How to Install OpenVPN on Ubuntu Linux VPS

This post is in continuation of my earlier post where we discussed how to install OpenVPN on Centos Linux VPS . Today i am going to graphically show you how to install OpenVPN on a Ubuntu VPS . In this post i will be omitting some very basic steps like installing putty and openvpn client on Windows , editing files with vi text editor etc and transferring files through winscp . You may refer to the earlier post i mentioned for these basic steps . Here is what you will require to accomplish this installation of OpenVPN on Ubuntu :

An OpenVZ VPS with minimum 64 MB ( preferably 128 MB ) RAM with vanilla install of Ubuntu 11.04 OS. I tested this tuotorial with Ubuntu 11.04 , though i have all the reasons to believe that it should work for other ubuntu versions as well. You must be having root access to the VPS. You can get cheap VPS under $20 per year easily . For some very cheap offers you can find this site very useful.
Putty for connecting remotely with your VPS
Winscp for tranferring certificates and key files to your computer.
OpenVPN client for your computer.

With this small introduction we begin our ‘long’ journey of installing OpenVPN on a Ubuntu VPS.

UPDATE: ( If you get stuck at any point, it is likely that the package versions mentioned in these commands have been replaced by a newer version. Try to replace the version number with a newer version. For example in this command cd /etc/openvpn/easy-rsa/2.0/ the new version number might be 2.1 or 2.2 or whatever. Google for the latest version and you should be good to go to install OpenVPN on Ubuntu. I will try to refresh this tutorial when i get some free time. But basically the commands will remain same.)

Step One: Connect to your computer through putty as root and issue the following commands ( one by one ) to update your Ubuntu installation and packages.

apt-get update

apt-get upgrade –show-upgraded

Step Two: Install Ubuntu OpenVPN server by issuing the following command in Putty Window.

apt-get install openvpn udev

Step Three : Ubuntu OpenVPN comes with encryption tool called Easy RSA and we need to copy relevant files to the OpenVPN directory. Issue the following command in the Putty Window.

cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn

Step Four: Next we are going to initiate the Public Key Infrastructure ( PKI ) and build Certificate Authority which we will use to create keys and certificates for Server and clients of OpenVPN. Issue the following commands.

cd /etc/openvpn/easy-rsa/2.0/

. /etc/openvpn/easy-rsa/2.0/vars

. /etc/openvpn/easy-rsa/2.0/clean-all

. /etc/openvpn/easy-rsa/2.0/build-ca

The last command will initiate a script that will ask for values. Just keep on hitting the Enter button on your computer and accept the default values except the email which you would like to change , though it is not very critical.

Step Five: Next we need to create Server Key using the Certificate Authority we built in Step Four of installing OpenVPN on Ubuntu. Issue the following command in the putty window and just keep on hitting Enter button at prompts ( optionally you might want to change the email ) :

. /etc/openvpn/easy-rsa/2.0/build-key-server server

Similarly we also need to create client key by using the following command in Putty terminal window:

. /etc/openvpn/easy-rsa/2.0/build-key client1

Step Six : We need to generate Deffie Hellman Parameters which will be governing the key exchanges between the client and the server of Ubuntu OpenVPN. Issue the following command in Putty Terminal window.

. /etc/openvpn/easy-rsa/2.0/build-dh

Step Seven : Next we need to relocate the keys from /etc/openvpn/easy-rsa/2.0/keys to /etc/openvpn directory by using the following commands in the Putty window :

cd /etc/openvpn/easy-rsa/2.0/keys

cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn

Step Eight : In this step we are going to configure the Virtual Private Network by altering certain configuring files that come as default with the the installation of OpenVPN on Ubuntu. Here we will need to use the linux text editor named vi . It is very easy to use all you have to remember is that in order to enter Insert Mode ( editing mode ) , you will need to press i on your keyboard. To come out of the insert mode and save the changes you will press Escape button your keyboard and then type :wq and press enter. Issue the following commands one by one in the Putty Window :

cd /usr/share/doc/openvpn/examples/sample-config-files

gunzip -d server.conf.gz

cp server.conf /etc/openvpn/

cp client.conf ~/

cd ~/

vi client.conf

Edit the client.conf file at two locations :

Enter the IP address of your Ubuntu VPS and rename client.crt an client.key files to client1.crt and client1.key .

Step Nine : Now is the time to start the Ubuntu OpenVPN Server . Use the following command in the Putty terminal window :

/etc/init.d/openvpn start

Step Ten : In this step we are going to do necessary amendments to tunnel all traffic through the OpenVPN server on the VPS. We need to amend certain files .

First issue the following command and edit server.conf file.

vi /etc/openvpn/server.conf

uncomment the following line

push “redirect-gateway def1 bypass-dhcp”

and then add the following line

push “dhcp-option DNS 10.8.0.1″

Step Eleven : Next we need to edit /etc/sysctl.conf file .

Issue the following command

vi /etc/sysctl.conf

and uncomment the following line

net.ipv4.ip_forward=1

Next we issue the following command in the

echo 1 > /proc/sys/net/ipv4/ip_forward

Next issue the following commands to configure Iptables one by one:

iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to-source YourVPSIP

(Insert your vps Ip in place of red text before issuing last command.)

Next issue the following command to edit /etc/rc.local file and add the iptables rules in there :

vi /etc/rc.local

(Again remember to Insert your vps Ip in place of red text before issuing last command.)

