OpenVPN provides a secure and encrypted VPN tunnel across public network. Unlike PPTP and L2TP VPN Services which can be blocked, OpenVPN can highly be customized and even can be run over so popular TCP Port 443. So, OpenVPN cannot easily be blocked. OpenVPN uses SSL/TLS Certificates. So, OpenVPN Tunnel is a trusted tunnel to send and receive data across public network.

OpenVPN Server can easily install on Ubuntu Server. Installing OpenVPN Server on Ubuntu Server, we can connect Windows, Linux, MacOS or MikroTik RouterOS as OpenVPN client and can transmit data securely over public network.

The goal of this article is to configure OpenVPN Server over TCP or UDP port 443 and then connect Windows, Linux, RouterOS, MacOS and Android OpenVPN client for transmitting data securely over public network.

Installing OpenVPN Server on Ubuntu Server 20.04

OpenVPN Server installation and configuration on Ubuntu Server is not so difficult but we have to have UpToDate Ubuntu Server Installed. If you have Ubuntu Server installed before, issue the following command to update your Ubuntu Server.

$ sudo apt update

$ sudo apt upgrade

We also should have proper network configuration in Ubuntu Server. To access OpenVPN Server globally, we have to have Public IP address but for demo purpose I am using Private IP address. But it will not affect our configuration. Just replace your Public IP address with my Private IP address. There will be no issue logically.

To show configured IP address, issue the following command and remember or write-down the IP address.

$ ifconfig

ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 172.22.2.100  netmask 255.255.255.0  broadcast 172.22.2.255

        inet6 fe80::250:56ff:fe9d:d9fe  prefixlen 64  scopeid 0x20<link>

        ether 00:50:56:9d:d9:fe  txqueuelen 1000  (Ethernet)

        RX packets 13748273  bytes 2464567366 (2.4 GB)

        RX errors 0  dropped 20681  overruns 0  frame 0

        TX packets 58393  bytes 4758690 (4.7 MB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

The above command is showing that my IP address is 172.22.2.100. So, you find out your IP address and write-down it for upcoming configuration. 

For OpenVPN configuration we will use a GitHub script which will help to install and configure OpenVPN Server within five minutes. So, issue the following command to download GitHub script in your Server Machine.

$ wget https://git.io/vpn -O openvpn-install.sh

Note: if find that wget utility is not installed in your system, install it first and then run the above command.

The script file is now in your working directory but before run the script we need to provide execute permission. So, issue the following command to provide execute permission.

$ sudo chmod +x openvpn-install.sh

The script is now executable and ready to run. So, issue the following command to run the script.

$ sudo bash openvpn-install.sh

The above command will ask the following configuration information. Put that information according to your need.

• Protocol: Protocol that will be used by OpenVPN Server. It will be either UDP or TCP. Default and recommended is UDP but we will use TCP because we will configure OpenVPN over TCP/443.
• Port: OpenVPN listening port. Default is 1194 but we will use 443.
• DNS Servers: DNS Servers for the clients. Default is current system resolvers but I am using Google’s DNS Server which is safe.
• First Client: First client name. A client configuration file for this client will be generated. We will download that generated file and upload for client configuration. As our first client will be a Windows machine, I am naming it as windows but you can name it whatever you like.

OpenVPN script is now ready to install and ask to press any key to continue. So, press any key to continue OpenVPN Server installation on Ubuntu Server.

Within minute the OpenVPN Server will be installed and a client configuration file for the given name will be generated in /root/ directory.

OpenVPN Server Administration

The default OpenVPN Server instance is Server and its configuration file is /etc/openvpn/server/server.conf . There is no need to change the default configuration but if require we can change the configuration from this file.

If you change configuration file or need to restart the OpenVPN Server, issue the following command.

$ sudo systemctl restart openvpn-server@server.service

If you need to stop the OpenVPN Server, issue the following stop command.

$ sudo systemctl stop openvpn-server@server.service

And to start the OpenVPN Server, issue the start command.

$ sudo systemctl start openvpn-server@server.service

Similarly we can show the OpenVPN Server status with the status command.

$ sudo systemctl status openvpn-server@server.service

Firewall Configuration for OpenVPN Server

If you use host base firewall like Firewalld or UFW in your Ubuntu Server, you have to open TCP port 443 because we have configured OpenVPN Server on TCP/443 port. Otherwise, OpenVPN client cannot communicate with OpenVPN Server.

Downloading OpenVPN Client Configuration File from Ubuntu Server

OpenVPN configuration script generates first client configuration file while installing OpenVPN Server in /root directory. So, we have to download this file from this location before configuring OpenVPN client because this file has to be uploaded in OpenVPN client software.

As /root directory cannot be accessed without super user, first switch to super user and copy file to current user’s desktop and then download the client configuration file with FTP or WinSCP or OpenSSH client software.  

Adding New OpenVPN Client

If we need to create more clients, we can do it just running the script again like the following command.

$ sudo bash openvpn-install.sh

The above command will now open the following menu item.

All the options are self-explanatory. So, to add a new client, select the first option. It will now ask to provide the client name.

Provide a name for the client:

Name: android

Provide the client name that you wish and the script will generate another client file in /root directory. Similarly we can create as many clients as we required.

OpenVPN Server on Ubuntu Server is now ready and we can connect Windows, Linux, MacOS, RouterOS and Android client and can communicate securely across public network.

In the next tutorial, we will configure OpenVPN client in the following Operating System.

• OpenVPN Client Configuration on Windows 10/11
• OpenVPN Client Configuration on Linux
• OpenVPN Client Configuration on Android
• OpenVPN Client Configuration on MacOS
• OpenVPN Client Configuration on RouterOS.

How to install and configure OpenVPN Server on Ubuntu Server has been discussed in this article. I hope you will now be able to install and configure OpenVPN Server in Ubuntu Server without any difficulty. However, if you face any confusion, feel free to discuss in comment or contact me from Contact page. I will try my best to stay with you.