Setup OpenVPN on Ubuntu 22.04
Installing the OpenVPN to Ubuntu Server
After launching your instance, we need to log in into our new server using SSH client.
ssh -i "YourKey.pem" ubuntu@SERVER_IP
After login, you need to update the system
sudo apt update && sudo apt upgrade -y
Set Timezone
sudo su -
apt install tzdata
dpkg-reconfigure tzdata
Install via Repository (Combined)
apt update && apt -y install ca-certificates wget net-tools gnupg
wget https://as-repository.openvpn.net/as-repo-public.asc -qO /etc/apt/trusted.gpg.d/as-repository.asc
echo "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/as-repository.asc] http://as-repository.openvpn.net/as/debian jammy main">/etc/apt/sources.list.d/openvpn-as-repo.list
apt update && apt -y install openvpn-as
After completion of installation, you will get output like this.
+++++++++++++++++++++++++++++++++++++++++++++++
Access Server 2.11.3 has been successfully installed in /usr/local/openvpn_as
Configuration log file has been written to /usr/local/openvpn_as/init.log
Access Server Web UIs are available here:
Admin UI: https://192.168.102.130:943/admin
Client UI: https://192.168.102.130:943
Login as "openvpn" with "RandomPassword" to continue
(password can be changed on Admin UI)
+++++++++++++++++++++++++++++++++++++++++++++++
You need to replace the local IP 192.168.102.130 to your Server Public IP to access the OpenVPN Access Server.
That's all, you are ready to browse your OpenVPN Access Web Interface and configure everything.
- Connecting a Custom Domain
If you are willing to access the OpenVPN server from a custom domain, instead of the Server Public IP.
In your DNS Server, add A record.
In my case, I have created a subdomain vpn.sanjaysikdar.dev and pointed to my OpenVPN Server IP.
Login to OpenVPN Access Server Admin
Navigate to Configuration > Network Settings. Set the ‘Hostname or IP Address’ to
vpn.sanjaysikdar.dev. (Optional)
- Installing SLL
apt-get update
apt install certbot
certbot certonly --standalone --preferred-challenges http -d vpn.sanjaysikdar.dev
Output Like:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/vpn.sanjaysikdar.dev/fullchain.pem
Key is saved at: /etc/letsencrypt/live/vpn.sanjaysikdar.dev/privkey.pem
This certificate expires on 2024-01-07.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Install the acquired certificate:
/usr/local/openvpn_as/scripts/sacli --key "cs.priv_key" --value_file "/etc/letsencrypt/live/vpn.sanjaysikdar.dev/privkey.pem" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "cs.cert" --value_file "/etc/letsencrypt/live/vpn.sanjaysikdar.dev/fullchain.pem" ConfigPut
/usr/local/openvpn_as/scripts/sacli start
Automate Renewal:
sudo nano /usr/local/bin/certrenewal.sh
paste the following replacing your domain name.
#!/bin/bash
certbot renew — standalone
sleep 1m
/usr/local/openvpn_as/scripts/sacli --key "cs.priv_key" --value_file "/etc/letsencrypt/live/vpn.sanjaysikdar.dev/privkey.pem" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "cs.cert" --value_file "/etc/letsencrypt/live/vpn.sanjaysikdar.dev/fullchain.pem" ConfigPut
/usr/local/openvpn_as/scripts/sacli startcli start
sudo chmod +x /usr/local/bin/certrenewal.sh
sudo crontab -e
# Add the following line
0 0 1 */2 * /usr/local/bin/certrenewal.sh
Troubleshoot
FIREWALL SECURITY:
| Type | Protocol | Port range |
| HTTP | TCP | 80 |
| HTTPS | TCP | 443 |
| SSH | TCP | 22 |
| Custom | TCP | 943 |
| Custom | TCP | 945 |
| Custom | UDP | 1194 |
VPN SETTINGS:
Turn on Have clients use specific DNS servers use Primary DNS 1.1.1.1 and Secondary DNS 8.8.8.8
Restart OpenVPN: sudo service openvpnas restart