directory by running the following commands:

sudo cp /usr/share/easy-rsa/pki/ca.crt /usr/share/easy-rsa/pki/private/server.key /usr/share/easy-rsa/pki/issued/server.crt /usr/share/easy-rsa/pki/dh.pem /etc/openvpn/

Copy the client certificate and key to the client machine by running the following commands:

sudo mkdir -p /etc/openvpn/client1
sudo cp /usr/share/easy-rsa/pki/private/client1.key /usr/share/easy-rsa/pki/issued/client1.crt /usr/share/easy-rsa/pki/ca.crt /etc/openvpn/client1/

Step 7: Start OpenVPN

Finally, start OpenVPN by running the following command:

sudo systemctl start openvpn@server

If you want OpenVPN to start automatically on boot, run the following command:

sudo systemctl enable openvpn@server