A virtual private network is a network configuration to safely browse the internet without allowing anyone to know your identity. A VPN setting can encrypt your browsing data and hide your public IP address, DNS, and URL. You can visit the restricted and blocked websites by using a VPN service. A VPN service can be used over WiFi, cellular data, or broadband internet. When you want to use a VPN service to bypass your identity, the most confusing dilemma comes in front of you, which VPN should you try? Which is safer than any other virtual private network? In my opinion, OpenVPN is one of the most used and finest private network services to use in your Ubuntu Linux.
Working Mechanism of OpenVPN
VPN was first created for the giant tech companies who need to secure their data, but VPN services are available for everyone nowadays. Normally your computer access the internet directly through your internet service provider, while the VPN makes a tunnel to establish your internet connection more secure and private.
In that case, the virtual server access the internet on your behalf. A VPN service is important if you want to watch content from any streaming website with a restriction policy based on geo-location. Despite having a few disadvantages of using a VPN service, it is safe to use a VPN while using public WiFi.
OpenVPN uses the cipher algorithm to make your data private and safe. The OpenVPN can also mask your physical location by encrypting the total channel, applying the hash function, and implementing the encrypted handshake method. In this post, we are going to learn how to install OpenVPN in Ubuntu Linux. The primary key features of OpenVPN are given below for better visual representation.
- Individual Business and Personal VPN Service
- 256-bit Encryption Method
- Open-source Software
- Crypto API Support
- OpenSSL Security to Establish Connections
- Can be Used Over almost Evey Cross-Platform
Step 1: Check Your IP Address
Computer and other devices can get connected to the internet through an IP (Internet Protocol) address. Your location, time zone, and other details can be found by the IP address. A VPN hides your IP address and masks your exact location. When you bypass the internet traffic through a Vpn client, your physical address is no longer detectable by anyone.
In the beginning, you should check the IP address that your ISP gave you; next, when the OpenVPN installation will be finished, you will find a new virtual IP address. You can use the following Domain Information Groper (DIG) command to get your IP address.
dig +short myip.opendns.com @resolver1.opendns.com
Step 2: Install OpenVPN on Ubuntu Linux
In this step, we will see how to install the OpenVPN on our Ubuntu Linux. We will use a cURL command in the terminal shell to download the script file. After downloading the script file, we will chmod command to change the access permission of the script file, and then we will run a bash command to start the installation process of OpenVPN. If you don’t have the cURL tool installed inside your Ubuntu machine, you can use the following terminal command line to install the cURL.
sudo apt install curl
Now, run this cURL command in your terminal shell to grab the OpenVPN installer script file. The openvpn-install.sh
file will be downloaded and stored inside the home directory of your Ubuntu Linux.
curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
Run the chmod command and bash command one after another to initialize the installation process of OpenVPN. In the installation process, you will be asked to choose several options to proceed.
If your internet connection has IPv6 support, you will be able to choose the IPv6 configuration. You will also get options to select port, protocol, DNS, traffic compression, and customize encryption settings.
chmod +x openvpn-install.sh
sudo bash openvpn-install.sh
Finally, you will be asked to give the name of your VPN connection. The VPN settings file will be saved inside the /home/<user_name>/name.ovpn.
directory. You have to keep this file to import the OpenVPN settings in your Ubuntu network manager settings. Note your IPv4 address, and you will need this address to import the VPN settings into the network manager.
Step 3: Check IP and Port of OpenVPN
A virtual private network creates a virtual IP and port to route the traffic into a virtual server. In Ubuntu Linux, the default OpenVPN port is 1194. You can check the listening port of OpenVPN from the terminal shell using the tupln
command.
Now, to check the virtual IP address of OpenVPN, run the terminal command given below. The virtual IP is also known as tunnel IP. Look for the tun0
syntax to find the virtual IP address.
sudo ss -tupln | grep openvpn
ip add
Step 4: Install the OpenVPN Client on Ubuntu Linux
In this step, we will see how to install the OpenVPN daemon inside Ubuntu Linux. The installation process is very straightforward; you just need to run an apt-install
command in the Ubuntu terminal shell.
After installing the OpenVPN daemon, you must also install the OpenVPN configuration inside the Ubuntu network manager. The network manager will be used later to establish the VPN connection. The daemon program will allow the OpenVPN to run in the system background.
- Install the OpenVPN Daemon
sudo apt install openvpn
- Install the OpenVPN Network Manager
sudo apt install network-manager-openvpn
Step 5: Enable & Start the OpenVPN on Ubuntu Linux
After all the installation and IP checking are done, now it’s time to start the OpenVPN services in your Ubuntu machine. Use the following terminal command lines to start, enable, and check the status of the OpenVPN on your Linux machine. If you have configured the OpenVPN correctly, you will be able to see the active status, VPN directory, and process identification number (PID).
sudo systemctl start openvpn
sudo systemctl enble openvpn
sudo systemctl status openvpn
To stop all the running processes of OpenVPN in your Ubuntu machine, run the following kill command in the terminal shell.
sudo killall openvpn
Step 6: Import the OpenVPN Configuration to Network Manager
Previously we have created a file that includes the OpenVPN settings. Now we have to import the file to the network settings from the home directory. To import the settings, first, we have to open the file directory using the terminal shell.
Then we will use a Secure Copy (SCP) command to copy and apply the settings inside the VPN server from the local directory. We have to use the specific IP address (gateway) we found earlier while installing the OpenVPN script file.
Be careful about using the IP address; you must use your Public IPv4 address to import the configuration settings in the network manager. If you find any trouble running the SCP command, make sure that your network is not running behind any running Network address translation (NAT) module.
cd ~
/home/jahid/ubuntupit.ovpn. scp [email protected]:/home/jahid/jahid.ovpn.
To access the OpenVPN settings from the Ubuntu Network Manager, you need to import the OpenVPN settings inside the Network settings. To add a VPN network in the Network Manager, we need to Open the connectivity settings and click on the plus icon of the VPN setting. Then we have to choose the ‘Import from file‘ option, select and import the configuration file.
Now, select the .ovpn
file from your home directory to finalize the import process.
Finally, you will be able to toggle the VPN button to connect the OpenVPN in your Ubuntu Linux. You can also connect and disconnect the VPN service from the Ubuntu top bar.
Step 7: Firewall Settings for OpenVPN on Ubuntu
As we all know that Ubuntu uses the UFW firewall system to manage the incoming and outgoing network traffic, so to get an uninterrupted internet connection through the OpenVPN, we need to configure the firewall settings for the OpenVPN.
I have mentioned earlier that OpenVPN uses the User Datagram Protocol (UDP), and the default port of OpenVPN is 1194. So we will allow the port against the connection protocol.
ufw allow 1194/udp
You can also edit the firewall setting script using the Nano editor to edit the default forward policy for OpenVPN. Open the script and find the syntax DEFAULT_FORWARD_POLICY
, then change the value from DROP
to ACCEPT
. Then save the script and exit the file.
sudo nano /etc/default/ufw
DEFAULT_FORWARD_POLICY="ACCEPT"
Step 8: Remove OpenVPN on Ubuntu Linux
Till now, we have seen how to install and configure the OpenVPN on Ubuntu Linux. Now we will see how to remove and clean the OpenVPN from Ubuntu. You can use the following terminal command lines to uninstall and delete the configuration files from your filesystem.
sudo apt-get remove openvpn
sudo apt-get autoremove openvpn
sudo apt-get purge openvpn
sudo apt-get autoremove --purge openvpn
You can also try removing the OpenVPN by using the installation bash commands. Once the OpenVPN is installed inside your machine, you can’t install it again. If you run the installation command again, it will give you options to add a new user, revoke existing users and remove OpenVPN from your Ubuntu Linux machine. You can choose the ‘Remove OpenVPN‘ option to remove the OpenVPN from your machine.
Final Thoughts
Before installing the OpenVPN in your Ubuntu Linux, you need to know what type of virtual private network you need? The OpenVPN is mostly used to establish a secure shell private network connection. If you want to use a Point-to-Point Tunneling Protocol VPN or an Internet Protocol Security VPN, then you should give it a second thought before installing the OpenVPN in your machine.
In this post, I have described the steps of how to install and configure the OpenVPN daemon in your Ubuntu Linux. I’ve also explained the working method and key features of OpenVPN. In case you are searching for an end-to-end encrypted virtual private network, then OpenVPN is appropriate for you. Using a virtual private network is totally safe and legal.
If you find this post useful and informative, please share it with your friends and the Linux community. Let us know which VPN is the most trustworthy for you. Write your opinions in the comment segment.
Hello Jahid,
First, thanks for a very lucid run-through of the process. A few thoughts:
1. I want to install vpn so as to use the remote screen emulator in remmina in another computer. The computers I want to link are all within a wi-fi setting, i.e. using NAT ip’s. The other functions in remmina work fine between the two computers on test.
2. I have understood (I think!) the installation process up to the checking of the status, and everything has gone as you explain.
3. My problem arose from the use of scp to copy a file inside the same computer! But later, as I read the above comments, I found that you wanted to show the setting up of the client inside the same computer for the simple reason that there might not be another computer nearby. Suggestion: it might be a good idea to state this before doing the scp, otherwise someone else might also wonder why! I just used remmina to transfer the configuration file to the other machine.
Actually, the same info is given in the last line of the (excellent) commentary that accompanies the set-up:
“Download the .ovpn file and import it in your OpenVPN client.”
Hi and thanks for this tutorial.
