How To Setup OpenVPN Server In 5 Minutes on Ubuntu Linux


#1

Originally published at: https://www.cyberciti.biz/faq/howto-setup-openvpn-server-on-ubuntu-linux-14-04-or-16-04-lts/

I am a new Ubuntu Linux server user. How do I setup an OpenVPN Server on Ubuntu Linux version 14.04 or 16.04/18.04 LTS server to shield my browsing activity from bad guys on public Wi-Fi, and more?


#2

The simplest way is to use GUI app https://github.com/delfer/ssheller
Open source, available for Windows, macOS и Linux.
Do not require any additional app. Will configure server and download .ovpn file for you.
And tested heavily with DO.


#3

Hi, I have tried many times vpn client connects to server successfully but internet through VPN doesn’t work
Please help
Can able to ping GW: 10.8.0.1
also default route is set to 10.8.0.1

Thanks


#4

Can you ping public IP address such as 8.8.8.8?

ping 8.8.8.8
ping 1.1.1.1

#5

no thats the problem :smiley: after connecting vpn able to ping gateway 10.8.0.1 but unable to access internet 8.8.8.8 or browse

I think NAT is not working properly on Ubuntu OpenVPN server
Using Windows Openvpn client


#6

You can verify NAT rules with:

iptables -t nat -L -n -v
## the following must be 1 ##
sysctl net.ipv4.ip_forward

Usually, script adds rule to /etc/rc.local that does the magic:

cat /etc/rc.local 
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 139.xxx.yyy.zzz

139.xxx.yyy.zzz is my VPN server IP address.


#7

root@virtual-machine:/home/ali# iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 7541 packets, 843K bytes)
pkts bytes target prot opt in out source destination

Chain INPUT (policy ACCEPT 44 packets, 2411 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 104 packets, 7268 bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 104 packets, 7268 bytes)
pkts bytes target prot opt in out source destination
445 26574 SNAT all – * * 10.8.0.0/24 !10.8.0.0/24 to:x.x.x.x (Public IP of Server)
0 0 MASQUERADE all – * ens160 10.8.0.0/24 0.0.0.0/0
root@virtual-machine:/home/ali# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
root@virtual-machine:/home/ali# cat /etc/rc.local
#!/bin/sh -e
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -I INPUT -p tcp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 210.56.27.74

As you see everything looks fine?


#9

Yes, it looks correct. My guess is DNS server at your hosting causing such issue. Can you remove OpenVPN and reinstall it again and choose 1.1.1.1 or Google DNS when asked?

sudo ./openvpn-install.sh

First remove OpenVPN. Again run script and make sure you choose 1.1.1.1 or Google DNS:

sudo ./openvpn-install.sh

For example:


Do show your screenshot when you run above screen.