{"id":7039,"date":"2025-04-11T16:38:46","date_gmt":"2025-04-11T16:38:46","guid":{"rendered":"https:\/\/www.ktchost.com\/blog\/?p=7039"},"modified":"2025-04-11T16:38:49","modified_gmt":"2025-04-11T16:38:49","slug":"step-by-step-guide-to-installing-openvpn-on-ubuntu-vps","status":"publish","type":"post","link":"https:\/\/www.ktchost.com\/blog\/step-by-step-guide-to-installing-openvpn-on-ubuntu-vps\/","title":{"rendered":"Step-by-Step Guide to Installing OpenVPN on Ubuntu VPS"},"content":{"rendered":"\n<p>Here\u2019s a complete blog post to install your first OpenVPN<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">\ud83c\udf10 Step-by-Step Guide to Installing OpenVPN on Ubuntu VPS<\/h1>\n\n\n\n<p>Setting up your own VPN server gives you full control over your privacy and network security. In this guide, we\u2019ll walk through <strong>installing and configuring OpenVPN<\/strong> on an <strong>Ubuntu VPS<\/strong>\u2014step by step, with commands and results.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u2705 Prerequisites<\/h2>\n\n\n\n<p>Before you begin, make sure you have the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A <strong>Ubuntu 20.04 or 22.04 VPS<\/strong> (other versions may work too).<\/li>\n\n\n\n<li><strong>Root or sudo access<\/strong> to your VPS.<\/li>\n\n\n\n<li>An active internet connection.<\/li>\n\n\n\n<li>A basic understanding of Linux commands.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udee0\ufe0f Step 1: Update the System<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update &amp;&amp; sudo apt upgrade -y\n<\/code><\/pre>\n\n\n\n<p><strong>Result:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Packages upgraded successfully.\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83e\uddf0 Step 2: Install OpenVPN and Easy-RSA<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install openvpn easy-rsa -y\n<\/code><\/pre>\n\n\n\n<p><strong>Result:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>OpenVPN and Easy-RSA packages installed.\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udcc2 Step 3: Set Up the PKI (Public Key Infrastructure)<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>make-cadir ~\/openvpn-ca\ncd ~\/openvpn-ca\n<\/code><\/pre>\n\n\n\n<p>Edit <code>vars<\/code> file:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>nano vars\n<\/code><\/pre>\n\n\n\n<p>Update values like:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>set_var EASYRSA_REQ_COUNTRY    \"IN\"\nset_var EASYRSA_REQ_PROVINCE   \"MH\"\nset_var EASYRSA_REQ_CITY       \"Mumbai\"\nset_var EASYRSA_REQ_ORG        \"Kaizen Software\"\nset_var EASYRSA_REQ_EMAIL      \"admin@example.com\"\nset_var EASYRSA_REQ_OU         \"IT\"\n<\/code><\/pre>\n\n\n\n<p>Initialize the PKI:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>.\/easyrsa init-pki\n<\/code><\/pre>\n\n\n\n<p>Build the Certificate Authority (CA):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>.\/easyrsa build-ca\n<\/code><\/pre>\n\n\n\n<p><strong>Result:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>CA certificate created successfully.\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udd10 Step 4: Generate Server Certificate, Key, and Encryption Files<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>.\/easyrsa gen-req server nopass\n.\/easyrsa sign-req server server\n<\/code><\/pre>\n\n\n\n<p>Generate DH parameters:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>.\/easyrsa gen-dh\nopenvpn --genkey --secret ta.key\n<\/code><\/pre>\n\n\n\n<p><strong>Result:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Server certificate and Diffie-Hellman parameters generated.