How to Set Up a VPN Server on Ubuntu

Edited 3 weeks ago by ExtremeHow Editorial Team

VPNServerUbuntuLinuxNetworkingSecurityConfigurationOperating SystemsSystemSetup

Setting up a VPN (Virtual Private Network) server on your Ubuntu machine is one of the most effective ways to ensure privacy and security when accessing the Internet. With a VPN, you can protect your Internet traffic from curious eyes, access geo-blocked content, and maintain anonymity while browsing. This guide provides a step-by-step approach to setting up a VPN server using OpenVPN on Ubuntu. We will break down the process into simple steps so that it is understandable for everyone, even beginners.

Understanding VPNs

A VPN is essentially a secure connection over the Internet from a device to a network. When you connect to a VPN, it encrypts your data, making it difficult for anyone to intercept and access your information. This encryption protects your online activities from hackers, ISPs, and other third parties.

VPNs are typically used for the following purposes:

• Keeping data secure on public Wi-Fi networks.
• Accessing geographically restricted content.
• Protection of personal information.

Prerequisites

Before we begin setting up a VPN server on Ubuntu, make sure you have the following:

• An Ubuntu Server. This can be a physical or virtual machine.
• Root or sudo access. This is required to install and configure the software.
• Basic understanding of command-line operations.

Step 1: Update the system

Update your system to make sure it is up-to-date. Open your terminal and run the following command:

sudo apt update && sudo apt upgrade -y

This command updates the list of available packages and their versions, and then updates the packages.

Step 2: Install OpenVPN

Next, we need to install OpenVPN on the server. OpenVPN is a popular open-source VPN solution. You can install it with the following command:

sudo apt install openvpn easy-rsa -y

The easy-rsa package is used to create a certificate authority (CA) for your server. The CA issues certificates that help authenticate clients connecting to the VPN.

Step 3: Set up the VPN server configuration

After installing OpenVPN, you need to copy the sample configuration file provided by OpenVPN to the /etc/openvpn directory. This file serves as a template for your configuration. Use the following command to copy it:

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/

This configuration file is compressed, so you need to unzip it before you can edit it. Use the command below to extract it:

sudo gzip -d /etc/openvpn/server.conf.gz

Once unzipped, open the configuration file for editing:

sudo nano /etc/openvpn/server.conf

In this file, there are several parameters that you may need to modify to suit your needs. For example, for better security, you can uncomment tls-auth line by removing the ; at the beginning of the line to ensure that the VPN client can be authenticated. Also, make sure that cipher line is set to strong encryption standards such as AES-256-CBC.

Step 4: Enable packet forwarding

For the VPN server to work, you must enable packet forwarding by modifying the /etc/sysctl.conf file. This action allows your server to act as a router, which forwards packets between networks. Open the file with the following command:

sudo nano /etc/sysctl.conf

Find the line:

#net.ipv4.ip_forward=1

Uncomment this line to enable IPv4 forwarding by removing the # sign. Save and exit the file.

Apply the changes by running the following:

sudo sysctl -p

Step 5: Configure the firewall

Set up the firewall to allow traffic over OpenVPN. This includes allowing VPN traffic through the server's firewall and forwarding it to the internet.

First, find your network interface. Run:

ip route | grep default

The command will output your default network interface name, for example, eth0. Note down this name.

Enable the firewall to allow OpenVPN and SSH traffic, and configure rules for packet forwarding. Assuming the interface is named eth0, run these commands:

sudo ufw allow ssh sudo ufw allow 1194/udp sudo ufw allow 443/tcp sudo ufw enable sudo ufw status

Add the following rules for forwarding and NAT:

sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Step 6: Generate server certificate

It is necessary to create a public key infrastructure (PKI) to issue certificates to clients. Start by setting up the PKI directory:

make-cadir ~/openvpn-ca cd ~/openvpn-ca

Edit vars file in the newly created directory to customize the certificate authority. Run:

nano vars

Replace the placeholders in the file with your relevant details.

Load variables and generate certificate authority:

source vars ./clean-all ./build-ca

Generate server key and certificate:

./build-key-server server

Generate Diffie-Hellman parameters for added security:

./build-dh

Generate HMAC signature for the server:

openvpn --genkey --secret keys/ta.key

Step 7: Start the OpenVPN server

After all the configuration is done, start and enable the OpenVPN service:

sudo systemctl start openvpn@server sudo systemctl enable openvpn@server

Check that the VPN is running:

sudo systemctl status openvpn@server

Step 8: Configure the client

Generate client certificates and keys for each device connecting to the server. In openvpn-ca directory, run:

cd ~/openvpn-ca source vars ./build-key client1

Copy the required files to the client machine:

sudo scp -r ~/openvpn-ca/keys/client1.* your_username@client_ip:/path/to/client/config

Configure the client.conf file with these settings:

client dev tun proto udp remote [Your Server IP] 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client1.crt key client1.key remote-cert-tls server tls-auth ta.key 1 cipher AES-256-CBC auth SHA256 comp-lzo verb 3

Conclusion

Setting up your own VPN server can greatly improve your online security. While commercial VPNs offer ease of use, creating your own server gives you more control over your personal data. Although setup requires some technical skills, this guide breaks down the process into simple steps to make it manageable. Protect your online presence today by setting up your own VPN server on Ubuntu.

  Share This Article

If you find anything wrong with the article content, you can request an update