Step-by-Step Guide to Installing OpenVPN on Ubuntu VPS

Docker Plans, Ubuntu, VPN 0

Here’s a complete blog post to install your first OpenVPN

🌐 Step-by-Step Guide to Installing OpenVPN on Ubuntu VPS

Setting up your own VPN server gives you full control over your privacy and network security. In this guide, we’ll walk through installing and configuring OpenVPN on an Ubuntu VPS—step by step, with commands and results.

✅ Prerequisites

Before you begin, make sure you have the following:

  • A Ubuntu 20.04 or 22.04 VPS (other versions may work too).
  • Root or sudo access to your VPS.
  • An active internet connection.
  • A basic understanding of Linux commands.

🛠️ Step 1: Update the System

sudo apt update && sudo apt upgrade -y

Result:

Packages upgraded successfully.

🧰 Step 2: Install OpenVPN and Easy-RSA

sudo apt install openvpn easy-rsa -y

Result:

OpenVPN and Easy-RSA packages installed.

📂 Step 3: Set Up the PKI (Public Key Infrastructure)

make-cadir ~/openvpn-ca
cd ~/openvpn-ca

Edit vars file:

nano vars

Update values like:

set_var EASYRSA_REQ_COUNTRY    "IN"
set_var EASYRSA_REQ_PROVINCE   "MH"
set_var EASYRSA_REQ_CITY       "Mumbai"
set_var EASYRSA_REQ_ORG        "Kaizen Software"
set_var EASYRSA_REQ_EMAIL      "admin@example.com"
set_var EASYRSA_REQ_OU         "IT"

Initialize the PKI:

./easyrsa init-pki

Build the Certificate Authority (CA):

./easyrsa build-ca

Result:

CA certificate created successfully.

🔐 Step 4: Generate Server Certificate, Key, and Encryption Files

./easyrsa gen-req server nopass
./easyrsa sign-req server server

Generate DH parameters:

./easyrsa gen-dh
openvpn --genkey --secret ta.key

Result:

Server certificate and Diffie-Hellman parameters generated.

🧳 Step 5: Configure the OpenVPN Server

Copy all necessary files to /etc/openvpn/server/:

sudo cp pki/ca.crt pki/private/server.key pki/issued/server.crt pki/dh.pem ta.key /etc/openvpn/server/

Create and edit the OpenVPN configuration file:

sudo nano /etc/openvpn/server/server.conf

Paste the following:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1

🔄 Step 6: Enable IP Forwarding

Edit sysctl.conf:

sudo nano /etc/sysctl.conf

Uncomment or add:

net.ipv4.ip_forward=1

Apply the changes:

sudo sysctl -p

🔥 Step 7: Set Up UFW (Firewall)

Allow OpenVPN and SSH:

sudo ufw allow 1194/udp
sudo ufw allow OpenSSH

Edit UFW config:

sudo nano /etc/ufw/before.rules

Add before the *filter line:

*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT

Then enable forwarding in /etc/default/ufw:

DEFAULT_FORWARD_POLICY="ACCEPT"

Reload UFW:

sudo ufw disable && sudo ufw enable

▶️ Step 8: Start and Enable OpenVPN

sudo systemctl start openvpn-server@server
sudo systemctl enable openvpn-server@server

Check status:

sudo systemctl status openvpn-server@server

Result:

Active: active (running)

👤 Step 9: Create Client Configuration

./easyrsa gen-req client1 nopass
./easyrsa sign-req client client1

Copy the client certs and create a .ovpn file:

Example client config (client1.ovpn):

client
dev tun
proto udp
remote your_server_ip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
key-direction 1
verb 3

<ca>
-----BEGIN CERTIFICATE-----
...your CA cert...
-----END CERTIFICATE-----
</ca>
<cert>
...client cert...
</cert>
<key>
...client key...
</key>
<tls-auth>
...ta.key contents...
</tls-auth>

🧪 Step 10: Connect from Client Device

Use an OpenVPN client (Windows/Linux/Android/macOS), import client1.ovpn, and connect.

Expected Result:

  • You’re connected to your own VPN server.
  • Your IP address is now from your server’s location.
  • All traffic is securely tunneled.

🧾 Final Thoughts

Congratulations! 🎉 You’ve successfully set up a private OpenVPN server on Ubuntu. This provides:

  • Enhanced privacy
  • Bypass for censorship
  • Secure remote access to your VPS/home network

For automation, consider using OpenVPN install scripts like angristan/openvpn-install.

💬 Need Help?

💬 Have questions or need assistance? Feel free to reach out! If you’re looking for a Docker-based OpenVPN setup or a GUI-based VPN admin panel, we’ve got you covered.

✅ We offer ready-to-deploy OpenVPN Docker solutions along with full setup and ongoing maintenance support.

👉 Contact us today to purchase your custom OpenVPN Docker package and enhance your network security with ease!

Linux (Most Recommended for Server Deployments)

  • Ubuntu (20.04, 22.04, etc.)
  • Debian
  • CentOS / Rocky Linux / AlmaLinux
  • Fedora
  • Arch Linux

Cloud VPS / Dedicated Servers

  • AWS EC2 (Amazon Linux, Ubuntu)
  • DigitalOcean Droplets
  • Google Cloud (GCE)
  • Azure VMs
  • Hetzner, Linode, Contabo, etc.

🔒 For Production:

We highly recommend Ubuntu Server for best compatibility, security, and performance with Docker-based OpenVPN deployments.

About Anant 446 Articles
Senior technical writer

Copyright © 2025 Kaizen Software Solutions. All rights reserved.