\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83e\uddf3 Step 5: Configure the OpenVPN Server<\/h2>\n\n\n\n<p>Copy all necessary files to <code>\/etc\/openvpn\/server\/<\/code>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo cp pki\/ca.crt pki\/private\/server.key pki\/issued\/server.crt pki\/dh.pem ta.key \/etc\/openvpn\/server\/\n<\/code><\/pre>\n\n\n\n<p>Create and edit the OpenVPN configuration file:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo nano \/etc\/openvpn\/server\/server.conf\n<\/code><\/pre>\n\n\n\n<p>Paste the following:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>port 1194\nproto udp\ndev tun\nca ca.crt\ncert server.crt\nkey server.key\ndh dh.pem\ntls-auth ta.key 0\ntopology subnet\nserver 10.8.0.0 255.255.255.0\npush \"redirect-gateway def1 bypass-dhcp\"\npush \"dhcp-option DNS 1.1.1.1\"\nkeepalive 10 120\ncipher AES-256-CBC\nuser nobody\ngroup nogroup\npersist-key\npersist-tun\nstatus openvpn-status.log\nverb 3\nexplicit-exit-notify 1\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udd04 Step 6: Enable IP Forwarding<\/h2>\n\n\n\n<p>Edit <code>sysctl.conf<\/code>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo nano \/etc\/sysctl.conf\n<\/code><\/pre>\n\n\n\n<p>Uncomment or add:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>net.ipv4.ip_forward=1\n<\/code><\/pre>\n\n\n\n<p>Apply the changes:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo sysctl -p\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udd25 Step 7: Set Up UFW (Firewall)<\/h2>\n\n\n\n<p>Allow OpenVPN and SSH:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw allow 1194\/udp\nsudo ufw allow OpenSSH\n<\/code><\/pre>\n\n\n\n<p>Edit UFW config:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo nano \/etc\/ufw\/before.rules\n<\/code><\/pre>\n\n\n\n<p>Add before the <code>*filter<\/code> line:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>*nat\n:POSTROUTING ACCEPT &#91;0:0]\n-A POSTROUTING -s 10.8.0.0\/8 -o eth0 -j MASQUERADE\nCOMMIT\n<\/code><\/pre>\n\n\n\n<p>Then enable forwarding in <code>\/etc\/default\/ufw<\/code>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n<\/code><\/pre>\n\n\n\n<p>Reload UFW:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw disable &amp;&amp; sudo ufw enable\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u25b6\ufe0f Step 8: Start and Enable OpenVPN<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl start openvpn-server@server\nsudo systemctl enable openvpn-server@server\n<\/code><\/pre>\n\n\n\n<p>Check status:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl status openvpn-server@server\n<\/code><\/pre>\n\n\n\n<p><strong>Result:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Active: active (running)\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udc64 Step 9: Create Client Configuration<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>.\/easyrsa gen-req client1 nopass\n.\/easyrsa sign-req client client1\n<\/code><\/pre>\n\n\n\n<p>Copy the client certs and create a <code>.ovpn<\/code> file:<\/p>\n\n\n\n<p>Example client config (<code>client1.ovpn<\/code>):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>client\ndev tun\nproto udp\nremote your_server_ip 1194\nresolv-retry infinite\nnobind\npersist-key\npersist-tun\nremote-cert-tls server\ncipher AES-256-CBC\nkey-direction 1\nverb 3\n\n&lt;ca&gt;\n-----BEGIN CERTIFICATE-----\n...your CA cert...\n-----END CERTIFICATE-----\n&lt;\/ca&gt;\n&lt;cert&gt;\n...client cert...\n&lt;\/cert&gt;\n&lt;key&gt;\n...client key...\n&lt;\/key&gt;\n&lt;tls-auth&gt;\n...ta.key contents...\n&lt;\/tls-auth&gt;\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83e\uddea Step 10: Connect from Client Device<\/h2>\n\n\n\n<p>Use an OpenVPN client (Windows\/Linux\/Android\/macOS), import <code>client1.ovpn<\/code>, and connect.<\/p>\n\n\n\n<p><strong>Expected Result:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You\u2019re connected to your own VPN server.<\/li>\n\n\n\n<li>Your IP address is now from your server\u2019s location.<\/li>\n\n\n\n<li>All traffic is securely tunneled.