How To Setup OpenVPN Server In 5 Minutes on Ubuntu Linux

Originally published at: https://www.cyberciti.biz/faq/howto-setup-openvpn-server-on-ubuntu-linux-14-04-or-16-04-lts/

I am a new Ubuntu Linux server user. How do I setup an OpenVPN Server on Ubuntu Linux version 14.04 or 16.04/18.04 LTS server to shield my browsing activity from bad guys on public Wi-Fi, and more?

The simplest way is to use GUI app GitHub - delfer/ssheller: UI to execute scripts on remote servers over SSH
Open source, available for Windows, macOS и Linux.
Do not require any additional app. Will configure server and download .ovpn file for you.
And tested heavily with DO.

Hi, I have tried many times vpn client connects to server successfully but internet through VPN doesn’t work
Please help
Can able to ping GW: 10.8.0.1
also default route is set to 10.8.0.1

Thanks

Can you ping public IP address such as 8.8.8.8?

ping 8.8.8.8
ping 1.1.1.1

no thats the problem :smiley: after connecting vpn able to ping gateway 10.8.0.1 but unable to access internet 8.8.8.8 or browse

I think NAT is not working properly on Ubuntu OpenVPN server
Using Windows Openvpn client

You can verify NAT rules with:

iptables -t nat -L -n -v
## the following must be 1 ##
sysctl net.ipv4.ip_forward

Usually, script adds rule to /etc/rc.local that does the magic:

cat /etc/rc.local 
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 139.xxx.yyy.zzz

139.xxx.yyy.zzz is my VPN server IP address.

root@virtual-machine:/home/ali# iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 7541 packets, 843K bytes)
pkts bytes target prot opt in out source destination

Chain INPUT (policy ACCEPT 44 packets, 2411 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 104 packets, 7268 bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 104 packets, 7268 bytes)
pkts bytes target prot opt in out source destination
445 26574 SNAT all – * * 10.8.0.0/24 !10.8.0.0/24 to:x.x.x.x (Public IP of Server)
0 0 MASQUERADE all – * ens160 10.8.0.0/24 0.0.0.0/0
root@virtual-machine:/home/ali# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
root@virtual-machine:/home/ali# cat /etc/rc.local
#!/bin/sh -e
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -I INPUT -p tcp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 210.56.27.74

As you see everything looks fine?

Yes, it looks correct. My guess is DNS server at your hosting causing such issue. Can you remove OpenVPN and reinstall it again and choose 1.1.1.1 or Google DNS when asked?

sudo ./openvpn-install.sh

First remove OpenVPN. Again run script and make sure you choose 1.1.1.1 or Google DNS:

sudo ./openvpn-install.sh

For example:


Do show your screenshot when you run above screen.

Hey guys,
I have installed OpenVPN with this script and on mac and windows it’s working like a charm. I have problem with ubuntu. When i start it from terminal with fresh config, my terminal is frozen with last message “Initialization Sequence Completed”. When i open new terminal and check ip address, I’m connected to VPN, and it’s working, but i need to keep previous terminal opened. Did somebody have had this issue?

Did you installed it as service and starting using the systemctl command?

yes, via apt-get…
ubuntuserver@ubuntu:~$ systemctl status openvpn
● openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset:
Active: active

Hello, I ran the openvpn-install.sh script on ubuntu 18.04, but the service won’t start.

Looking around, I found that the server.conf file is at /etc/openvpn/server rather than /etc/openvpn. I copied it up, but now it complains about other files not being present (they are in the /etc/openvpn/server directory). I’m not sure if it is best if I copy them all up, or if there is some other parameter that I should change to get it to look in the /etc/openvpn/server directory.

Thanks in advance for your advice.

/etc/rc.local also doesn’t exist in 18.04. I created it, and removed and reinstalled OpenVPN using the openvpn-install.sh, but rc.local didn’t get updated. Did the expected lines get added somewhere else?

Thanks in advance.

I tried downgrading my machine to 16.04, but openvpn-install just says:

Ubuntu 16.04 is no longer supported in the current version of openvpn-install
Use an older version if Ubuntu 16.04 support is needed: https://git.io/vpn1604

So, something else must have upgraded that broke openvpn-install.

Update (since I’m too new to reply): the script from https://git.io/vpn1604 seems to be working when using ubuntu 16.04, so I will run with that for a while. The iptables lines don’t appear in any of the rc files (that I can find), so that must be handled some other way now.

I use the script to install OpenVPN on Ubuntu Server 18.04.
I get the following error during the installation:

Any idea?

Are you running as root? What kind of server? Is it cloud server? Container?

Fresh Ubuntu 18.04 installation on ESXi. I run as a user with sudo permissions.
I run the installation script with sudo bash .

Seems like permission issue to me. Delete and download the script again. Try running as follows:

chmod +x script
sudo ./script

i’m sure no one has tried to do this as it not that normal

first of the guide worked as it should

but i want to disable access to the local network for the clients, but i want to have access to them from the server.

how can i do that?

from the server i can ping both to internet and local machines, all OK there
from local machines i can ping internet and other local machines but i can’t ping clients and that is OK too
but from the client i can ping internet and local machines,how do i disable access to local network behind the VPN but still being able to access the clients from the vpn server?