Generally setting up an OpenVPN server is a daunting task for non linux Users, which can easily take 40 minutes to an hour for a first time user. However there are 2 extremely easy ways of setting it up in under 10 minutes.
Table of Contents
Method 1 : By Installing OpenVPN Access Server ( AS)
This is the easiest method that can get you a fully working server up and running in under 5 minutes. You have to just download the installation file and run it. All the basic configuration is out of the box. All the advanced configuration ( if you need), user creation, profile download etc is done via a graphical user inteface in your webbrowser, and you never have to see the command line .
There is a limitation however to the free version, you only get 2 free concurrent users for testing. If 2 users is all you want, use OpenVPN AS as this is the easiest way to install the VPN server.
Step 1.1 : Download the package
Step 1.2 : Run the installation package
You should be able to double click on the downloaded package . If you are running a headless server, or only have access to command line, then run the dpkg
command to run the installation
dpkg -i openvpn-as-2.0.5-Ubuntu10.amd_64.deb
Substituting the openvpn-as-2.0.5-Ubuntu10.amd_64.deb
for the name of the package file you have downloaded
Step 1.3 : Change Default Password
Now your OpenVPN AS has been installed for you already and a default admin user openvpn
has been created. Change the password for this user by running
passwd openvpn
Step 1.4 : Access your OpenVPN GUI, and add a user.
Open your web browser and go to https://openvpnasip:943/admin , replacing openvpnasip as your server ip. Use the default user name ‘openvpn’ and the password that you had set in step 1.3
Add one more user by visiting the user section. You can add as many users as you want, but only 2 users can be connected to the server at a time.
Step 1.5 : download the .ovpn profile
login to https://openvpnasip:943/?src=connect
Login as the user you want to connect and download the .ovpn profile for this user. Import this .ovpn profile in your OpenVPN client and connect with the respective username and password
Method 2 : By Using a containerization application
There is an excellent container by Kylemanna for docker that can be used to setup a full OpenVPN server.
Step 2.1 : Install docker if you don’t have it on your system
Though you can run
sudo apt-get install docker-ce
, it will mostly get you an old version. To get the latest version, add the docker official repository and install from there.Add Docker official GPG key
curl -fsSLhttps://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
set up the stable repository.
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
Update the apt package index.
$ sudo apt-get update
Install docker
sudo apt-get install docker-ce
Test that docker has been installed by running
docker run hello-world
Step 2.2 : Pull the image to your sytem
Copy the image to your system by running
sudo docker pull kylemanna/openvpn
Step 2.3 : Prepare your volume
You need to create a docker volume which will hold your configuration and certificates . Choose a name for the
$OVPN_DATA
volume. Save the name to the variable $OVPN_DATA
, so we can easily reference this variable.OVPN_DATA="ovpn-data-example"
Create the Volume and initialize it. It will ask a passphrase, remember this since you will need it while creating your client certificate.
docker volume create --name $OVPN_DATA
docker volume create --name $OVPN_DATA
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn
ovpn_genconfig -u udp://VPN.SERVERNAME.COM
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn ovpn_initpki
Step 2.4 : Generate client certificate and download config
Generate the client certificate with
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass
And dump a copy of the client configuration with
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn
Import
CLIENTNAME.ovpn
to your openvpn client and connect. Since we created the certificate with no pass option, you can connect without password.