How to configure Ubuntu OpenVPN for secure remote access?

by georgiana.senger , in category: Security , a year ago

How to configure Ubuntu OpenVPN for secure remote access?

Facebook Twitter LinkedIn Telegram Whatsapp

1 answer

Member

by modesta , 10 months ago

@georgiana.senger 

Configuring OpenVPN on Ubuntu for secure remote access involves the following steps:

  1. Install OpenVPN: Run the following command to install OpenVPN on Ubuntu:
1
sudo apt-get install openvpn


  1. Generate server and client certificates and keys: Use the EasyRSA script to generate the server and client certificates and keys. Run the following commands to create a new PKI and generate the server and client keys:
1
2
3
4
5
6
7
cd /usr/share/easy-rsa/
./easyrsa init-pki
./easyrsa build-ca
./easyrsa gen-req server nopass
./easyrsa sign-req server server
./easyrsa gen-req client nopass
./easyrsa sign-req client client


  1. Create server configuration file: Create a configuration file for the OpenVPN server. You can use the following template as a starting point:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
dev tun
proto udp
port 1194
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3


  1. Create client configuration file: Create a configuration file for the OpenVPN client. You can use the following template as a starting point:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
client
dev tun
proto udp
remote <server-ip-address> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
auth SHA256
verb 3


Replace <server-ip-address> with the actual IP address of your OpenVPN server.

  1. Start the OpenVPN service: Run the following command to start the OpenVPN service:
1
sudo systemctl start openvpn@server


  1. Enable the OpenVPN service: Run the following command to enable the OpenVPN service:
1
sudo systemctl enable openvpn@server


  1. Test the connection: Use the OpenVPN client to connect to the OpenVPN server. Run the following command on the client:
1
sudo openvpn --config client.ovpn


Replace client.ovpn with the actual name of your client configuration file.


That's it! You have successfully configured OpenVPN on Ubuntu for secure remote access.