In this article, we will go over step-by-step instructions on how to install OpenVPN on an Ubuntu 18.04 VPS.
A Virtual Private Network or VPN for short is a networking service that routes your network traffic through a server. With this, all of your network connections will be disguised as though they originate from the VPN server’s connection. The destination address can’t know your real location, thus providing both privacy and safety online. VPNs are also used by corporations and enterprise environments to enable a secure private network to protect their important data.
OpenVPN is a VPN protocol which defines how the data is transmitted over a VPN. Other common protocols are PTP, L2TP, SSTP, and IKEV2.
OpenVPN provides the most secure connection among other protocols as it provides secure authentication (such as the use of certificates and keys) as well as using up-to-date encryption algorithms. On top of this, OpenVPN is open-source software powered by thousands of developers from different communities. It is distributed under the GNU GPL license. Let’s begin with the installation.
Table of Contents
Prerequisites:
For this tutorial, it is recommended to use a fresh Ubuntu 18.04 VPS installation.
Please make sure that your server meets the following minimum hardware and software requirements:
Hardware:
- 1 CPU Core
- 512MB of RAM
- 5GB of free disk space
Software:
- Ubuntu 18.04
- 1 Dedicated IP address
- Full root access, or access to an account with sudo privileges
Step 1: Log in, Check for Updates and Install Dependencies
Log in to your server via SSH:
ssh username@server_ip_address -p port_number
Be sure to replace “username” with the account name of a root user found on the server (or the root user itself), and replace “server_ip” with the IP address and “port_number” with the SSH port number of your server.
Before starting with the installation, it is recommended to update all installed Ubuntu packages to their latest versions to maximize compatibility:
apt-get update apt-get upgrade
Ensure the required dependencies are installed by running the following command:
apt-get install software-properties-common build-essential -y
Step 2: Install OpenVPN Using an Install Script
Fortunately, there are open-source scripts available from GitHub that provide a hassle-free and customizable installation of OpenVPN.
You can check more details about the script.
1. Download the script and change permission
cd /opt curl -O https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh chmod +x openvpn-install.sh
2. Running the script
Once downloaded and correct permissions have been applied, we can activate the script by typing:
./openvpn-install.sh
During installation, several questions will be asked and we will tackle them one by one.
1. IP address – this will be your server’s public IP address.
2. Do you want to enable IPv6 support (NAT)? [y/n]: n – For now, IPv4 will do.
3. What port do you want OpenVPN to listen to? [1-3]: 1 – the default port for the OpenVPN server is 1194.
4. What protocol do you want OpenVPN to use? [1-2]: 1 – Both TCP and UDP are protocols for sending packets on the internet. The main difference is that TCP has error checking while UDP does not. UDP is recommended by the installer since it provides a faster connection. It is mostly used for streaming and gaming. For other purposes, we recommend using TCP to avoid data loss.
5. What DNS resolvers do you want to use with the VPN?: 3 – For this, we recommend Google’s DNS but this is a personal choice.
6. Do you want to use compression?: n – To avoid some vulnerabilities, it is best to disable compression.
7. Do you want to customize encryption settings? y – For the sake of this tutorial, we will go through the encryption settings to provide insights about encryption that will be used by our OpenVPN server.
8. Choose which cipher you want to use for the data channel: 1 [AES] – AES is currently the fastest cipher available for OpenVPN. The recommended value is AES-128-GCM. You may notice that AES-256-GCM is also available but that provides slower performance.
9. Choose what kind of certificate you want to use: 1 [ECDSA] – RSA has gained his popularity due to its performance, maturity, and compatibility for most of the applications but in today’s security, ECDSA provides a higher key size, is scalable, and is the future of certificates.
10. Choose which curve you want to use for the certificate’s key: 1 [prime256v1] – Since the release of OpenVPN 2.4, Elliptic-curve Diffie–Hellman or ECDH keys are now supported.
11. Choose which cipher you want to use for the control channel: 1 [ECDHE-ECDSA-AES-128-GCM-SHA256] – Again, 128 bits key is secure enough and still provides better performance.
12. Choose what kind of Diffie-Hellman key you want to use: 1 [ECDH] – ECDH is being used by modern standards.
13. Choose which curve you want to use for the ECDH key: 1 [prime256v1] – A 256-bit key should be enough.
14. Which digest algorithm do you want to use for HMAC?: 1 [SHA256] – Again, a 256-bit key should be enough and is the sweet spot for security and performance.
15. An additional layer of security to the control channel: 1 [tls-crypt] – For increased security, we should choose tls-crypt over tls-auth as it also encrypts the TLS stack.
Step 3: Creating our First OpenVPN Server-Client Configuration
After answering the following questions, we will now proceed with the client information.
Example:
- Client name: client1
- Do you want to protect the configuration file with a password?: 2 – You will be required to enter a passphrase.
Once done, you will be provided by the location of the client OVPN settings which you can find at /root/[client name].ovpn
.
We can now download the configuration via SFTP using an FTP client and import it onto an OpenVPN client.
If you need to add a new client/user, you may run the script again and it will provide the following options:
What do you want to do? 1) Add a new user 2) Revoke existing user 3) Remove OpenVPN 4) Exit Select an option [1-4]:
That’s it – you now have a working OpenVPN server on your Ubuntu 18.04 server which can protect your privacy online.
Of course, you don’t have to install OpenVPN on an Ubuntu 18.04 VPS if you use one of our OpenVPN Hosting services. OpenVPN will be automatically set up for you by our expert Linux system administrators. They are available 24/7 and will be able to help you with the installation.
PS. If you enjoyed reading this blog post on how to install OpenVPN on Ubuntu 18.04, feel free to share it on social networks using the shortcuts below, or simply leave a comment in the comments section. Thanks.