Over time, we use multiple VPN products such as ExpressVPN and IPVanish and they are excellent products. But then we found that it’s underutilised so we decided to find alternative but cost-effective. We found OpenVPN which is open-source. Since we have multiple virtual machines in the clouds, we decided to explore and install this into one of our Ubuntu servers.
Here’s the step-by-step:
First, we need to check the minimum system requirements on the OpenVPN website.
We log in to the Ubuntu server.
We update and upgrade the packages. To do this, we run the following command:
Then, we install the required dependencies. We run the following command:
apt install ca-certificates wget net-tools gnupg
We add the OpenVPN server to the repository list. To do this, we run a few commands:
wget -qO - https://as-repository.openvpn.net/as-repo-public.gpg | apt-key add -
echo "deb http://as-repository.openvpn.net/as/debian focal main" > /etc/apt/sources.list.d/openvpn-as-repo.list
We install the OpenVPN Access Server (AS). To install, we run the command:
apt install openvpn-as
Once installed, we write down the username and password.
To access the Admin dashboard, we open up a browser and access https://[your-ip-address]:943/admin
Note: If you are running a firewall, ensure to open this port 943
Note: In our case, we managed to get in BUT previously somehow we were in the loop that keeps coming up with the welcome message and then went to the login page. It did not go to the dashboard page for some reason. We follow this solution – FAQ – Why can’t I access the Adminclient UI
To access client software (Windows, Mac, iOS, Android and Linux), we open up a browser and access https://[your-ip-address]:943
We then download the relevant operating system and install the client.
To improve the security of the VPN, we make some adjustments to settings.
We log in to the admin.
Under the Configuration, we click TLS settings.
We set the TLS 1.3 to the Yes option.
Then, we click the Save Settings button.
Under VPN, we go to the DNS settings section.
We change the Have clients use a specific DNS server to the Yes option.
Primary Address: 22.214.171.124
Secondary Address: 126.96.36.199
Note: We use the Cloudflare DNS server.
Still, under VPN, we go to the Routing section and we change Should VPN clients have access to private subnets (non-public network on the server-side) to No.
We then click the Save Settings button to save.
Under the Advanced VPN, we go to the TLS Control Channel Security section and select the tls-cryptv2 to Yes option.
To disable the logs, we modify few configurations. The OpenVPN stored logs in 2 places: /usr/local/openvpn_as/etc/db/log.db and /var/log/openvpsas.logOpen up the OpenVPN config file: /usr/local/openvpn_as/etc/as.conf
We modify the log_db entry in the log.db file.
# log DB log_db=sqlite:///~/db/log.db
# log DB log_db=/dev/null
We then save the config file.
Next, we modify the process running.
We go to the console and we run the command.
systemctl edit --full openvpnas
This will open a text file.
Under ExecStart=xxx, we then replace:
We save the file and overwrite it.
We restart the service by running the following command:
systemctl restart openvpnas
We check the 2 log files and we run a few commands:
cat /usr/local/openvpn_as/etc/db/log.db cat /var/log/openvpsas.log
We then delete 2 logs by running a few commands:
echo "" > /usr/local/openvpn_as/etc/db/log.db echo "" > /var/log/openvpsas.log
We access the OpenVPN client and turn on the profile to activate the VPN.
We access a few websites and go back to the console to verify the 2 log files – it should be null.
Congratulation on reaching the end of this article. We hope that we have been able to shed some light on outlining what you need to know to install and configure OpenVPN on Ubuntu.
We write this in such a way that this is not a fixed article. Like in this journey, we learn as we go and we re-write some parts of the article so please keep pinging with this article or any general tech posts.
We also would love to hear about how you deal with the situation and what IT-related challenges you might be facing. Please feel free to leave us a comment below this article or you can contact us on the Dewacorp website for your IT support, application integration, application development, or other IT-related. Alternatively, you can casually have a chat on Dewachat. Let us know if you have any questions that we can help with!
If you want to boost your product and service to the wider web community, you can visit our Dewalist classified website – home to 15,000+ active users and 25,000+ active advertising so far. Check it out!
If you love this security article or any security posts and you would like to receive an update of this article or our latest post, please sign up for the form below: