{"id":3735,"date":"2017-11-17T14:07:09","date_gmt":"2017-11-17T19:07:09","guid":{"rendered":"https:\/\/www.globo.tech\/learning-center\/?p=3735"},"modified":"2017-11-17T14:07:09","modified_gmt":"2017-11-17T19:07:09","slug":"install-update-openvpn-u16","status":"publish","type":"post","link":"https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/","title":{"rendered":"How to Install & Update OpenVPN on Ubuntu 16"},"content":{"rendered":"

How to Install & Update OpenVPN on Ubuntu 16<\/h1>\n
\n
\n

Using OpenVPN allows you to securely and safely access the internet, especially when you’re connected to a public or untrusted network. OpenVPN is a solution that will enable you to create a wide array of network configurations; the configurations allow customized private network solutions that can meet a variety of needs. OpenVPN is an open-source software that employs Secure Socket Layer (SSL) protocols for additional security.<\/p>\n<\/div>\n

\n\"Update<\/a>\n<\/div>\n<\/div>\n

OpenVPN allows authentication through pre-shared secret keys, certificates, or a username and password combination. Through this authentication, secure point-to-point connections are established with high-level encryption protocols.<\/p>\n

Getting Started<\/h2>\n

When you decide to install and update OpenVPN on Ubuntu 16.04, you will first need a node running Linux Ubuntu 16.04 LTS; the node you choose can be on a cloud server<\/a><\/strong> or a dedicated server<\/a><\/strong>. It’s important to verify that your operating system is running the most recent version, including any updates or patches that may need to be installed.<\/p>\n

Update OpenVPN on Ubuntu 16<\/h2>\n

The first step in any successful implementation is updating the system, verifying that all necessary updates have been pushed and the install itself is clean. You can check this by running the following commands:
\n$ apt-get update
\n$ apt-get upgrade <\/code><\/p>\n

Once the updates are pushed, you can then proceed with installing OpenVPN and EasyRSA on your node:
\n$ apt-get install openvpn easy-rsa <\/code><\/p>\n

Now that OpenVPN and EasyRSA have been installed, it’s time to set up the CA Directory and then move to it:
\n$ make-cadir ~\/openvpn-ca && cd ~\/openvpn-ca <\/code><\/p>\n

You will need to edit the vars file to match the information you have:
\n$ nano vars <\/code>
\nexport KEY_COUNTRY=\"US\"
\nexport KEY_PROVINCE=\"CA\"
\nexport KEY_CITY=\"SanFrancisco\"
\nexport KEY_ORG=\"Fort-Funston\"
\nexport KEY_EMAIL=\"me@myhost.mydomain\"
\nexport KEY_OU=\"MyOrganizationalUnit\"<\/code><\/p>\n

If needed or if you choose, you can edit the keyname as well:
\nexport KEY_NAME=\"server\"<\/code><\/p>\n

After setting up the directory, editing the vars file, and editing the keyname if you chose to do so, it’s time to build the CA Authority:
\n$ source vars
\n$ .\/clean-all
\n$ .\/build-ca <\/code><\/p>\n

At this point you will receive a set of prompts, you may type Enter at each prompt.<\/p>\n

When the prompts have completed, it’s time to create the server certificate, the key, and the encryption files. If you opted to change the KEY_NAME value earlier, you would need to verify that you’re building the correct key at this time:
\n$ .\/build-key-server server<\/code><\/p>\n

Make sure to accept the default entry during the build.<\/p>\n

Now it’s time to generate the DH Key:
\n$ .\/build-dh <\/code><\/p>\n

After generating the DH Key, the TLS Key will need to be generated:
\n$ openvpn --genkey --secret keys\/ta.key<\/code><\/p>\n

There are two options for building a certificate here, once that generates a password and one that does not create a password.<\/p>\n

No Password Option<\/strong>
\nIt’s time to generate a client key pair and certificate, replacing “client” with the name of your generated certificate:
\n$ cd ~\/openvpn-ca
\n$ source vars
\n$ .\/build-key client<\/code><\/p>\n

Password Option<\/strong>
\nIf you would prefer to have a password assigned to your certificate during this build, follow the below commands:
\n$ cd ~\/openvpn-ca
\n$ source vars
\n$ .\/build-key-pass client<\/code><\/p>\n

Now that the certificate has been built, with or without a password, the OpenVPN server can be configured. During this configuration, make sure to match KEY_NAME with the correct name:
\n$ cd ~\/openvpn-ca\/keys
\n$ cp ca.crt server.crt server.key ta.key dh2048.pem \/etc\/openvpn
\n$ gunzip -c \/usr\/share\/doc\/openvpn\/examples\/sample-config-files\/server.conf.gz | tee \/etc\/openvpn\/server.conf<\/code><\/p>\n

We need to edit the openvpn.conf file to continue the configuration, following all of the steps and commands outlined below, as applicable:
\n$ nano \/etc\/openvpn\/server.conf<\/code><\/p>\n

