How to Install OpenVPN on Ubuntu Linux VPS

This post is in continuation of my earlier post where we discussed how to install OpenVPN on Centos Linux VPS  . Today i am going to graphically show you how to install OpenVPN on a Ubuntu VPS . In this post i will be omitting some very basic steps like installing putty and openvpn  client on Windows , editing files with vi text editor etc and transferring files through winscp . You may refer to the earlier post i mentioned for these basic steps . Here is what you will require to accomplish this installation of OpenVPN on Ubuntu :

  • An OpenVZ  VPS with minimum 64 MB ( preferably 128 MB ) RAM with vanilla install of Ubuntu 11.04 OS. I tested this tuotorial with Ubuntu 11.04 , though i have all the reasons to believe that it should work for other ubuntu versions as well. You must be having root access to the VPS. You can get cheap VPS under $20 per year easily . For some very cheap offers you can find this site very  useful.
  • Putty for connecting remotely with your VPS
  • Winscp for tranferring certificates and key files to your computer.
  • OpenVPN client for your computer.
With this small introduction we begin our ‘long’  journey of installing OpenVPN on a Ubuntu VPS.
 
UPDATE: ( If you get stuck at any point, it is likely that the package versions mentioned in these commands have been replaced by a newer version. Try to replace the version number with a newer version. For example in this command cd /etc/openvpn/easy-rsa/2.0/    the new version number might be 2.1 or 2.2 or whatever. Google for the latest version and you should be good to go to install OpenVPN on Ubuntu. I will try to refresh this tutorial when i get some free time. But basically the commands will remain same.) 

Step One: Connect to your computer through putty as root and issue the following commands ( one by one ) to update your Ubuntu installation and packages.

apt-get update

apt-get upgrade –show-upgraded

Step Two: Install Ubuntu OpenVPN server by issuing the following command in Putty Window.

apt-get install openvpn udev

Step Three : Ubuntu OpenVPN comes with encryption tool called Easy RSA and we need to copy relevant files to the OpenVPN directory. Issue the following command in the Putty Window.

cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn

Step Four: Next we are going to initiate the Public Key Infrastructure ( PKI ) and build Certificate Authority which we will use to create keys and certificates for Server and clients of OpenVPN. Issue the following commands.

cd /etc/openvpn/easy-rsa/2.0/

. /etc/openvpn/easy-rsa/2.0/vars

. /etc/openvpn/easy-rsa/2.0/clean-all

. /etc/openvpn/easy-rsa/2.0/build-ca

The last command will initiate a script that will ask for values. Just keep on hitting the Enter button on your computer and accept the default values except the email which you would like to change , though it is not very critical.

Step Five: Next we need to create Server Key using the Certificate Authority we built in Step Four of installing OpenVPN on Ubuntu. Issue the following command in the putty window and just keep on hitting Enter button at prompts ( optionally you might want to change the email ) :

. /etc/openvpn/easy-rsa/2.0/build-key-server server

Similarly we also need to create client key by using the following command in Putty terminal window:

. /etc/openvpn/easy-rsa/2.0/build-key client1

Step Six : We need to generate Deffie Hellman Parameters which will be governing the key exchanges between the client and the server of Ubuntu OpenVPN. Issue the following command in Putty Terminal window.

. /etc/openvpn/easy-rsa/2.0/build-dh

Step Seven : Next we need to relocate the keys from  /etc/openvpn/easy-rsa/2.0/keys to /etc/openvpn directory by using the following commands in the Putty window :

cd /etc/openvpn/easy-rsa/2.0/keys

cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn

Step Eight : In this step we are going to configure the Virtual Private Network by altering certain configuring files that come as default with the the installation of OpenVPN on Ubuntu. Here we will need to use the linux text editor named vi . It is very easy to use all you have to remember is that in order to enter Insert Mode ( editing mode ) , you will need to press i on your keyboard. To come out of the insert mode and save the changes you will press Escape button your  keyboard and then type :wq and press enter. Issue the following commands one by one in the Putty Window :

cd /usr/share/doc/openvpn/examples/sample-config-files

gunzip -d server.conf.gz

cp server.conf /etc/openvpn/

cp client.conf ~/

cd ~/

vi client.conf

Edit the client.conf file at two locations :

Enter the IP address of your Ubuntu VPS and rename client.crt an client.key files to client1.crt and client1.key .

 

Step Nine : Now is the time to start the Ubuntu OpenVPN Server . Use the following command in the Putty terminal window :

/etc/init.d/openvpn start

Step Ten : In this step we are going to do necessary amendments to tunnel all traffic through the OpenVPN server on the VPS.  We need to amend certain files .

First issue the following command and edit server.conf file.

vi  /etc/openvpn/server.conf

uncomment the following line

push “redirect-gateway def1 bypass-dhcp”

 

and then add the following line

push “dhcp-option DNS 10.8.0.1″

Step Eleven : Next we need to edit /etc/sysctl.conf file .

Issue the following command

 vi /etc/sysctl.conf

and uncomment the following line

net.ipv4.ip_forward=1

Next we issue the following command in the

echo 1 > /proc/sys/net/ipv4/ip_forward

Next issue the following commands to configure Iptables one by one:

iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to-source YourVPSIP

(Insert your vps Ip in place of red text before issuing last command.)

