How to Install OpenVPN on Ubuntu-20.04
Environment
Device : Odroid-HC2
OS : Ubuntu-20.04
Host : test(192.168.101.100/24)
VPN Network : 10.8.0.0/24
File Info
ca.crt : CA(Certificate Authority) crt File
dh2048.pem : DH(Diffie-Hellman) parameters File
ta.key : tls-auth key File
test.key : OpenVPN Server key File
test.crt : OpenVPN Server crt File
test.conf : Server Configuration File
test-1.key : OpenVPN Client-1 key File
test-1.crt : OpenVPN Client-1 crt File
test-1.ovpn : OpenVPN Client-1 Configuration File
test-2.key : OpenVPN Client-2 key File
test-2.crt : OpenVPN Client-2 crt File
test-2.ovpn : OpenVPN Client-2 Configuration File
1. Create vpn account
$ sudo adduser vpn
$ sudo nano /etc/group
$ su vpn
$ cd ~
2. Install Openvpn
$ sudo apt install openvpn easy-rsa -y
3. Generate of the CA(Certificate Authority)
$ ls
$ make-cadir easy-rsa
$ ls
$ cd easy-rsa
$ cp vars vars.orig
$ nano vars
Chanage Connfiguration
#set_var EASYRSA_REQ_COUNTRY "US"
#set_var EASYRSA_REQ_PROVINCE "California"
#set_var EASYRSA_REQ_CITY "San Francisco"
#set_var EASYRSA_REQ_ORG "Copyleft Certificate Co"
#set_var EASYRSA_REQ_EMAIL "me@example.net"
#set_var EASYRSA_REQ_OU "My Organizational Unit
==>
set_var EASYRSA_REQ_COUNTRY "US"
set_var EASYRSA_REQ_PROVINCE "NY"
set_var EASYRSA_REQ_CITY "NY"
set_var EASYRSA_REQ_ORG "TEST"
set_var EASYRSA_REQ_EMAIL "test@test.com"
set_var EASYRSA_REQ_OU "TEST"
$ ./easyrsa init-pki
$ ./easyrsa build-ca
$ cp ./pki/ca.crt ~/
4. Generate the server key and certificate request
$ ./easyrsa gen-req test nopass
$ ./easyrsa sign-req server test
$ cp ./pki/private/test.key ./pki/issued/test.crt ~/
5. Generate the DH(Diffie-Hellman) parameters
$ ./easyrsa gen-dh
$ cp ./pki/dh.pem ~/dh2048.pem
6. Generate the tls-auth key (ta.key)
$ openvpn --genkey --secret ta.key
$ cp ./ta.key ~/
7. Setup IP Forward
$ sudo cp /etc/sysctl.conf /etc/sysctl.conf.orig
$ sudo nano /etc/sysctl.conf
Chanage Configuration/h10>
#net.ipv4.ip_forward=1
==>
net.ipv4.ip_forward=1
$ sudo sysctl -p
8. Setup Sever configuration
$ cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz ./
$ gzip -d server.conf.gz
$ cp server.conf test.conf
$ nano test.conf
Chanage Configuration
cert server.crt
key server.key # This file should be kept secret
==>
cert test.crt
key test.key # This file should be kept secret
server 10.8.0.0 255.255.255.0
==>
server 10.8.0.0 255.255.255.0
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
==>
push "route 192.168.101.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;push "redirect-gateway def1 bypass-dhcp"
==>
push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
==>
push "dhcp-option DNS 192.168.101.210"
push "dhcp-option DNS 8.8.8.8"
;user nobody
;group nogroup
==>
;user nobody
;group nogroup
$ cp test.conf ~/
9. Generate the Client key and certificate request
Generate the Client-1 key and certificate request
$ ./easyrsa gen-req test-1 nopass
$ ./easyrsa sign-req client test-1
$ cp ./pki/issued/test-1.crt pki/private/test-1.key ~/
Generate the Client-2 key and certificate request
$ ./easyrsa gen-req test-2 nopass
$ ./easyrsa sign-req client test-2
$ cp ./pki/issued/test-2.crt pki/private/test-2.key ~/
10. Setup Client configuration
Environment
Remote Server : XXX.XXXX.XXX
Remote Port : YYYY
$ cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ./
$ cp client.conf ~/test-1.ovpn
$ cp client.conf ~/test-2.ovpn
$ cd ~/
$ nano test-1.opvn
Chanage Configuration
remote my-server-1 1194
==>
remote XXX.XXXX.XXX YYYY
;user nobody
;group nogroup
==>
;user nobody
;group nogroup
cert client.crt
key client.key
==>
cert test-1.crt
key test-1.key
$ nano test-1.opvn
Chanage Configuration
remote my-server-1 1194
==>
remote XXX.XXXX.XXX YYYY
;user nobody
;group nogroup
==>
;user nobody
;group nogroup
cert client.crt
key client.key
==>
cert test-2.crt
key test-2.key
11. Activate OpenVPN Server
$ sudo ls /etc/openvpn/
$ sudo cp ca.crt dh2048.pem ta.key test*.* /etc/openvpn/
$ sudo ls /etc/openvpn/
$ sudo systemctl start openvpn@test
$ sudo journalctl -u openvpn@test -xe
12. Install OpenVPN Client
Setup Sever Netawork GW
Copy File to Client
Install OpenVPN App on Client