Ubuntu 20.04 x86 openVPN

Enable Root (ignore it, it is unsafe to use Root. I keep it to remind myself how wrong this is). Go directly to “Install VPN and Configure it “

sudo passwd root

su root

Enable root login over SSH

sudo nano /etc/ssh/sshd_config

add line

PermitRootLogin yes

Save and exit the file

systemctl restart sshd

Install VPN and Configure it

download this script as ubuntu user

wget https://git.io/vpn -O openvpn-install.sh

Enable Key-phase Authentication

find the lines of creating SSL certificate in the script and remove “nopass”

$ grep -n '"$client" nopass' openvpn-install.sh
241:	EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-client-full "$client" nopass
458:			EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-client-full "$client" nopass

Use nano to open the .sh file and remove “nopass” from line 241 and 458.

Running openvpn-install.sh to install OpenVPN server

chmod +x openvpn-install.sh   --makes it executable
bash openvpn-install.sh

Make sure you provide needed information

Welcome to this OpenVPN road warrior installer!

Which protocol should OpenVPN use?
   1) UDP (recommended)
   2) TCP
Protocol [1]: 1

What port should OpenVPN listen to?
Port [1194]: 

Select a DNS server for the clients:
   1) Current system resolvers
   2) Google
   3) 1.1.1.1
   4) OpenDNS
   5) Quad9
   6) AdGuard
DNS server [1]: 2

Enter a name for the first client:
Name [client]: anything

OpenVPN installation is ready to begin.
Press any key to continue...

this will create a file on root home directory anything.ovpn. Copy it to ubuntu user home directory.

cp the .ovpn to /home/ubuntu/ovpnusers

cd 
mkdir ovpnuser
sudo cp /root/anything.ovpn /home/ubuntu/ovpnuser

Download .ovpn file onto your local machine

# logoff from ssh 
exit
# execute this on your local machine. both windows or mac should work

scp ubuntu@server_id:/home/ubuntu/ovpnuser/anything.ovpn .
# this would download the anything.ovpn file to your current folder

Once you have the .ovpn file on your local machine, drag and drop it into your openvpn application.

Start the connection and enter the key-phase.

OpenVPN Maintenance

Update to the newest Version

to check the openvpn version

openvpn --version

Somehow, the openvpn is not in the ubuntu repo. At least not the newest version. But to stay secure, updated to the newest (stable) version is always a appreciated. Here is how. And here is official guide.

add repo to vm

sudo -s

curl -fsSL https://swupdate.openvpn.net/repos/repo-public.gpg | gpg --dearmor > /etc/apt/trusted.gpg.d/openvpn-repo-public.gpg


# watch out here <version> <osrelease>
echo "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/openvpn-repo-public.gpg] https://build.openvpn.net/debian/openvpn/<version> <osrelease> main" > /etc/apt/sources.list.d/openvpn-aptrepo.list

# I am running ubuntu 22.0.4, in my case I need 
echo "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/openvpn-repo-public.gpg] https://build.openvpn.net/debian/openvpn/stable jammy main" > /etc/apt/sources.list.d/openvpn-aptrepo.list

<version> <osrelease> need to be substringed,

Where <version> can be one of

stable: stable releases only – no alphas, betas or RCs
testing: latest releases, including alphas/betas/RCs
release/2.3: OpenVPN 2.3 releases
release/2.4: OpenVPN 2.4 releases, including alphas/betas/RCs
release/2.5: OpenVPN 2.5 releases, including alphas/betas/RCs
release/2.6: OpenVPN 2.6 releases, including alphas/betas/RCs

and <osrelease> depends your distribution:

stretch (Debian 9.x)
buster (Debian 10.x)
bullseye (Debian 11.x)
xenial (Ubuntu 16.04 LTS)
bionic (Ubuntu 18.04 LTS)
focal (Ubuntu 20.04 LTS)
jammy (Ubuntu 22.04 LTS)
kinetic (Ubuntu 22.10)

sudo apt update

sudo apt update

sudo apt upgrade

sudo apt upgrade

Regular Admin tasks

--run 
bash openvpn-install.sh

-- outputs ----
Looks like OpenVPN is already installed

What do you want to do?
   1) Add a cert for a new user
   2) Revoke existing user cert
   3) Remove OpenVPN
   4) Exit
Select an option [1-4]:

Final Step: Portforwarding

if you running this at home, like I am. The final step is going on to your router and under port forwarding, enable 1194 to your vpn server’s private ip address.

Enbale UFW to be sure 🙂

sudo ufw enable 
sudo ufw allow 22 -- for ssh and sftp
sudo ufw allow 1194 -- for openvpn 

# for ubuntu, no reload needed.

Read Logs about All VPN collection

grep VPN /var/log/syslog
-- for me it is 
grep chaoyuVPN /var/log/syslog

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.