Once the edits are complete, it’s time to configure the server to forward traffic through the VPN:
\n$ nano \/etc\/sysctl.conf<\/code>
\nadd:
\nnet.ipv4.ip_forward=1<\/code>
\nReload sysctl
\n$ sysctl -p<\/code>
\nFirst, we need to locate the primary interface:
\n$ ip route | grep default
\ndefault via 192.168.65.254 dev eth0 onlink<\/code><\/p>\n

After the primary interface is located, the UFW rules will need to be altered:
\n$ nano \/etc\/ufw\/before.rules<\/code>
\n# START OPENVPN RULES
\n# NAT table rules
\n*nat
\n:POSTROUTING ACCEPT [0:0]
\n# Allow traffic from OpenVPN client to eth0 (change to the interface you discovered!)
\n-A POSTROUTING -s 10.8.0.0\/8 -o eth0 -j MASQUERADE
\nCOMMIT
\n# END OPENVPN RULES<\/code><\/p>\n

During this alteration, the default UFW rules will also need to be edited:
\n$ nano \/etc\/default\/ufw<\/code>
\nDEFAULT_FORWARD_POLICY=\"ACCEPT\"<\/code><\/p>\n

When the necessary edits are complete, it’s time to open the firewall port on OpenVPN:
\n$ ufw allow 1194\/udp
\n$ ufw allow OpenSSH
\n$ ufw disable
\n$ ufw enable<\/code><\/p>\n

It’s time to start and enable the OpenVPN server. When the server is enabled, make sure to check the server status:
\n$ systemctl start openvpn@server
\n$ systemctl enable openvpn@server
\n$ systemctl status openvpn@server<\/code><\/p>\n

We need to create the client configuration file, making a few minor edits and adding some comments:
\n$ mkdir -p ~\/client-configs\/files
\n$ chmod 700 ~\/client-configs\/files
\n$ cp \/usr\/share\/doc\/openvpn\/examples\/sample-config-files\/client.conf ~\/client-configs\/base.conf
\n$ nano ~\/client-configs\/base.conf<\/code>
\nEdit the following lines:
\nremote server_IP_address 1194
\nproto udp
\nuser nobody
\ngroup nogroup<\/code>
\nComment out these lines by adding “#”:
\n#ca ca.crt
\n#cert client.crt
\n#key client.key<\/code>
\nThen add:
\ncipher AES-128-CBC
\nauth SHA256
\nkey-direction 1<\/code><\/p>\n

After completing the edits and comments, you will need to create a script that generates the config file, making sure to run the following commands and include any necessary changes:
\n$ nano ~\/client-configs\/make_config.sh<\/code>
\nThen add:
\nKEY_DIR=~\/openvpn-ca\/keys
\nOUTPUT_DIR=~\/client-configs\/files
\nBASE_CONFIG=~\/client-configs\/base.conf<\/code>
\ncat ${BASE_CONFIG} \\
\n <(echo -e '') \\
\n ${KEY_DIR}\/ca.crt \\
\n <(echo -e '<\/ca>\\n') \\
\n ${KEY_DIR}\/${1}.crt \\
\n <(echo -e '<\/cert>\\n') \\
\n ${KEY_DIR}\/${1}.key \\
\n <(echo -e '<\/key>\\n') \\
\n ${KEY_DIR}\/ta.key \\
\n <(echo -e '<\/tls-auth>') \\
\n > ${OUTPUT_DIR}\/${1}.ovpn<\/code>
\nChange the permissions:
\nchmod 700 ~\/client-configs\/make_config.sh<\/code><\/p>\n

Finally, it’s time to generate the client file:
\ncd ~\/client-configs
\n.\/make_config.sh client_name<\/code>
\nYou should be able to access the client file:
\nls ~\/client-configs\/files<\/code><\/p>\n

Conclusion<\/h2>\n

Congratulations, you’ve successfully installed and updated OpenVPN on your node running Ubuntu 16.04 LTS. You’re now ready to run your OpenVPN instance and begin securely connecting and transmitting data over a variety of networks; make sure to update OpenVPN as needed or when critical updates are pushed. If you found this guide helpful, please share it with other users engaging in similar setups. <\/p>\n","protected":false},"excerpt":{"rendered":"

