ufw-before-rules
0

we shall show you a step-by-step guide how to install and setup OpenVPN server on Ubuntu 14.04 VPS with screenshot pics as always. I believe you’ll easily understand and be able to implement it all you are a really newbie.( by yourself even*****)

As a refresh, what exactly is VPN and OpenVPN? VPN means Virtual Private system while OpenVPN is an software that is open-source that implements VPN techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. Shortly saying, it is a free mechanism and tool to allow you to browse securely and privately you to unblock browsing restriction, avoid website censorship, and to hide your real IP (location) plus it allows. We posted detail by detail description about this on my past articles which you might would also like to learn it:

  1. How to put in OpenVPN on CentOS
  2. How to put in OpenVPN like on Ubuntu
  3. Easiest automated option to Install OpenVPN on Ubuntu

the thing you need

  1. A host / VPS operating Ubuntu. Inside guide i personally use Ubuntu 14.04 x64 with 1GB RAM from Digital Ocean (DO). As constantly i personally use DO for testing function when I can easily produce and destroy a server without the need to purchase a month that is full. Feel free to use VPS from any provider you want like Ramnode, Crissic, and ( that is else***********)
  2. You might require a knowledge that is proper use Putty, SSH and common Unix command.
  3. And if somehow you are using an VPS that is openVZ-based have actually enable TUN/TAP choices inside VPS control interface (age.g: SolusVM). Xen and KVM users need not.

Enable TUN/TAP:

How to put in OpenVPS Server

Step 1 – Login towards host as root:

loginasrootubuntu

Step 2 – to ensure your Ubuntu’s repository is updated, merely perform some apt-get up-date demand:

apt-get update

aptget-update

Step 3 – and when you will get the “Done” message, it’s simple to install OpenVPN and Easy-RSthe with this 1 line demand:

apt-get install openvpn easy-rsa

Do remember to respond to with Y whenever expected:

install-openvpn-ubuntu

Once done, you’ll see something similar to this:

openvpn-installed

Step 4 – Now you need to obtain the setup apply for OpenVPN to exert effort. Problem this demand:

gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf

This can give no production when it’s done.

server-conf

Step 5 – Then available that file making use of your text that is favorite editor I prefer to use Nano, just type the command then hit Enter and the text editor will show up :

nano /etc/openvpn/server.conf

Configuring OpenVPN Server

Step 6 – Next, there are several lines in that file you need to edit (configuring OpenVPN):

6.1 – Look for the section called Diffie hellman parameters:

diffie-hellman-parameters

then change dh dh1024.pem to (*********************************************************************************************************************************************************************************************************************************************************************************************************************************).pemdh dh(**********) to boost the safety encryption.

6.2 – Next, find this area besides:

openvpn-config1

This area informs VPN host to pass through on customers web that is to its destination. Simply uncomment that part so it looks like this:

openvpn-config2

6.3 – Now let’s move to the next section just right after the previous one, just move down a bit.

openvpn-config3

again, uncomment the two lines of configuration you can change that to Google DNS as well (8.8.8.8 and 8.8.4.4).

6.4( so it looks like this:

openvpn-config4

That section tells OpenVPN to configure DNS Resolver using OpenDNS,**********) – the very last one, try to find this area:

openvpn-config5

Uncomment that section*****) that is:(****)openvpn-config6

That’s it. Now save changes and exit. Then Control+X.( if you are using Nano editor like me, simply hit Control+O*****)

Step 7(**********)– you will need to enable also IP forwarding in the file /etc/sysctl.conf need to tell the server’s kernel to traffic that is forward customer products out towards the online. Problem this demand:

echo 1 > /proc/sys/net/ipv4/ip_forward

it shall output nothing

port-forward

next you can edit the sysctl.conf file using Nano or your favorite editor.

nano /etc/sysctl.conf

Now Uncomment the line to enable packet forwarding for IPv4*****) that is:(****)ipv4-forward

make it such as this:

ipv4-forward2

Now save your self modifications and exit (Control+O then Control+X in Nano)

Step 8 – upcoming, problem this two lines of demand to share with UFW to permit UDP traffic over slot 1194:

allow ssh
 enable UDP traffic over slot 1194

pic:

ufw-allow-udp

* UFW = simple Firewall, a firewall software comes automatically in Ubuntu 14.04

Step 9 – Change UFW’s main setup file by establishing its forwarding policy making use of Nano:

nano /etc/default/ufw

In that file, try to find this line: DEFAULT_FORWARD_POLICY=”DROP”

and change DROP with ACCEPT

forward-policy

Step 10 – additionally, you need to include extra UFW guidelines for community target interpretation and internet protocol address masquerading of connected customers. Problem demand below:

nano /etc/ufw/before.rules

Then include section that is additional after rules.before (near the top). Copy paste this setting:

# START OPENVPN RULES
 # NAT table rules
 *nat
 :POSTROUTING ACCEPT [0:0] 
 # Allow traffic from OpenVPN client to eth0
 -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
 COMMIT
 # END OPENVPN RULES

so it looks like this:

ufw-before-rules

Save changes and close the editor (Control+O then Control+X in Nano). Done? Simply enable UFW:

ufw enable

answer Y when asked.

ufw-enable

Build the Certificate Authority for OpenVPN

Step 11 – You have to copy over the Easy-RSA generation scripts to OpenVPN directory and create a directory called easy-rsa/keys:

cp -r /usr/share/easy-rsa/ /etc/openvpn
 mkdir /etc/openvpn/easy-rsa/keys

easy-rsa-setup

Step 12 – Now you have to edit few variables using your favorite editor:

nano /etc/openvpn/easy-rsa/vars

Scroll down the page a bit and look for default values for fields which will be placed in the certificate, change that according your preferences:

key-cert

Step 19 – Also look for this line:

export KEY_NAME="EasyRSA"

and change that “EasyRSA” part with “server” for simplicity.

key-name-server

Now save changes and exit the editor.