Finally restart the Ubuntu OpenVPN server by the following command in putty terminal window :

/etc/init.d/openvpn restart

Step Twelve : Next we transfer the following four files from VPS Ubuntu OpenVPN server to client machine where you would install openvpn client and transfer those files to config directory of OpenVPN . You can refer to my earlier post (step 9 and Step 15 ) for Installation of OpenVPN on Centos for instructions on how to transfer the files through WinScp towards the end of the article. With these minor steps of transferring key files to your client computer , we have successfully installed OpenVPN on Ubuntu VPS .

And finally you will be able to test your IP through whatismyip.com or other similar sites and if the reported IP is that of your VPS , then you have followed my tutorial in true spirit and successfully installed OpenVPN on Ubuntu. You will be able to watch the geo restricted content then and bypass any filters your ISP or government may have imposed like i was able to watch Hulu though i am in Pakistan . This is a free world and internet is born to be free without any restrictions.

This was all about it . And believe you me , it is as simple as it gets and you wont find any tutorial on the internet simpler than this to install OpenVPN on Ubuntu .

About The Author

Muhammad Usman

Muhammad Usman is an Information Systems Auditor by profession and loves to read and write about Technology and how it influences our lives.He can also be reached at Google+

23 Comments

Craig January 21, 2012
Hi,
I’m trying to get this working on my ubuntu server, but don’t seem to be able to get past step 11 when I try to enter the iptables commands I’m getting a bad argument error?
root@XXXX:~# iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
Bad argument `–state’
Try `iptables -h’ or ‘iptables –help’ for more information.
root@XXXX:~#
Am I doing something wrong?
Reply

Evgheni November 18, 2013
Use –state instead of -state. Same for -to-source – should be –to-source
Reply
Doldz June 11, 2014
For those that arrive here check the comment above…
Reply

Shah February 13, 2012
failed at step 9
* Starting virtual private network daemon(s)… * Autostarting VPN ‘server’ [fail]
Reply
Damir February 20, 2012
Thank you! Works perfectly with a 128mb Ubuntu 11.04 VPS.
The iptable commands are wrong however, they are missing 1 charater. They should be:
iptables -A FORWARD -m state (2 – here)state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT (2 – here)to-source YourVPSIP
It is using a single dash in your guide when it needs 2 in those places.
Reply
asrulfnd April 3, 2012
TQVM…this tutorial however more complete than the previous for CentOS one.
I’ve successfully setup mine with victory after follow this tut, even I use for CentOS 5.
Now I’m ready to guide others on this openvpn setup. haha.
Reply
Kyle June 2, 2012
Thanks so much, this actually worked for me. I read for days on how to set up VPN on VPS. This really works perfectly and I finally understand the ip routing!
Reply
chernobel July 22, 2012
thanks a lot worked great , but i have one question
if i want to make 3 users using this VPN , what should i do??
Reply
FARUQ August 4, 2012
Fantastic Guide!
I got it all to work but I had some DNS issues, the DNS 10.8.0.1 wasnt working for whatever reason.. So I ended up using 8.8.8.8 on my side and viola!
Thanks.
Reply
xtreme September 24, 2012
Hi! How To forward ports from VPN server to client? In Ubuntu?
Reply
Patrick October 5, 2012
when i connect using openvn client i’m asked for a username and password… what is the default? how do i change?
Reply
Patrick October 5, 2012
And sometimes my Openvpn client on the tray says “No VPN servers found.”
Reply
none February 24, 2013
THANK YOU!
Reply
gb March 18, 2013
In step 8 when I put this command gunzip -d server.conf.gz then I get error :
“gzip: server.conf.gz: No such file or directory”
how to fix it?
If I continue to other steps then at the end server daemon fails to start
Reply
Chandan March 28, 2013
i am getting the following error
Mar 28 22:14:23 vps named[16833]: client 10.8.0.6#55873: query (cache) ‘safebrowsing-cache.google.com/A/IN’ denied
please can you guide me how to fix this
Reply
Alper April 5, 2013
i’m the noobest ubuntu user on the world and i did it!
just you have to use 8.8.8.8 on your computer’s DNS, and it’ll work!
Also, please update the article for “iptables” section. it needs double “- -” as Damir said on older comment. It seems you wrote double – but your WYSIWYG changed it to 1,5 – like MS Word does.
Thank you very much for the article. Now i can use my seedbox vps as a VPN.
Reply
John April 6, 2013
Manual is not working any more, it’s out of date.
Reply
Aleksandar June 8, 2013
So this is the first tutorial that lead me to successfully install, activate openvpn and connect from my home pc. But now i have problem that i can’t browse internet when im connected to vpn. what could be the cause?
Reply

Dr ME October 28, 2013
Same here. Can’t find any info.
Reply

jason November 15, 2013
Step 12: Which four files is he talking about? In his earlier tutorial I only see three files. “ca.crt”, “client1.crt” & “client1.key”. Am I wrong or what is the fourth file?
Reply
Alex November 28, 2013
Followed the guide replacing the 10.8.0.1 with 8.8.8.8 and adding the missing hyphens and it did not work once all steps were completed and TAP/TUN was installed on the VPS.
Reply
farbod February 8, 2014
this article is excellent
tnx for share
Reply
Rob5561 March 24, 2014
I was also having trouble with DNS resolution. My problem was there was no DNS server running on my OpenVPN server. I solved this by installing and configuring Dnsmasq as follows:
Install Dnsmasq
apt-get install dnsmasq
Modify /etc/dnsmasq.conf
listen-address=127.0.0.1,10.8.0.1
bind-interfaces
Insert into /etc/rc.local
/etc/init.d/dnsmasq start
Reply

TipUpdate.com