almost 7 years ago


This tutorial will show you how to set up an openvpn server on Ubuntu Server 13.04.

Set Up Steps

1. Use apt-get to install openvpn
sudo apt-get update && sudo apt-get dist-upgrade -y
sudo apt-get install openvpn openssl udev

2. Generate Server & Client Certificate Authority related files
In this step, please make sure you are in superuser mode.
sudo su this command can let you change to superuser mode.

cp -r /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn
cd /etc/openvpn/easy-rsa/2.0/
ln -s openssl-1.0.0.cnf openssl.cnf

source ./vars

Create Server Key
./build-key-server server

Create Client Key
./build-key client1

We need to generate Deffie Hellman Parameters which will be governing the key exchanges between the client and the server of Ubuntu OpenVPN.

Now, files are generated in folder /etc/openvpn/easy-rsa/2.0/keys

3. Config Server Configuration file
cd /etc/openvpn
vim server.conf
Please fill in content below:
proto udp
dev tun

ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem


push "redirect-gateway def1"

push "dhcp-option DNS"
push "dhcp-option DNS"

keepalive 10 120
status openvpn-status.log
verb 3


  • proto udp you can replace udp to tcp.
  • ca, cert, key & dh properties should indicate to what you generate in step 2.
  • server this command indicate which subnet you will distribute to client

4. Setting Network routing iptable
echo 1 > /proc/sys/net/ipv4/ip_forward
vim /etc/rc.local

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s -j SNAT --to-source

Note: is you server IP which can be established connection by clients.

5. Start OpenVPN Server
/etc/init.d/openvpn start
You can use ifocnfig check server status.

If OpenVPN server runs, you will find that network interface will appear tun0

Congragulation! You've set up VPN server!

6. Client Connection
Remember generating client CA files in Step 2?

Copy client1.key, client1.crt, ca.crt for client side.

In the same folder of above files, generate client1.ovpn file and fill in content:

dev tun
proto udp

remote 1194

resolv-retry infinite

ca ca.crt
cert client1.crt
key client1.key

verb 3


  • proto should match your server setting.
  • remote IP setting should match server's IP & make sure that it is reachable.

Try to connect:
sudo openvpn --config client1.conf

← Android小心簡訊中毒! Android JNI Using Log →
comments powered by Disqus