How to Create a Secure VPN with OpenVPN and Linux

Introduction#

In today’s digital age, online security and anonymity are crucial for individuals and businesses alike. One effective way to achieve this is by setting up a Virtual Private Network (VPN). In this article, we’ll guide you through creating a secure VPN using OpenVPN and Linux. This project is perfect for those interested in tech experiments and digital projects.

Prerequisites#

Before you begin, make sure you have the following:

• A Linux distribution (we’ll use Ubuntu as an example)
• A static IP address or a dynamic DNS service
• A reliable internet connection
• Basic knowledge of Linux and networking concepts

Installing OpenVPN#

To start, you’ll need to install OpenVPN on your Linux system. You can do this by running the following command in your terminal:

sudo apt-get install openvpn

This will install the OpenVPN server and client packages.

Generating Certificates and Keys#

To secure your VPN, you’ll need to generate certificates and keys for authentication. You can use the easy-rsa package to do this. First, install it:

sudo apt-get install easy-rsa

Then, create a new directory for your certificates and keys:

sudo mkdir /etc/openvpn/easy-rsa

Next, copy the easy-rsa configuration files to the new directory:

sudo cp -r /usr/share/easy-rsa/* /etc/openvpn/easy-rsa

Now, you can generate the certificates and keys:

sudo /etc/openvpn/easy-rsa/easyrsa init-pki
sudo /etc/openvpn/easy-rsa/easyrsa build-client-full client1 nopass
sudo /etc/openvpn/easy-rsa/easyrsa build-server-full server1 nopass

Configuring OpenVPN#

Next, you’ll need to configure the OpenVPN server. Create a new file called server.conf in the /etc/openvpn directory:

sudo nano /etc/openvpn/server.conf

Add the following configuration:

port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server1.crt
key /etc/openvpn/easy-rsa/pki/private/server1.key
dh /etc/openvpn/easy-rsa/pki/dh.pem
topology subnet
server 10.8.0.0 255.255.255.0

Save and close the file.

Starting the OpenVPN Server#

To start the OpenVPN server, run the following command:

sudo systemctl start openvpn@server

Connecting to the VPN#

To connect to the VPN, create a new file called client.conf in the /etc/openvpn directory:

sudo nano /etc/openvpn/client.conf

Add the following configuration:

client
dev tun
proto udp
remote <server_ip> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/client1.crt
key /etc/openvpn/easy-rsa/pki/private/client1.key

Replace <server_ip> with the IP address of your OpenVPN server.

Save and close the file. Then, start the OpenVPN client:

sudo systemctl start openvpn@client

Conclusion#

In this article, we’ve walked you through the process of creating a secure VPN with OpenVPN and Linux. With this setup, you can enjoy secure and private browsing, perfect for individuals and businesses who value online security and anonymity. Remember to always follow best practices for securing your VPN and keeping your certificates and keys safe. Happy experimenting!