@georgiana.senger
Configuring OpenVPN on Ubuntu for secure remote access involves the following steps:
- Install OpenVPN: Run the following command to install OpenVPN on Ubuntu:
1
|
sudo apt-get install openvpn
|
- Generate server and client certificates and keys: Use the EasyRSA script to generate the server and client certificates and keys. Run the following commands to create a new PKI and generate the server and client keys:
1
2
3
4
5
6
7
|
cd /usr/share/easy-rsa/
./easyrsa init-pki
./easyrsa build-ca
./easyrsa gen-req server nopass
./easyrsa sign-req server server
./easyrsa gen-req client nopass
./easyrsa sign-req client client
|
- Create server configuration file: Create a configuration file for the OpenVPN server. You can use the following template as a starting point:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
dev tun
proto udp
port 1194
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
|
- Create client configuration file: Create a configuration file for the OpenVPN client. You can use the following template as a starting point:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
client
dev tun
proto udp
remote <server-ip-address> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
auth SHA256
verb 3
|
Replace <server-ip-address>
with the actual IP address of your OpenVPN server.
- Start the OpenVPN service: Run the following command to start the OpenVPN service:
1
|
sudo systemctl start openvpn@server
|
- Enable the OpenVPN service: Run the following command to enable the OpenVPN service:
1
|
sudo systemctl enable openvpn@server
|
- Test the connection: Use the OpenVPN client to connect to the OpenVPN server. Run the following command on the client:
1
|
sudo openvpn --config client.ovpn
|
Replace client.ovpn
with the actual name of your client configuration file.
That's it! You have successfully configured OpenVPN on Ubuntu for secure remote access.