How to Install & Configure OpenVPN on Ubuntu VPS

VM6 · Aug 4, 2025

🛡️ How to Install & Configure OpenVPN on Ubuntu VPS

This guide walks you through setting up a secure OpenVPN server on Ubuntu 22.04 or 20.04. Whether you're hosting your own VPN for privacy or remote access, this tutorial is designed for beginners with basic command-line experience.

Prerequisites

Ubuntu VPS (20.04 or 22.04 recommended)
Root or sudo access
SSH client (e.g., PuTTY or Terminal)

Step 1: Update Your System

Code:

sudo apt update && sudo apt upgrade -y

Step 2: Install OpenVPN and Easy-RSA

Code:

sudo apt install openvpn easy-rsa -y

Step 3: Set Up the PKI Directory

Code:

make-cadir ~/openvpn-ca
cd ~/openvpn-ca

Edit the vars file:

Code:

nano vars

Update with:

Code:

set_var EASYRSA_REQ_COUNTRY    "GB"
set_var EASYRSA_REQ_PROVINCE   "London"
set_var EASYRSA_REQ_CITY       "London"
set_var EASYRSA_REQ_ORG        "MyVPN"
set_var EASYRSA_REQ_EMAIL      "[email protected]"
set_var EASYRSA_REQ_OU         "IT"

Step 4: Generate Certificates & Keys

Code:

./easyrsa init-pki
./easyrsa build-ca
./easyrsa gen-req server nopass
./easyrsa sign-req server server
./easyrsa gen-dh
openvpn --genkey --secret ta.key

Step 5: Configure OpenVPN Server

Code:

sudo cp pki/ca.crt pki/private/server.key pki/issued/server.crt pki/dh.pem ta.key /etc/openvpn/server/
sudo nano /etc/openvpn/server/server.conf

Paste:

Code:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1

Step 6: Enable IP Forwarding

Code:

sudo nano /etc/sysctl.conf

Uncomment:

Code:

net.ipv4.ip_forward=1

Apply:

Code:

sudo sysctl -p

Step 7: Configure UFW Firewall

Code:

sudo ufw allow 1194/udp
sudo ufw allow OpenSSH
sudo nano /etc/ufw/before.rules

Add before *filter:

Code:

*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT

Edit default:

Code:

sudo nano /etc/default/ufw

Change:

Code:

DEFAULT_FORWARD_POLICY="ACCEPT"

Reload:

Code:

sudo ufw disable
sudo ufw enable

Step 8: Start OpenVPN

Code:

sudo systemctl start openvpn-server@server
sudo systemctl enable openvpn-server@server

📲 Step 9: Create Client Certificates

Code:

cd ~/openvpn-ca
./easyrsa gen-req client1 nopass
./easyrsa sign-req client client1

Step 10: Build Client Config (.ovpn)
Transfer `client1.crt`, `client1.key`, `ca.crt`, and `ta.key` to your device. Then create:

Code:

client
dev tun
proto udp
remote YOUR_VPS_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
tls-auth ta.key 1
cipher AES-256-CBC
auth SHA256
verb 3

You're now running your own secure VPN on Ubuntu! 🔒

How to Install & Configure OpenVPN on Ubuntu VPS

VM6

New Member

Navigation