Setup OpenVPN on Ubuntu 22.04

Installing the OpenVPN to Ubuntu Server

After launching your instance, we need to log in into our new server using SSH client.

ssh -i "YourKey.pem" ubuntu@SERVER_IP

After login, you need to update the system

sudo apt update && sudo apt upgrade -y

Set Timezone

sudo su -
apt install tzdata
dpkg-reconfigure tzdata

Install via Repository (Combined)

apt update && apt -y install ca-certificates wget net-tools gnupg
wget -qO /etc/apt/trusted.gpg.d/as-repository.asc
echo "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/as-repository.asc] jammy main">/etc/apt/sources.list.d/openvpn-as-repo.list
apt update && apt -y install openvpn-as

After completion of installation, you will get output like this.

Access Server 2.11.3 has been successfully installed in /usr/local/openvpn_as
Configuration log file has been written to /usr/local/openvpn_as/init.log

Access Server Web UIs are available here:
Admin UI:
Client UI: 
Login as "openvpn" with "RandomPassword" to continue
(password can be changed on Admin UI)

You need to replace the local IP to your Server Public IP to access the OpenVPN Access Server.

That's all, you are ready to browse your OpenVPN Access Web Interface and configure everything.

- Connecting a Custom Domain

If you are willing to access the OpenVPN server from a custom domain, instead of the Server Public IP.

In your DNS Server, add A record.

In my case, I have created a subdomain and pointed to my OpenVPN Server IP.

  • Login to OpenVPN Access Server Admin

  • Navigate to Configuration > Network Settings. Set the ‘Hostname or IP Address’ to (Optional)

- Installing SLL

apt-get update 
apt install certbot
certbot certonly --standalone --preferred-challenges http -d

Output Like:

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/
Key is saved at:         /etc/letsencrypt/live/
This certificate expires on 2024-01-07.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Install the acquired certificate:

/usr/local/openvpn_as/scripts/sacli --key "cs.priv_key" --value_file "/etc/letsencrypt/live/" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "cs.cert" --value_file "/etc/letsencrypt/live/" ConfigPut
/usr/local/openvpn_as/scripts/sacli start

Automate Renewal:

sudo nano /usr/local/bin/

paste the following replacing your domain name.

certbot renew — standalone
sleep 1m
/usr/local/openvpn_as/scripts/sacli --key "cs.priv_key" --value_file "/etc/letsencrypt/live/" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "cs.cert" --value_file "/etc/letsencrypt/live/" ConfigPut
/usr/local/openvpn_as/scripts/sacli startcli start
sudo chmod +x /usr/local/bin/

sudo crontab -e

# Add the following line
0 0 1 */2 * /usr/local/bin/



TypeProtocolPort range


Turn on Have clients use specific DNS servers use Primary DNS and Secondary DNS

Restart OpenVPN: sudo service openvpnas restart