Using the commands you provided, I managed to install OpenVPN on my Mac-mini running Ubuntu 20.04. I can turn on the VPN using the top bar Wi-Fi menu, and an icon with three white dots pops up on the bar to show it is connecting. However, it doesn’t complete the connection and turns itself off after approx. 50 seconds.
I’m not sure what the problem is. During the installation, I followed all the commands in sequence and all went smoothly except for two:
1. After entering the “cd ~” command followed by the path to the .ovpn file in my Home directory I got “Permission denied” (I checked the location and noticed the .ovpn file has a lock on the icon. I tried again using sudo before the command and got “command not found”, so I just moved on by entering the “scp” command you gave, substituting my computer name, the IPv4 Address of my wifi host, and the path to my .ovpn file. I then got a “usage” script: “usage: scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]
[-J destination] [-l limit] [-o ssh_option] [-P port]
[-S program] source … target”.
I continued with the rest of the install process, which went smoothly until the second problem:
2. After entering the final command using Nano to edit the default forward policy in the Firewall settings, I couldn’t find a way to save the file and exit. There is a list of options at the bottom of the terminal which includes the option “^X Exit” I tried this and it didn’t work, so I substituted the nano command by replacing “nano” with “gedit”. This worked, and I was able to edit the default forward policy save and exit the process successfully.
If anyone here can help me to troubleshoot my setup of OpenVPN I would be very grateful.
“I tried again using sudo,”
That put you in /root and thats why you got file not found. You should use absolute path when using Sudo.
thanks for the detailed explaination i managed to follow through your steps albeit my openvpn is on azure but it works bout the same.
Hello:
Thanks for your article on installing OpenVPN. https://www.ubuntupit.com/how-to-install-openvpn-in-ubuntu-linux-a-tutorial-for-newbie/
I’m new to Linux. So new I may not even qualify as a newbie. So I’ve been struggling to follow all of the instructions.
I have some questions. If you don’t have time to reply or just don’t want to, I will not be offended.
1) In the rather nasty comment by Ben Opp and your diplomatic response, I see the article covers installing OpenVPN as a server and a client. I only want to install it to protect my home computer, not run a network. Is there anything in the article that doesn’t apply to me?
2) I have 3 year old HP Pavillion running Windows 10 and I’ve installed Ubuntu 20.10 Groovy Gorilla from a DVD that came with the January 2021 issue of Linux Pro magazine. I’m not sure any of that is relevant, so please ignore if it is not useful information.
3) I got up to step 6 Import the OpenVPN configutration. . ., when I started having problems. I stopped the installation, will I need to repeat steps when I start again?
4) I checked that SCP is available on my computer and it appears that it is. I also entered cd ~.
5) My IP address is 192.168.1.72. I tried the command “scp [email protected]:/home/turing/BOBVPN.ovpn” and tried it as a sudo command.
The response was: usage: scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]
[-J destination] [-l limit] [-o ssh_option] [-P port]
[-S program] source … target
6) The icon for BOBVPN. ovpn has a lock on it in the file directory. When I try to run the Network setup, an error message appeared below the dialouge box; (Error: Unable to load VPN connection editor). I tried running it anyway because I’m stubborn. A VPN icon appeared in the upper right hand side of my screen. It lasted for about 10 seconds then stopped with the error message: Connection failed. Activation of network connection failed.
7) The article said I needed to ensure the “network is not running behind any running Network address translation (NAT) module.” I tried to find that our but I couldn’t tell if it was running behind an NAT module. There is a module called nf_nat, but I couldn’t tell if it was running or not.
8) I looked to see if I could override any NAT modules. I saw suggestions of black listing a module or using rmmod or modprobe. I haven’t tried any of them as it was not clear to me if I could reverse them.
Thanks for any help you can give. And if you don’t want to reply I won’t be offended.
The way I understand your tutorial, you are installing the VPN server *and* client on the same system here, yes?
If so, I completely fail to see the point of that. My machine is already in my home network, I don’t need to use a VPN to got into it from the outside. It’ll add nothing at all to my privacy and won’t give me the ability to circumvent geo-restrictions, because the location of the server is the same and I am using the same internet connection.
If I’m wrong, then you’ve done a poor job of explaining which of the setup work needs to be done on server and client machines respectively and to specify that they would be in different locations (which the local ip address used in your scp command is not suggesting).
Hey Ben OPP, Thank you much for your opinion.
Your question is a little complex to answer. Let me get you the gist. one of the major purposes of using a VPN is hiding your geolocation. So why would I write an article where the geolocation remains the same.
When you run the ‘sudo bash openvpn-install.sh’ command, you will find options to set your DNS server, IP encryption and other necessary setiings.
I have used the same machine to install the both server and client because when you write an article, you might not have multiple serves remotely located around you. I think I have made my points clear. If you have multiple server and Pc, you can go ahead. But yet, you can install the server and client at the same mahchine and get the option to hide youe geolocation. Thank you.