Cart Icon

How to Set Up a VPN Server on Linux

Facebook
Twitter
LinkedIn
Reddit
Email

A VPN (Virtual Private Network) provides a secure, encrypted connection between your devices and the internet. By setting up your own VPN server with OpenVPN, you can ensure privacy, bypass content restrictions, and protect your data from unauthorized access. This guide will walk you through the process of setting up an OpenVPN server on your Linux system.

Using OpenVPN

Step 1: Open Terminal

Open the terminal by pressing Ctrl + Alt + T on your keyboard or by searching for it in the applications menu.

Step 2: Install OpenVPN and Easy-RSA

On Debian/Ubuntu-based systems:

sudo apt update && sudo apt install openvpn easy-rsa

On Fedora/RPM-based systems:

sudo dnf update && sudo dnf install openvpn easy-rsa

Step 3: Set Up Certificate Authority (CA)

A Certificate Authority (CA) is necessary to generate and sign certificates for your VPN server and clients. To set up a CA, follow these steps:

Create a directory for your CA:

mkdir -p ~/easy-rsa && cp -r /usr/share/easy-rsa/* ~/easy-rsa/

Edit the vars file to customize your CA:

nano ~/easy-rsa/vars

Modify the following lines to match your organization’s information:

export KEY_COUNTRY=”US”
export KEY_PROVINCE=”CA”
export KEY_CITY=”SanFrancisco”
export KEY_ORG=”YourOrganization”
export KEY_EMAIL=”you@example.com”
export KEY_OU=”MyOrganizationalUnit”

Save the file and exit the text editor.

Initialize the CA and generate the necessary files:

cd ~/easy-rsa && source ./vars && ./clean-all && ./build-ca

Step 4: Create Server Certificate and Key

To create the server certificate and key, execute the following command:

./build-key-server server

When prompted, confirm that you want to sign the certificate and commit the changes.

Step 5: Generate Diffie-Hellman Parameters

Diffie-Hellman parameters are used to establish a secure connection between the server and clients. Generate the parameters with this command:

./build-dh

Step 6: Configure OpenVPN Server

Copy the necessary files to the OpenVPN directory:

sudo cp ~/easy-rsa/keys/{ca.crt,server.crt,server.key,dh.pem} /etc/openvpn/

Create a new OpenVPN server configuration file:

sudo nano /etc/openvpn/server.conf

This example uses nano. You can use the text editor of your choice.

Add the following lines to the file:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.8.0.0 255.255.255.0
push “redirect-gateway def1 bypass-dhcp”
push “dhcp-option DNS 208.67.222.222”
push “dhcp-option DNS 208.67.220.220”
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

Save the file and exit the text editor.

Step 7: Enable IP Forwarding

To allow VPN traffic to be forwarded between the server and clients, enable IP forwarding:

sudo nano /etc/sysctl.conf

Uncomment or add the following line:

net.ipv4.ip_forward = 1

Save the file and exit the text editor. Apply the changes with the following command:

sudo sysctl -p

Step 8: Configure Firewall Rules

Adjust your firewall settings to allow VPN traffic and enable NAT for IP forwarding:

On Debian/Ubuntu-based systems:

sudo ufw allow 1194/udp && sudo nano /etc/ufw/before.rules

Add the following lines at the beginning of the file:

*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT

Replace eth0 with the name of your network interface, if necessary. Save the file and exit the text editor.

On Fedora/RPM-based systems:

sudo firewall-cmd –add-service=openvpn && sudo firewall-cmd –add-masquerade && sudo firewall-cmd –permanent –add-service=openvpn && sudo firewall-cmd –permanent –add-masquerade

Step 9: Start and Enable OpenVPN Service

Start and enable the OpenVPN service:

sudo systemctl start openvpn@server && sudo systemctl enable openvpn@server

Step 10: Create Client Certificates and Configuration Files

For each client that will connect to your VPN server, create a client certificate and configuration file:

Generate a client certificate:

cd ~/easy-rsa && ./build-key client1

Replace client1 with a unique name for each client.

Create a client configuration file:

sudo mkdir -p /etc/openvpn/client-configs && sudo nano /etc/openvpn/client-configs/client1.ovpn

Add the following lines to the file:

client
dev tun
proto udp
remote YourServerPublicIP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
verb 3
<ca>

Copy the contents of ca.crt from ~/easy-rsa/keys/ca.crt and paste it after the <ca> line. Add the following lines:

</ca>
<cert>

Copy the contents of client1.crt from ~/easy-rsa/keys/client1.crt and paste it after the <cert> line.