Next issue the following command to edit /etc/rc.local file and add the iptables rules in there :

vi /etc/rc.local

iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to-source YourVPSIP

(Again remember to Insert your vps Ip in place of red text before issuing last command.)

Finally restart the Ubuntu OpenVPN server by the following command in putty terminal window :

/etc/init.d/openvpn restart

Step Twelve : Next we transfer the following four files from VPS Ubuntu OpenVPN server to client machine where you would install openvpn client and transfer those files to config directory of OpenVPN . You can refer to my earlier post  (step 9 and Step 15 ) for Installation of OpenVPN on Centos for instructions on how to transfer the files through WinScp towards the end of the article. With these minor steps of transferring key files to your client computer , we have successfully installed OpenVPN on Ubuntu VPS .

And finally you will be able to test your IP through whatismyip.com or other similar sites and if the reported IP is that of your VPS , then you have followed my tutorial in true spirit  and successfully installed OpenVPN on Ubuntu. You will be able to watch the geo restricted content then and bypass any filters your ISP or government may have imposed like i was able to watch Hulu though i am in Pakistan . This is a free world and internet is born to be free without any restrictions.

This was all about it . And believe you me , it is as simple as it gets and you wont find any tutorial on the internet simpler than this to install OpenVPN on Ubuntu .

 

  • Craig

    Hi,

    I’m trying to get this working on my ubuntu server, but don’t seem to be able to get past step 11 when I try to enter the iptables commands I’m getting a bad argument error?

    root@XXXX:~# iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
    Bad argument `–state’
    Try `iptables -h’ or ‘iptables –help’ for more information.
    root@XXXX:~#

    Am I doing something wrong?

    • Evgheni

      Use –state instead of -state. Same for -to-source – should be –to-source

  • Shah

    failed at step 9
    * Starting virtual private network daemon(s)… * Autostarting VPN ‘server’ [fail]

  • http://www.d4m1r.com Damir

    Thank you! Works perfectly with a 128mb Ubuntu 11.04 VPS.

    The iptable commands are wrong however, they are missing 1 charater. They should be:

    iptables -A FORWARD -m state (2 – here)state RELATED,ESTABLISHED -j ACCEPT
    iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
    iptables -A FORWARD -j REJECT
    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT (2 – here)to-source YourVPSIP

    It is using a single dash in your guide when it needs 2 in those places.

  • asrulfnd

    TQVM…this tutorial however more complete than the previous for CentOS one.
    I’ve successfully setup mine with victory after follow this tut, even I use for CentOS 5.
    Now I’m ready to guide others on this openvpn setup. haha.

  • Kyle

    Thanks so much, this actually worked for me. I read for days on how to set up VPN on VPS. This really works perfectly and I finally understand the ip routing!

  • chernobel

    thanks a lot worked great , but i have one question
    if i want to make 3 users using this VPN , what should i do??

  • FARUQ

    Fantastic Guide!

    I got it all to work but I had some DNS issues, the DNS 10.8.0.1 wasnt working for whatever reason.. So I ended up using 8.8.8.8 on my side and viola!

    Thanks.

  • xtreme

    Hi! How To forward ports from VPN server to client? In Ubuntu?

  • Patrick

    when i connect using openvn client i’m asked for a username and password… what is the default? how do i change?

  • Patrick

    And sometimes my Openvpn client on the tray says “No VPN servers found.”

  • none

    THANK YOU!

  • gb

    In step 8 when I put this command gunzip -d server.conf.gz then I get error :
    “gzip: server.conf.gz: No such file or directory”

    how to fix it?

    If I continue to other steps then at the end server daemon fails to start

  • Chandan

    i am getting the following error

    Mar 28 22:14:23 vps named[16833]: client 10.8.0.6#55873: query (cache) ‘safebrowsing-cache.google.com/A/IN’ denied

    please can you guide me how to fix this

  • Alper

    i’m the noobest ubuntu user on the world and i did it!

    just you have to use 8.8.8.8 on your computer’s DNS, and it’ll work!

    Also, please update the article for “iptables” section. it needs double “- -” as Damir said on older comment. It seems you wrote double – but your WYSIWYG changed it to 1,5 – like MS Word does. :)

    Thank you very much for the article. Now i can use my seedbox vps as a VPN. :)

  • John

    Manual is not working any more, it’s out of date.

  • Aleksandar

    So this is the first tutorial that lead me to successfully install, activate openvpn and connect from my home pc. But now i have problem that i can’t browse internet when im connected to vpn. what could be the cause?

    • Dr ME

      Same here. Can’t find any info.

  • jason

    Step 12: Which four files is he talking about? In his earlier tutorial I only see three files. “ca.crt”, “client1.crt” & “client1.key”. Am I wrong or what is the fourth file?

  • Alex

    Followed the guide replacing the 10.8.0.1 with 8.8.8.8 and adding the missing hyphens and it did not work once all steps were completed and TAP/TUN was installed on the VPS.

  • http://farbodm.ir farbod

    this article is excellent
    tnx for share

  • Rob5561

    I was also having trouble with DNS resolution. My problem was there was no DNS server running on my OpenVPN server. I solved this by installing and configuring Dnsmasq as follows:

    Install Dnsmasq

    apt-get install dnsmasq

    Modify /etc/dnsmasq.conf

    listen-address=127.0.0.1,10.8.0.1
    bind-interfaces

    Insert into /etc/rc.local

    /etc/init.d/dnsmasq start