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83e\uddfe Final Thoughts<\/h2>\n\n\n\n<p>Congratulations! \ud83c\udf89 You&#8217;ve successfully set up a private OpenVPN server on Ubuntu. This provides:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enhanced privacy<\/li>\n\n\n\n<li>Bypass for censorship<\/li>\n\n\n\n<li>Secure remote access to your VPS\/home network<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>For automation, consider using OpenVPN install scripts like <a href=\"https:\/\/github.com\/angristan\/openvpn-install\"><code>angristan\/openvpn-install<\/code><\/a>.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udcac Need Help?<\/h2>\n\n\n\n<p>\ud83d\udcac Have questions or need assistance? Feel free to reach out! If you&#8217;re looking for a Docker-based OpenVPN setup or a GUI-based VPN admin panel, we\u2019ve got you covered.<\/p>\n\n\n\n<p>\u2705 We offer <strong>ready-to-deploy OpenVPN Docker solutions<\/strong> along with full setup and ongoing maintenance support.<\/p>\n\n\n\n<p>\ud83d\udc49 <strong>Contact us today to purchase your custom OpenVPN Docker package and enhance your network security with ease!<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u2705 <strong>Linux (Most Recommended for Server Deployments)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ubuntu (20.04, 22.04, etc.)<\/li>\n\n\n\n<li>Debian<\/li>\n\n\n\n<li>CentOS \/ Rocky Linux \/ AlmaLinux<\/li>\n\n\n\n<li>Fedora<\/li>\n\n\n\n<li>Arch Linux<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u2705 <strong>Cloud VPS \/ Dedicated Servers<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AWS EC2 (Amazon Linux, Ubuntu)<\/li>\n\n\n\n<li>DigitalOcean Droplets<\/li>\n\n\n\n<li>Google Cloud (GCE)<\/li>\n\n\n\n<li>Azure VMs<\/li>\n\n\n\n<li>Hetzner, Linode, Contabo, etc.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd12 For Production:<\/h3>\n\n\n\n<p>We highly recommend <strong>Ubuntu Server <\/strong>for best compatibility, security, and performance with Docker-based OpenVPN deployments.<\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\"><p>Here\u2019s a complete blog post to install your first OpenVPN \ud83c\udf10 Step-by-Step Guide to Installing OpenVPN on Ubuntu VPS Setting up your own VPN server <a class=\"mh-excerpt-more\" href=\"https:\/\/www.ktchost.com\/blog\/step-by-step-guide-to-installing-openvpn-on-ubuntu-vps\/\" title=\"Step-by-Step Guide to Installing OpenVPN on Ubuntu VPS\">[&#8230;]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":7041,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1099,49,1100],"tags":[616,1106,444,1105,1101,653,1108,959,1113,1111,1109,723,1107,1112,503,1114,685,1102,476,1104,1103,1110],"class_list":["post-7039","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-docker-plans","category-ubuntu","category-vpn","tag-aws","tag-azure","tag-centos","tag-cloudvps","tag-debian","tag-devops","tag-digitalocean","tag-docker","tag-dockermaintenance","tag-dockersetup","tag-linuxserver","tag-networksecurity","tag-privacy","tag-remoteaccess","tag-security","tag-selfhosted","tag-servermanagement","tag-sure-heres-the-list-as-hashtags-without-the-hash-symbol-and-separated-by-commas-openvpn","tag-sysadmin","tag-ubuntu","tag-vpnserver","tag-vpnsetup"],"_links":{"self":[{"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/posts\/7039"}],"collection":[{"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/comments?post=7039"}],"version-history":[{"count":2,"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/posts\/7039\/revisions"}],"predecessor-version":[{"id":7042,"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/posts\/7039\/revisions\/7042"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/media\/7041"}],"wp:attachment":[{"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/media?parent=7039"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/categories?post=7039"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/tags?post=7039"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}