How to Install OpenVPN on Ubuntu Linux VPS

This post is in continuation of my earlier post where we discussed how to install OpenVPN on Centos Linux VPS  . Today i am going to graphically show you how to install OpenVPN on a Ubuntu VPS . In this post i will be omitting some very basic steps like installing putty and openvpn  client on Windows , editing files with vi text editor etc and transferring files through winscp . You may refer to the earlier post i mentioned for these basic steps . Here is what you will require to accomplish this installation of OpenVPN on Ubuntu :

  • An OpenVZ  VPS with minimum 64 MB ( preferably 128 MB ) RAM with vanilla install of Ubuntu 11.04 OS. I tested this tuotorial with Ubuntu 11.04 , though i have all the reasons to believe that it should work for other ubuntu versions as well. You must be having root access to the VPS. You can get cheap VPS under $20 per year easily . For some very cheap offers you can find this site very  useful.
  • Putty for connecting remotely with your VPS
  • Winscp for tranferring certificates and key files to your computer.
  • OpenVPN client for your computer.
With this small introduction we begin our ‘long’  journey of installing OpenVPN on a Ubuntu VPS.
UPDATE: ( If you get stuck at any point, it is likely that the package versions mentioned in these commands have been replaced by a newer version. Try to replace the version number with a newer version. For example in this command cd /etc/openvpn/easy-rsa/2.0/    the new version number might be 2.1 or 2.2 or whatever. Google for the latest version and you should be good to go to install OpenVPN on Ubuntu. I will try to refresh this tutorial when i get some free time. But basically the commands will remain same.)

Step One: Connect to your computer through putty as root and issue the following commands ( one by one ) to update your Ubuntu installation and packages.

apt-get update

apt-get upgrade –show-upgraded



Step Two: Install Ubuntu OpenVPN server by issuing the following command in Putty Window.

apt-get install openvpn udev



Step Three : Ubuntu OpenVPN comes with encryption tool called Easy RSA and we need to copy relevant files to the OpenVPN directory. Issue the following command in the Putty Window.

cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn

Step Four: Next we are going to initiate the Public Key Infrastructure ( PKI ) and build Certificate Authority which we will use to create keys and certificates for Server and clients of OpenVPN. Issue the following commands.

cd /etc/openvpn/easy-rsa/2.0/

. /etc/openvpn/easy-rsa/2.0/vars

. /etc/openvpn/easy-rsa/2.0/clean-all

. /etc/openvpn/easy-rsa/2.0/build-ca

The last command will initiate a script that will ask for values. Just keep on hitting the Enter button on your computer and accept the default values except the email which you would like to change , though it is not very critical.


Step Five: Next we need to create Server Key using the Certificate Authority we built in Step Four of installing OpenVPN on Ubuntu. Issue the following command in the putty window and just keep on hitting Enter button at prompts ( optionally you might want to change the email ) :

. /etc/openvpn/easy-rsa/2.0/build-key-server server


Similarly we also need to create client key by using the following command in Putty terminal window:

. /etc/openvpn/easy-rsa/2.0/build-key client1


Step Six : We need to generate Deffie Hellman Parameters which will be governing the key exchanges between the client and the server of Ubuntu OpenVPN. Issue the following command in Putty Terminal window.

. /etc/openvpn/easy-rsa/2.0/build-dh


Step Seven : Next we need to relocate the keys from  /etc/openvpn/easy-rsa/2.0/keys to /etc/openvpn directory by using the following commands in the Putty window :

cd /etc/openvpn/easy-rsa/2.0/keys

cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn


Step Eight : In this step we are going to configure the Virtual Private Network by altering certain configuring files that come as default with the the installation of OpenVPN on Ubuntu. Here we will need to use the linux text editor named vi . It is very easy to use all you have to remember is that in order to enter Insert Mode ( editing mode ) , you will need to press i on your keyboard. To come out of the insert mode and save the changes you will press Escape button your  keyboard and then type :wq and press enter. Issue the following commands one by one in the Putty Window :

cd /usr/share/doc/openvpn/examples/sample-config-files

gunzip -d server.conf.gz

cp server.conf /etc/openvpn/

cp client.conf ~/

cd ~/

vi client.conf

Edit the client.conf file at two locations :

Enter the IP address of your Ubuntu VPS and rename client.crt an client.key files to client1.crt and client1.key .



Step Nine : Now is the time to start the Ubuntu OpenVPN Server . Use the following command in the Putty terminal window :

/etc/init.d/openvpn start


Step Ten : In this step we are going to do necessary amendments to tunnel all traffic through the OpenVPN server on the VPS.  We need to amend certain files .

First issue the following command and edit server.conf file.

vi  /etc/openvpn/server.conf

uncomment the following line

push “redirect-gateway def1 bypass-dhcp”

and then add the following line

push “dhcp-option DNS”



Step Eleven : Next we need to edit /etc/sysctl.conf file .

Issue the following command

 vi /etc/sysctl.conf

and uncomment the following line



Next we issue the following command in the

echo 1 > /proc/sys/net/ipv4/ip_forward

Next issue the following commands to configure Iptables one by one:

iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s -j SNAT –to-source YourVPSIP

(Insert your vps Ip in place of red text before issuing last command.)


Next issue the following command to edit /etc/rc.local file and add the iptables rules in there :

vi /etc/rc.local

iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s -j SNAT –to-source YourVPSIP

(Again remember to Insert your vps Ip in place of red text before issuing last command.)

Finally restart the Ubuntu OpenVPN server by the following command in putty terminal window :

/etc/init.d/openvpn restart


Step Twelve : Next we transfer the following four files from VPS Ubuntu OpenVPN server to client machine where you would install openvpn client and transfer those files to config directory of OpenVPN . You can refer to my earlier post  (step 9 and Step 15 ) for Installation of OpenVPN on Centos for instructions on how to transfer the files through WinScp towards the end of the article. With these minor steps of transferring key files to your client computer , we have successfully installed OpenVPN on Ubuntu VPS .

And finally you will be able to test your IP through or other similar sites and if the reported IP is that of your VPS , then you have followed my tutorial in true spirit  and successfully installed OpenVPN on Ubuntu. You will be able to watch the geo restricted content then and bypass any filters your ISP or government may have imposed like i was able to watch Hulu though i am in Pakistan . This is a free world and internet is born to be free without any restrictions.



This was all about it . And believe you me , it is as simple as it gets and you wont find any tutorial on the internet simpler than this to install OpenVPN on Ubuntu .