How do you configure a VPN server using OpenVPN on a Linux machine?

In today's digital age, ensuring the security and privacy of your online activities is paramount. One effective method to achieve this is by configuring a VPN server on your Linux machine using OpenVPN. This article aims to provide a detailed guide on setting up and configuring an OpenVPN server, focusing on the necessary steps for a successful installation and configuration.

Understanding OpenVPN and Its Importance

Before diving into the configuration process, it’s crucial to grasp the importance of OpenVPN and why it is a preferred choice for many. OpenVPN is a robust and highly versatile open-source VPN solution that allows for secure remote access and private site-to-site connections. It uses the OpenSSL library extensively, providing encryption with AES GCM and other cryptographic algorithms, ensuring the utmost security for your data.

Why Use OpenVPN?

OpenVPN offers several advantages over other VPN solutions. Firstly, it provides flexibility with its ability to traverse network address translators (NATs) and firewalls. Secondly, it supports a range of encryption methods, ensuring robust security. Lastly, it is compatible with a variety of platforms, making it an ideal choice for users who seek a comprehensive VPN solution.

Setting Up Your OpenVPN Server

Now that you understand the significance of OpenVPN, let’s move on to the practical steps of setting up an OpenVPN server on a Linux machine. This process involves several key stages: installing OpenVPN, setting up the server configuration, creating client certificates, and configuring client ovpn files.

Installation of OpenVPN

To start, you need to install OpenVPN on your Linux machine. Open a terminal and run the following commands. Ensure you have sudo privileges to perform these operations.

sudo apt update
sudo apt install openvpn easy-rsa

The above commands will install OpenVPN and the Easy RSA package, which is essential for managing encryption keys and certificates.

Setting Up the Server Configuration

Once OpenVPN and Easy RSA are installed, you need to set up the server configuration. First, initialize the Public Key Infrastructure (PKI) by running:

make-cadir ~/openvpn-ca
cd ~/openvpn-ca

Next, edit the vars file to set your desired parameters. This file contains default variables for certificate creation. After editing, run the following commands:

source vars

These commands will build the Certificate Authority (CA). Next, generate the server certificate and key with:

./build-key-server server

Now, generate Diffie-Hellman parameters:

openvpn --genkey --secret keys/ta.key

Finally, copy the sample OpenVPN configuration file and modify it:

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf /etc/openvpn/
sudo nano /etc/openvpn/server.conf

In the server.conf file, make necessary adjustments such as specifying the port, protocol, IP addresses, and enabling the server mode.

Creating Client Certificates and Configuration Files

For each client that will connect to the VPN, you need to generate a client certificate and key. Run the following command, replacing client1 with your client's name:

cd ~/openvpn-ca
source vars
./build-key client1

Additionally, create a client configuration file. You can base this on the sample client configuration provided by OpenVPN:

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/client/
sudo nano /etc/openvpn/client/client1.ovpn

Edit client1.ovpn to specify the server's IP address or domain name, the port, and the protocol. Also, include the client certificates and keys within the configuration file.

Configuring the Network and Starting the Server

After setting up the server and client configurations, ensure your network settings are properly configured to allow traffic through the VPN. Modify your firewall rules to open the OpenVPN port:

sudo ufw allow 1194/udp
sudo ufw allow OpenSSH
sudo ufw enable

Enable IP forwarding by editing the sysctl configuration file:

sudo nano /etc/sysctl.conf

Uncomment the following line:


Apply the changes with:

sudo sysctl -p

Finally, start the OpenVPN server:

sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server

Connecting Clients to the OpenVPN Server

With the server up and running, you need to configure the VPN clients to connect to the server. Transfer the client1.ovpn file to the client device. You can use secure methods such as SCP or SFTP for this purpose.

Configuring the Client

Install the OpenVPN client on the client machine. For Linux clients, use the following command:

sudo apt install openvpn

Place the client1.ovpn file in the OpenVPN directory and start the client with:

sudo openvpn --config /etc/openvpn/client/client1.ovpn

For Windows and macOS clients, download and install the OpenVPN client software, then import the .ovpn configuration file via the GUI.

Ensuring Proper Security and Functionality

A well-configured VPN not only provides secure connections but also ensures that all traffic is routed through the VPN tunnel. It is crucial to verify that the DNS server is correctly set to prevent DNS leaks. Modify the client configuration file to include the dhcp-option directive:

dhcp-option DNS <DNS_SERVER_IP>

Additionally, to route all traffic through the VPN, add the following line to your client configuration:

redirect-gateway def1

Testing the VPN Connection

After setting up your VPN, test the connection to ensure it works correctly. Verify the connection by checking your IP address and ensuring it matches the VPN server's IP. Use online tools to confirm that your DNS requests are not leaking.

Configuring an OpenVPN server on a Linux machine is a comprehensive process that ensures secure and private connections for your network. By following the steps outlined in this guide, you can successfully set up and configure your OpenVPN server, generate necessary certificates, and connect clients securely. This method not only enhances your network's security but also provides peace of mind in an increasingly data-driven world. With OpenVPN, you can protect your digital footprint and ensure that your online activities remain private and secure.

Copyright 2024. All Rights Reserved