- April 20, 2023
- 3:57 pm
- No Comments
How to Set Up a VPN Server on Linux
A VPN (Virtual Private Network) provides a secure, encrypted connection between your devices and the internet. By setting up your own VPN server with OpenVPN, you can ensure privacy, bypass content restrictions, and protect your data from unauthorized access. This guide will walk you through the process of setting up an OpenVPN server on your Linux system.
Using OpenVPN
Step 1: Open Terminal
Open the terminal by pressing Ctrl + Alt + T on your keyboard or by searching for it in the applications menu.
Step 2: Install OpenVPN and Easy-RSA
On Debian/Ubuntu-based systems:
sudo apt update && sudo apt install openvpn easy-rsa
On Fedora/RPM-based systems:
sudo dnf update && sudo dnf install openvpn easy-rsa
Step 3: Set Up Certificate Authority (CA)
A Certificate Authority (CA) is necessary to generate and sign certificates for your VPN server and clients. To set up a CA, follow these steps:
Create a directory for your CA:
mkdir -p ~/easy-rsa && cp -r /usr/share/easy-rsa/* ~/easy-rsa/
Edit the vars file to customize your CA:
nano ~/easy-rsa/vars
Modify the following lines to match your organization’s information:
export KEY_COUNTRY=”US”
export KEY_PROVINCE=”CA”
export KEY_CITY=”SanFrancisco”
export KEY_ORG=”YourOrganization”
export KEY_EMAIL=”you@example.com”
export KEY_OU=”MyOrganizationalUnit”
Save the file and exit the text editor.
Initialize the CA and generate the necessary files:
cd ~/easy-rsa && source ./vars && ./clean-all && ./build-ca
Step 4: Create Server Certificate and Key
To create the server certificate and key, execute the following command:
./build-key-server server
When prompted, confirm that you want to sign the certificate and commit the changes.
Step 5: Generate Diffie-Hellman Parameters
Diffie-Hellman parameters are used to establish a secure connection between the server and clients. Generate the parameters with this command:
./build-dh
Step 6: Configure OpenVPN Server
Copy the necessary files to the OpenVPN directory:
sudo cp ~/easy-rsa/keys/{ca.crt,server.crt,server.key,dh.pem} /etc/openvpn/
Create a new OpenVPN server configuration file:
sudo nano /etc/openvpn/server.conf
This example uses nano. You can use the text editor of your choice.
Add the following lines to the file:
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.8.0.0 255.255.255.0
push “redirect-gateway def1 bypass-dhcp”
push “dhcp-option DNS 208.67.222.222”
push “dhcp-option DNS 208.67.220.220”
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
Save the file and exit the text editor.
Step 7: Enable IP Forwarding
To allow VPN traffic to be forwarded between the server and clients, enable IP forwarding:
sudo nano /etc/sysctl.conf
Uncomment or add the following line:
net.ipv4.ip_forward = 1
Save the file and exit the text editor. Apply the changes with the following command:
sudo sysctl -p
Step 8: Configure Firewall Rules
Adjust your firewall settings to allow VPN traffic and enable NAT for IP forwarding:
On Debian/Ubuntu-based systems:
sudo ufw allow 1194/udp && sudo nano /etc/ufw/before.rules
Add the following lines at the beginning of the file:
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
Replace eth0 with the name of your network interface, if necessary. Save the file and exit the text editor.
On Fedora/RPM-based systems:
sudo firewall-cmd –add-service=openvpn && sudo firewall-cmd –add-masquerade && sudo firewall-cmd –permanent –add-service=openvpn && sudo firewall-cmd –permanent –add-masquerade
Step 9: Start and Enable OpenVPN Service
Start and enable the OpenVPN service:
sudo systemctl start openvpn@server && sudo systemctl enable openvpn@server
Step 10: Create Client Certificates and Configuration Files
For each client that will connect to your VPN server, create a client certificate and configuration file:
Generate a client certificate:
cd ~/easy-rsa && ./build-key client1
Replace client1 with a unique name for each client.
Create a client configuration file:
sudo mkdir -p /etc/openvpn/client-configs && sudo nano /etc/openvpn/client-configs/client1.ovpn
Add the following lines to the file:
client
dev tun
proto udp
remote YourServerPublicIP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
verb 3
<ca>
Copy the contents of ca.crt from ~/easy-rsa/keys/ca.crt and paste it after the <ca> line. Add the following lines:
</ca>
<cert>
Copy the contents of client1.crt from ~/easy-rsa/keys/client1.crt and paste it after the <cert> line.
Add the following lines:
</cert>
<key>
Copy the contents of client1.key from ~/easy-rsa/keys/client1.key and paste it after the <key> line.
Add the following line:
</key>
Save the file and exit the text editor.
Step 11: Distribute Client Configuration Files
Distribute the client configuration files to your clients. They can use these files to connect to the VPN server using an OpenVPN client application.
Conclusion
You have now successfully set up an OpenVPN server on your Linux system. By following this guide, you can provide secure, encrypted connections for your devices and protect your data from unauthorized access.
Please Leave Feedback and Corrections in the Comments
More to Explore
How to Set Up and Use a Basic Firewall on Linux
UFW (Uncomplicated Firewall) is a user-friendly front-end for managing iptables firewall rules on Linux systems.
How to Install and Use a Terminal Multiplexer on Linux
A terminal multiplexer is a powerful command-line utility that enables users to manage multiple terminal sessions.
How to Set Up a Basic Samba Server on Linux
Samba is a popular open-source software suite that provides seamless file and print services to SMB/CIFS clients.
How to Create and Manage Users and Groups on Linux
User and group management is an essential aspect of maintaining a secure and organized Linux system.
How to Install and Configure a LAMP Stack on Linux
A LAMP stack is a popular software bundle consisting of Linux, Apache, MySQL, and PHP, used for hosting and deploying web applications.
How to Set Up and Use SSH Key Authentication on Linux
Secure Shell (SSH) is a widely used protocol for secure remote access and management of Linux servers.
How to Create and Manage Cron Jobs on Linux
Cron jobs are a feature on Linux that enables users to automate repetitive tasks by scheduling scripts or commands to run at specific intervals.
What is Kubernetes?
Kubernetes is an open-source container orchestration platform that automates the management of containerized applications.
How to Access Google Drive on Ubuntu
Google Drive has become an essential tool for many users, allowing them to store and access files in the cloud and collaborate with others.