Ubuntu 18.04 LTS Set Up OpenVPN Server In 5 Minutes


#1

Originally published at: https://www.cyberciti.biz/faq/ubuntu-18-04-lts-set-up-openvpn-server-in-5-minutes/

I am a new Ubuntu Linux 18.04 LTS server user. How do I set up an OpenVPN Server on Ubuntu Linux version 18.04 LTS server to shield my browsing activity from bad guys on public Wi-Fi, and more?


#2

I’m quite surprised you pull up this approach. That installer script is full of issues, and tries to do stuff which is really not good.

First of all … The CA setup here is insecure. It leaves an unprotected (yupp, no passwords!) CA private key on a publicly available server. So if this host is broken into, issuing new client and server certificates is a breeze. And with server certificates, setting up a MITM host is even simpler and users of that VPN won’t even notice.

Secondly your advice to use the openvpn@.service unit files is bad. OpenVPN 2.4 has added several patches which requires newer unit files to integrate better with systemd. Without these integration steps, OpenVPN will not behave well within a systemd environment. In addition, we’ve started the path to restrict the privileges the OpenVPN process has as well. So rather put server configs into /etc/openvpn/server and client configs into /etc/openvpn/client and use the new openvpn-{client,server}@.service unit files. If the package maintainer is doing the right thing, the OpenVPN package should now carry the upstream version of systemd unit files and not the package maintainers version, so fixes should now be handled more centrally make all distros behave more or less the same way.

But in general, such “quick setup scripts” need to be used with utmost carefulness and carefully reviewed before running them. Running random scripts from the Internet as root is a receipt for disaster if not carefully reviewed. Which is why the OpenVPN community recommends to go through this “Getting Started How-To” instead of various blog posts or “simple scripts”.

https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN


#3

yes, I will cover direct setup. Did you look into another script https://github.com/angristan/openvpn-install/blob/master/openvpn-install.sh ? This one seems to address most of your concern. What do you think?