Add the following lines:

</cert>
<key>

Copy the contents of client1.key from ~/easy-rsa/keys/client1.key and paste it after the <key> line.

Add the following line:

</key>

Save the file and exit the text editor.

Step 11: Distribute Client Configuration Files

Distribute the client configuration files to your clients. They can use these files to connect to the VPN server using an OpenVPN client application.

Conclusion

You have now successfully set up an OpenVPN server on your Linux system. By following this guide, you can provide secure, encrypted connections for your devices and protect your data from unauthorized access.

Please Leave Feedback and Corrections in the Comments

More to Explore

Table of Contents

Leave a Reply

Your email address will not be published. Required fields are marked *

What our customers say:

"MALIBAL is simply put the best kept secret in laptop computers." -Trigrhappy
"Best interaction I've ever had while buying something online." -Dale P.
"The final product is practically a work of art." -Nicholas H.
"The absolute best company I have ever dealt with." -Sean O.
"Best laptop I have ever purchased." -Kevin W.
"My new laptop is the best purchase I've ever made." -Liam H.
"The best computer I have ever owned." -Kent S.
"Easily the best laptop I have ever owned." -Sealaction13
"This is the absolute best laptop I have ever owned." -Derek I.
"This is by far the best laptop I ever bought." -Ludwig H.
"My laptop is by far the best I have ever had or seen." -Nicholas R.
"This is the best custom built laptop I've ever had." -Hal L.
Shop

Laptops

Linux

Windows

Quick Ship

Learn

About Us

Open Source

Right to Repair

Linux

Guides

Features

Help

My Account

Track Your Order

FAQ

Returns/Exchange

Knowledge Base

Open A Ticket

Links

Privacy Policy

Terms & Conditions

Contact Us

Affiliate Program

Site Map

Copyright © 2004-2022 MALIBAL All Rights Reserved.

What are you looking for?

Type in a question or keyword below

Frequently Asked Questions

Do you have any discounts or coupons?

All of our current discounts and deals are listed under the “Promotions” category at the top of the configuration page for each laptop.

 

What is your return policy?

Any laptop purchased from MALIBAL.COM may be returned or exchanged only in accordance with MALIBAL’S return policy in effect on the date of the invoice or acknowledgment. You must contact us directly before you attempt to return a laptop in order to obtain a Return Material Authorization Number for you to include with your return. You must return the laptop to us in its original packaging and condition with all included manuals, discs, accessories etc.

 

Do you offer any military or student discounts?

We don’t offer any military or student discounts at this time.

 

How much is shipping and tax to my state or country?

Shipping costs are determined by cost of notebook and location. Please add a notebook to the cart and then click the, “Estimated Shipping Charges,” link at the bottom of the cart page. Within the US, there are no taxes outside of Nevada. Nevada residents are subject to 8.10% sales tax. For customers outside the US, you will have to pay your local VAT (Value Added Tax) to customs once the notebook arrives in your country.

 

When is my order shipping?

Laptops usually ship out within 5-7 business days after the order is placed. We also offer rush service (1-3 business days) for $50. Once your laptop ships out we will email the tracking number so that you can see the estimated arrival date. Someone will need to be at the address to sign for the package.

 

How do I check the status of my order?

We will send you emails and texts with status updates as your order progresses through the different stages.

 

How do I cancel an order?

You may cancel an order any time up until it ships. After it ships, you will not be able to cancel it, but will instead have to use our return policy in order to return the laptop for a refund. To cancel an order, simply open a sales ticket or sales chat and give the representative your order information, and they will cancel the order for you and send you confirmation via email and text.

 

How do I make a change to my order?

You may make changes to your order up until it ships. To modify an order, simply open a sales ticket or sales chat and give the representative your order information and specify which changes you want to make. Please note: You cannot change the shipping address on an order.

 

Do you price match?

We do not currently offer any price matching.

 

How do I track my order after it ships?

You can view your tracking status via the order page in your account.

 

Who is MALIBAL?

MALIBAL is an innovative technology company that produces high-performance, custom linux laptops for developers and content creators; mobile workstations for engineers, scientists, video editors, 3D modelers, and animators; and mobile servers for enterprise applications.

On our site, you will find information about the best custom linux laptops, such as our Aon S1 and Aon L1 models, our customers, new articles, latest news, guides, features, and more.