Step 20 – Next, generate the Diffie-Hellman parameters using this command:

openssl dhparam -out /etc/openvpn/dh2048.pem 2048

just wait as it may take minutes that are few finish:

diffie-hellman-generate

Step 21 – Now go on to easy-rsa directory and initialize the PKI (Public Key Infrastructure). Problem these people:

cd /etc/openvpn/easy-rsa
 . ./vars
 ./clean-all

The final command that is clean-all to clear the working directory of any possible old or example keys hence you can create our new one.

clean-easy-rsa

Step 22 – Let’s build the Authority that is certificate) making use of this easy one line demand:

./build-ca

You’ll be expected a few concern but merely hit Enter for every single. Don’t stress its currently set towards entries earlier in the day:

openvpn-ca

Step 23 – upcoming, build the server’s key with this particular demand:

./build-key-server host

You can change host with what you may’ve defined in action 19 above. E.g: {if the export KEY_NAME is servermom then it looks like this

./build-key-server servermom

You’ll be again asked with series of question, simply hit Enter until you see a message saying Database Updated.

build-server-ca

Step 24 – Now the Server Certificates and Keys are created, you then have to move them in the OpenVPN directory:

cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt|then it looks like this 
./build-key-server servermom

You’ll be again asked with series of question, simply hit Enter until you see a message saying Database Updated.

build-server-ca

Step 24 – Now the Server Certificates and Keys are created, you then have to move them in the OpenVPN directory:

cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt if the export KEY_NAME is servermom}} /etc/openvpn
 ls /etc/openvpn

you should now understand three files happen relocated

copy-server-cert

Step 25 – That’s it. You can now begin OpenVPN making use of this easy demand:

service openvpn begin

Then the next time you may make certain its operating by issuing this demand:

service openvpn status

 

 

start-ovpn-server

Using Your OpenVPN Server

Step 26 – you have to firstly create certificates and keys for each client device which will be connecting to the VPN before you can use your newly built OpenVPN server. Still in the /etc/openvpn/easy-rsa directory, build authentication credentials for a client which in this example we call it client1. Issue this command:

./build-key client1

You can simply press Enter for each question or you may also change its default value but make sure the two last questions are left blank (hit Enter). But do not forget to answer Y for the very questions that are last

build-ca-client1

Step 27 – Now copy the instance customer setup file towards the Easy-RSa directory that is key rename it as client.conf.

cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/client.ovpn

copy-client-conf

Step 28 – Now download the client1.crt, client1.key, client.ovpn and ca.crt files to your device (PC, Smartphone or Tablet). Remember that ca.crt file is stored in /etc/openvpn/ directory at your server while the other three are in /etc/openvpn/easy-rsa/keys/.

How can you download those files Filezilla that is using or*****)

filezilla-transfer

Step 29 – When downloaded, open customer.ovpn file making use of text that is simple like Notepad (In Windows, right-click then Open With..). Look for this relative line: remote my-server-1 1194. Substitute my-server-1 together with your server/vps ip:

edit-client-ovpn

In this instance i personally use Sublime alternatively Notepad.

edit-client-ovpn-2

Next, this might be optional but may required on your non-Windows device (iOS or Android or Linux), uncomment the user and group section:

edit-client-ovpn-3

That’s it if you want to use it. Save changes and exit the editor (Notepad, Sublime, etc).

OPTIONAL STEP

Basically your client.ovpn configuration file is ready to use now but you have to copy all four files to your OpenVPN Client’s config folder. However you can join / unified all those four files into one client that is single. ovpn file. To achieve that, re-open your client.ovpn file making use of Notepad. Scroll right down to the end regarding the web page and paste below entries*****) that is:(*****************)<ca> (insert ca.crt here) </ca> <cert> (insert client1.crt here) </cert> <key> (insert client1.key here) </key>

Next, open the ca.crt File in Notepad, paste and copy all just what within it to customer.ovpn file.  Perform some exact same for client1.crt and client1.key. As soon as done, save your self modifications and exit text editor. The thing is the exemplory instance of my result that is unified here*********). Save changes and exit text editor

Step 30 – Now copy the configuration file to default OpenVPN config folder (client app). In Windows it should be at C:Program FilesOpenVPNconfig.

client-ovpn-copied

Big note: You have to copy all the four files in single .ovpn if you have not joined them file.

That’s it. You can now start OpenVPN customer software and decide to try your newly produced VPN the extremely time that is first*****)

connection-vpn

Huff.. that’s really a long long steps but it will give you totally different satisfaction to build it yourself. However, then simply read and follow my previous guide about OpenVPN auto-installation on Ubuntu server here if you want to cut all those steps and want easier method to install OpenVPN server. Don’t neglect to follow me personally on Twitter for notified for brand new articles. Many Thanks

The essential difference between complimentary and Open-Source computer software

Previous article

Just how to Automate Elixir-Phoenix Deployment with Distillery and edeliver on Ubuntu 16.04

Next article

You may also like

Comments

Leave a reply

Your email address will not be published. Required fields are marked *

More in How To