How to Install OpenVPN in Ubuntu 20.04

Installing and configuring an OpenVPN server manually is not a simple task from my experience. For this reason, we will be using a script that lets you set up your own secure OpenVPN server in a matter of seconds.

Before downloading and running the script, note that the script will auto-detect your server’s private IP address. But you need to take note of your server public IP address especially if it is running behind NAT.

To find out your server’s public IP address, run the following wget command or dig command.

wget -qO - icanhazip.com

Or Dig.

Install DNSUtils

apt install dnsutils 
dig +short myip.opendns.com @resolver1.opendns.com

Now lets run the script (https://github.com/Nyr/openvpn-install)

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

Output:

Welcome to this OpenVPN road warrior installer!

This server is behind NAT. What is the public IPv4 address or hostname?
Public IPv4 address / hostname [233.xxx.xxx.112]:

Which protocol should OpenVPN use?
   1) UDP (recommended)
   2) TCP
Protocol [1]: 1

What port should OpenVPN listen to?
Port [1194]:

Select a DNS server for the clients:
   1) Current system resolvers
   2) Google
   3) 1.1.1.1
   4) OpenDNS
   5) Quad9
   6) AdGuard
DNS server [1]: 3

Enter a name for the first client:
Name [client]: user1

OpenVPN installation is ready to begin.
Press any key to continue...
Hit:1 http://cdn-aws.deb.debian.org/debian bullseye InRelease
Hit:2 http://cdn-aws.deb.debian.org/debian bullseye-updates InRelease
Hit:3 http://cdn-aws.deb.debian.org/debian bullseye-backports InRelease
Hit:4 http://security.debian.org/debian-security bullseye-security InRelease
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
ca-certificates is already the newest version (20210119).
openssl is already the newest version (1.1.1n-0+deb11u3).
openssl set to manually installed.
Suggested packages:
  resolvconf openvpn-systemd-resolved
Recommended packages:
  easy-rsa
The following NEW packages will be installed:
  liblzo2-2 libpkcs11-helper1 openvpn
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 703 kB of archives.
After this operation, 1990 kB of additional disk space will be used.
Get:1 http://cdn-aws.deb.debian.org/debian bullseye/main amd64 liblzo2-2 amd64 2.10-2 [56.9 kB]
Get:2 http://cdn-aws.deb.debian.org/debian bullseye/main amd64 libpkcs11-helper1 amd64 1.27-1 [                                                                                                                                              47.5 kB]
Get:3 http://cdn-aws.deb.debian.org/debian bullseye/main amd64 openvpn amd64 2.5.1-3 [599 kB]
Fetched 703 kB in 0s (23.7 MB/s)
Preconfiguring packages ...
Selecting previously unselected package liblzo2-2:amd64.
(Reading database ... 30816 files and directories currently installed.)
Preparing to unpack .../liblzo2-2_2.10-2_amd64.deb ...
Unpacking liblzo2-2:amd64 (2.10-2) ...
Selecting previously unselected package libpkcs11-helper1:amd64.
Preparing to unpack .../libpkcs11-helper1_1.27-1_amd64.deb ...
Unpacking libpkcs11-helper1:amd64 (1.27-1) ...
Selecting previously unselected package openvpn.
Preparing to unpack .../openvpn_2.5.1-3_amd64.deb ...
Unpacking openvpn (2.5.1-3) ...
Setting up liblzo2-2:amd64 (2.10-2) ...
Setting up libpkcs11-helper1:amd64 (1.27-1) ...
Setting up openvpn (2.5.1-3) ...
Created symlink /etc/systemd/system/multi-user.target.wants/openvpn.service → /lib/systemd/syst                                                                                                                                              em/openvpn.service.
Processing triggers for man-db (2.9.4-2) ...
Processing triggers for libc-bin (2.31-13+deb11u5) ...
..........................+++++
...............+++++
Generating a RSA private key
....................+++++
.....................................................+++++
writing new private key to '/etc/openvpn/server/easy-rsa/pki/685ac808/temp.d98e14bd'
-----
Using configuration from /etc/openvpn/server/easy-rsa/pki/685ac808/temp.ac88dfea
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'server'
Certificate is to be certified until Nov 14 00:34:28 2032 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated
Generating a RSA private key
.................................+++++
..........................+++++
writing new private key to '/etc/openvpn/server/easy-rsa/pki/3e0fbb2b/temp.3a3753f7'
-----
Using configuration from /etc/openvpn/server/easy-rsa/pki/3e0fbb2b/temp.863607a1
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'user1'
Certificate is to be certified until Nov 14 00:34:29 2032 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated
Using configuration from /etc/openvpn/server/easy-rsa/pki/e0fdb7ad/temp.8b5b7aba
2022-11-17 00:34:29 WARNING: Using --genkey --secret filename is DEPRECATED.  Use --genkey secr                                                                                                                                              et filename instead.
Created symlink /etc/systemd/system/multi-user.target.wants/openvpn-iptables.service → /etc/sys                                                                                                                                              temd/system/openvpn-iptables.service.
Created symlink /etc/systemd/system/multi-user.target.wants/openvpn-server@server.service → /li                                                                                                                                              b/systemd/system/openvpn-server@.service.

Finished!

The client configuration is available in: /root/user1.ovpn
New clients can be added by running this script again.

Now that the server is installed, download openVPN.

Download the OPVN file and connect.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.