How To Set Up an OpenVPN Server on Linux
Want to access the Internet safely and securely from your smartphone or laptop when connected to an untrusted network such as the WiFi of a hotel or coffee shop? A Virtual Private Network (VPN) allows you to traverse untrusted networks privately and securely as if you were on a private network. The traffic emerges from the VPN server and continues its journey to the destination.
When combined with HTTPS connections, this setup allows you to secure your wireless logins and transactions. You can circumvent geographical restrictions and censorship, and shield your location and any unencrypted HTTP traffic from the untrusted network.
OpenVPN is a full-featured, open-source Secure Socket Layer (SSL) VPN solution that accommodates a wide range of configurations. In this tutorial, you will set up an OpenVPN server on an Ubuntu 18.04 server and then configure access to it from Windows, macOS, iOS and/or Android. This tutorial will keep the installation and configuration steps as simple as possible for each of these setups.
Note :This guide describes how to install and configure OpenVPN server in RPM and DEB based systems.
Why Use a Linux VPN Server
VPN comes with certain benefits. Few of these are highlighted below:
- Security – VPN provides better and stronger protection since all data is encrypted. This provides additional security as compared to Firewalls.
- Remote Access – to ensure high security, many organizations, government and defense offices allow remote access only through their VPN
- ISP encryption – ISP stands for Internet service provider. If you use a public Wi-Fi connection, the ISP can read all your unencrypted data. By using a VPN, you can keep your data secure and encrypted by not allowing even the ISP to read it.
- Anonymity – a VPN lets users maintain anonymity while browsing over the Internet. The IPs are not traceable.
- IP Change – VPN allows users to change their IPs and browse safely. This in certain cases is used in regions that have location-based restrictions
- Unblock websites – certain websites are blocked in a few geographical regions. A VPN maintains anonymity and hence is commonly used to bypass Internet censorship to unblock websites
- Throttling – certain ISPs throttle user bandwidth based on the content. Such throttling can be avoided by using a VPN
At a higher level, a VPN makes your transactions secure by using encryption.
Having showed you the benefits of a VPN, here we will demonstrate how to set up and install OpenVPN software on Linux. We’ll cover the setup of a Linux VPN server using OpenVPN and how to connect it to Windows, Android and other devices. And if you want to learn more about the OpenVPN protocol, I suggest you reading this OpenVPN review.
- You should have root access or sudo privileges
- Should not have OpenVPN pre-installed
- The firewall should allow TCP traffic over port 943 and UDP traffic over port 1194. We recommend using UFW.
First, let’s update the system. For CentOS use:
# yum -y update
For Ubuntu and Debian update the indexes using:
$ sudo apt update
To install OpenVPN you will require a net-tools package. Install this if you do not have it preinstalled. The net-tools package contains ifcfg which is needed for OpenVPN server installation.
You can install this for CentOS using:
# yum install net-tools
For Ubuntu and Debian, you can use the below command:
# sudo apt install net-tools
You can download an OpenVPN client for your distribution from the OpenVPN website.
You can get the link from here and use it along with the curl command. A sample
curl command for Ubuntu is as shown below:
$ curl -O http://swupdate.openvpn.org/as/openvpn-as-2.5.2-Debian9.amd_64.deb
For CentOS the
curl command will be:
# curl -O http://swupdate.openvpn.org/as/openvpn-as-2.7.3-CentOS7.x86_64.rpm
Here you can add the URL to your distribution. To validate that the correct installation is downloaded, print the SHA256 checksum. You can use the below command:
# sha256sum openvpn-as-*
This will print the checksum as shown below:
You can compare this downloaded binary’s checksum with the one provided on the website. If the checksum matches install the previously downloaded binary.
To install in CentOS use:
# rpm --install openvpn-as-*.rpm
Similarly, in Ubuntu and Debian you can use the below command in the command line:
$ sudo dpkg -i openvpn-as-*.deb
This will take some time to install. Once the installation is complete you will be shown the Admin UI and the Client UI details. By default, an openvpn user will be created during this installation. You can set the password for this user using:
This will set your new password. Remember the password since it will be used to log in. Use the admin URL to login and finish the installation process. In our case, the admin URL is – https://IP:943/admin. Normally the URL is simply your VPS address, the :943 port with /admin at the end, as in the example.
You will be able to see a screen as shown below:
The username – as mentioned before – is openvpn and the password is the one you just set for this user. Once you login you will be able to see a Terms and Conditions page. Read it and press the Agree button to proceed. The next page will provide you with configuration details and indicate that the server is status.
The default settings are good enough and can allow MacOS, Linux, Windows, Android, and iOS to connect to the Linux VPN server. In case you want to change any settings, make sure to click Apply and Update Running Server to enable the changes.
This completes the default installation. Next, we will set up the OpenVPN tunnel.
Set up a Linux VPS Server with OpenVPN for Tunnelling
Enable IP forwarding in your kernel by using the below command:
$ echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.d/99-sysctl.conf
This enables traffic forwarding over IPv4. To apply these changes, use the below command:
$ sudo sysctl -p
OpenVPN does not support simultaneous tunnels over IPv6 and IPv4, so you can disable IPv6 using:
$ sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
$ sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1
To disable IPv6 manually, add the below parameters to be set on boot. These parameters should be added to the 99-sysctl.conf file located at /etc/sysctl.d/. Simply use the
cd command to access the folder, and use your preferred text editor to edit the file. Remember to save the changes made!
net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 net.ipv6.conf.eth0.disable_ipv6 = 1
Next, you can activate the new settings by using:
$ sysctl -p
Next, in the file hosts located at /etc/ comment the IPv6 resolution line as shown below:
#::1 localhost ip6-localhost ip6-loopback
With this, we have disabled IPv6. Next login again to the Admin server URL and go to the VPN settings.
In the Routing section, the option Should VPN clients have access to private subnets (non-public networks on the server side)? should be set as No:
The option Should client Internet traffic be routed through the VPN? should be set to Yes.
To avoid any DNS leak, alter the DNS resolver settings. Select the Have clients to use the same DNS servers as the Access Server host
Save these settings and don’t forget to click Update Running Server. You can restart the OpenVPN server by using the Status tab from the Admin console. From here, you can stop the server and then start it again.
This completes our set up for OpenVPN server. Next, we can check the client installations.
How to Connect Your Linux VPN Server to Other Devices with OpenVPN
Now that your server is up and running, we can connect some devices to it! We’ll cover the most popular operating system options:
How to Install and Connect the OpenVPN Client for Windows
Open the OpenVPN client URL, you will be able shown links to client downloads for different operating systems.
Choose the Windows version and run the installation.
Once the installation is complete, you will be prompted for the OpenVPN username and password. The server IP will be auto-populated.
You can use the OpenVPN icon from your Windows taskbar to disconnect, reconnect and view connection status.
How to Install and Connect the OpenVPN Client for MacOS
Connect to the OpenVPN Client UI and click the link to download the OpenVPN software for MacOS. Once this package is downloaded, a window will open with the installer package icon.
Follow the standard procedure of MacOS application installation.
Double click on this installer icon and click Open to run the installation.
Once the installation is complete, you will be able to see the OpenVPN icon on your macOS taskbar. You can right click on this icon to see the different options. From here you can connect to OpenVPN.
Once you click the Connect to option, you will see a popup prompting for the OpenVPN username and password. Here you should enter the credentials and click on Connect to establish the Linux VPN server connection.
How to Install and Connect the OpenVPN Client for Linux
The client installation for Linux is slightly different. Download and install the OpenVPN client software on CentOS using the below command:
# yum install OpenVPN
Similarly, you can install the OpenVPN client software on Debian or Ubuntu using the below command:
$ sudo apt-get install openvpn
Open the OpenVPN client UI and download the appropriate profile for your OS. Alternatively, you can use wget or curl command and provide the URL to download the software.
Copy the downloaded profile to location /etc/openvpn and rename it to client.conf. You can start the OpenVPN Tunnel service where you will be prompted for the username and password. You can start the operation by using:
$ sudo service openvpn start
You can use ipconfig or ip addr to view the network connections. Once the VPN interface is available, you will see a tun0 interface added to the existing list shown in the output.
How to Install and Connect the OpenVPN Client for Android
First, go to the Google Play store and search for OpenVPN Connect. Install the OpenVPN Connect app.
Once opened, it will display three options – Private Tunnel, Access Server, and OVPN Profile.
Select Access Server and fill in all the details manually:
- Title – set your preferred name for the connection
- Access Server Hostname – the IP of your Linux VPN server
- Port – the port 934 of your Linux VPN server
- Username – the username set on your server – openvpn by default
- Password – the password you set in the console while setting up the Linux VPN Server in the terminal environment
Or alternatively, you can import the .ovpn file for the profile. You can get the connection profile from the client UI.
How to Install and Connect the OpenVPN Client for iOS
Similar to Android devices you can install OpenVPN software from the App Store.
Complete the installation and open the newly installed app. It will ask you to fill in the profile information, or upload the profile file same as the Android version.
Once they are added, you can start using OpenVPN on your iPhone or iPad.
Linux VPN Server Compression Settings
In case you are connected to the VPN and are not able to browse the Internet, you can check the OpenVPN logs at /var/log/openvpnas.log in your VPS. In case you find entries similar to the one shown below, you’re most likely experiencing compression issues:
2019-02-23 18:24:05+0800 [-] OVPN 11 OUT: 'Mon Mar 23 08:59:05 2019 guest/184.108.40.206:55385 Bad compression stub decompression header byte: 251'
To resolve this, you can disable compression. This can be done from the Admin UI. Open the Admin UI and click Advanced VPN.
Go to Default Compression Settings. Here turn off the option Support compression on client VPN connections.
Apply the changes, and click on the Update Running Server option. The issue should be solved.
Add Users to a Linux VPN Server Running OpenVPN
The free OpenVPN client supports two users. To create more users, you would need to select any of the paid plans. You can add additional users from the admin UI. Navigate to the User Management tab, and click the User Permissions link.
Enter the new username as shown below:
For this new user configure additional settings by clicking the More Settings link. Here you can provide the password and other details.
Save these settings and click on Update Running Server option.
Set Up Auto-login Profiles for a Linux VPN Server with OpenVPN
With OpenVPN, you can also configure auto-login profiles. This will cause all your non-local traffic to be routed via a VPN automatically. In case you want to manually enable or disable the VPN you can use User or Server locked profiles.
To set the auto-login, open the Admin UI, then select the User Permissions link. Here you can select the checkbox for Allow Auto-login.
How to Test a Linux VPN Server running OpenVPN
To test if OpenVPN works as expected, connect the VPN client and check your IP address. You can use the DNS leak test website from the browser. It should show you the OpenVPN server’s IPv4 address.
Next, you can choose Extended test. The test should output the IPs for the DNS resolver you chose for your client device.
You can also confirm the traffic is not using IPv6. To check this, you can use the IPv6 test website. This should again display the server IP and will show a message stating that no IPv6 address was detected.
In this tutorial, you learned how to set up a Linux VPN server running OpenVPN and how to connect it using various clients like Windows, Linux, Android, iPhone or iPad, and MacOS.
You are now securely traversing the internet protecting your identity, location, and traffic from snoopers and censors