How to Install & Update OpenVPN on Ubuntu 16 Using OpenVPN allows you to securely and safely access the internet, especially when you’re connected to a public or untrusted network. OpenVPN is a solution that will enable you to create a wide array of network configurations; the configurations allow customized private network solutions that can<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[74],"tags":[],"class_list":["post-3735","post","type-post","status-publish","format-standard","hentry","category-networking","operating_system-ubuntu-16-04"],"yoast_head":"\nHow to Install & Update OpenVPN on Ubuntu 16 - Globo.Tech<\/title>\n<meta name=\"description\" content=\"Using OpenVPN allows you to securely access the internet, especially when you're connected to a public network. To install and update OpenVPN on Ubuntu...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Install & Update OpenVPN on Ubuntu 16 - Globo.Tech\" \/>\n<meta property=\"og:description\" content=\"Using OpenVPN allows you to securely access the internet, especially when you're connected to a public network. To install and update OpenVPN on Ubuntu...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/\" \/>\n<meta property=\"og:site_name\" content=\"Globo.Tech\" \/>\n<meta property=\"article:published_time\" content=\"2017-11-17T19:07:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2017\/11\/openvpn_logo.png\" \/>\n<meta name=\"author\" content=\"GloboTech Communications\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"GloboTech Communications\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/\",\"url\":\"https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/\",\"name\":\"How to Install & Update OpenVPN on Ubuntu 16 - Globo.Tech\",\"isPartOf\":{\"@id\":\"https:\/\/www.globo.tech\/learning-center\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2017\/11\/openvpn_logo.png\",\"datePublished\":\"2017-11-17T19:07:09+00:00\",\"author\":{\"@id\":\"https:\/\/www.globo.tech\/learning-center\/#\/schema\/person\/e17784b37f4a4f49b7bc611847912e87\"},\"description\":\"Using OpenVPN allows you to securely access the internet, especially when you're connected to a public network. To install and update OpenVPN on Ubuntu...\",\"breadcrumb\":{\"@id\":\"https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/#primaryimage\",\"url\":\"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2017\/11\/openvpn_logo.png\",\"contentUrl\":\"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2017\/11\/openvpn_logo.png\",\"width\":208,\"height\":54,\"caption\":\"Update OpenVPN\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.globo.tech\/learning-center\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Install & Update OpenVPN on Ubuntu 16\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.globo.tech\/learning-center\/#website\",\"url\":\"https:\/\/www.globo.tech\/learning-center\/\",\"name\":\"Globo.Tech\",\"description\":\"Welcome to the Official Globo.Tech Learning Center\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.globo.tech\/learning-center\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.globo.tech\/learning-center\/#\/schema\/person\/e17784b37f4a4f49b7bc611847912e87\",\"name\":\"GloboTech Communications\",\"sameAs\":[\"http:\/\/www.gtcomm.net\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Install & Update OpenVPN on Ubuntu 16 - Globo.Tech","description":"Using OpenVPN allows you to securely access the internet, especially when you're connected to a public network. To install and update OpenVPN on Ubuntu...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/","og_locale":"en_US","og_type":"article","og_title":"How to Install & Update OpenVPN on Ubuntu 16 - Globo.Tech","og_description":"Using OpenVPN allows you to securely access the internet, especially when you're connected to a public network. To install and update OpenVPN on Ubuntu...","og_url":"https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/","og_site_name":"Globo.Tech","article_published_time":"2017-11-17T19:07:09+00:00","og_image":[{"url":"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2017\/11\/openvpn_logo.png","type":"","width":"","height":""}],"author":"GloboTech Communications","twitter_misc":{"Written by":"GloboTech Communications","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/","url":"https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/","name":"How to Install & Update OpenVPN on Ubuntu 16 - Globo.Tech","isPartOf":{"@id":"https:\/\/www.globo.tech\/learning-center\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/#primaryimage"},"image":{"@id":"https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/#primaryimage"},"thumbnailUrl":"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2017\/11\/openvpn_logo.png","datePublished":"2017-11-17T19:07:09+00:00","author":{"@id":"https:\/\/www.globo.tech\/learning-center\/#\/schema\/person\/e17784b37f4a4f49b7bc611847912e87"},"description":"Using OpenVPN allows you to securely access the internet, especially when you're connected to a public network. To install and update OpenVPN on Ubuntu...","breadcrumb":{"@id":"https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/#primaryimage","url":"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2017\/11\/openvpn_logo.png","contentUrl":"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2017\/11\/openvpn_logo.png","width":208,"height":54,"caption":"Update OpenVPN"},{"@type":"BreadcrumbList","@id":"https:\/\/www.globo.tech\/learning-center\/install-update-openvpn-u16\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.globo.tech\/learning-center\/"},{"@type":"ListItem","position":2,"name":"How to Install & Update OpenVPN on Ubuntu 16"}]},{"@type":"WebSite","@id":"https:\/\/www.globo.tech\/learning-center\/#website","url":"https:\/\/www.globo.tech\/learning-center\/","name":"Globo.Tech","description":"Welcome to the Official Globo.Tech Learning Center","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.globo.tech\/learning-center\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.globo.tech\/learning-center\/#\/schema\/person\/e17784b37f4a4f49b7bc611847912e87","name":"GloboTech Communications","sameAs":["http:\/\/www.gtcomm.net"]}]}},"_links":{"self":[{"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/posts\/3735","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/comments?post=3735"}],"version-history":[{"count":9,"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/posts\/3735\/revisions"}],"predecessor-version":[{"id":3747,"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/posts\/3735\/revisions\/3747"}],"wp:attachment":[{"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/media?parent=3735"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/categories?post=3735"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/tags?post=3735"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}