Setup VPN access provisioning server on top of Ubuntu 18.04

Windows Articles

How to Update to MIUI 12 via Fastboot

Greetings friends. The new version of the Android-based operating system MIUI 12 released this year, is still being deployed with some devices missing. On...

How to use modprobe command?

The modprobe command is a Linux administration system created for management, visualization, inclusion and exclusion. From loadable modules to kernel. Also, the Module is...

Install Virtualmin on CentOS 8

Hello, friends. In this post, you will learn how to install Virtualmin on CentOS 8. In addition to that, we will leave it ready...

Different ways to open File Explorer in Windows 10

Hello! Certainly the archive scan is an essential element when it comes to controlling the contents. It is even so important, that there are...

How to setup WireGuard VPN with ubuntu 20.04

Here, we will learn today how to configure WireGuard VPN with Ubuntu 20.04. Wireguard® is an amazingly straightforward yet quick and present-day VPN that...

If you are looking for a solution that helps others to route their systems traffic via our local gateway(ISP) which acting like a proxy, then here is a free solution. This is called Virtual Private Networking (VPN) and once  users are connected, they have been assigned a private network which then ultimately enforce routing their local traffic via our VPN server to the actual destination. Of course, there are different use-cases people might look to achieve by deploying a VPN service and some of them are;

  • Encrypt outgoing traffic
  • Possible of traffic routing other than your local ISP

Getting Started

01. Installing the required packages

# apt-get update && apt-get install -y openvpn easy-rsa

02. Creating additional directory for hosting certificate which we later introduce

# mkdir -p /etc/openvpn/server/certs
# cd /etc/openvpn/server/certs

03. Build a CA & its Keys

# openssl genrsa -out ca.key 2048
# openssl req -new -x509 -days 3650 -key ca.key -out ca.crt


Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:la 
Locality Name (eg, city) []:la
Organization Name (eg, company) [Internet Widgits Pty Ltd]:osradar
Organizational Unit Name (eg, section) []:it
Common Name (e.g. server FQDN or YOUR name) []:vpn-server.osradar.com
Email Address []:

04. Lets generate our VPN service own certificates & Keys

# openssl genrsa -out vpn.key 2048
# openssl req -new -key vpn.key -out vpn.csr

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:la
Locality Name (eg, city) []:la
Organization Name (eg, company) [Internet Widgits Pty Ltd]:osradar
Organizational Unit Name (eg, section) []:it
Common Name (e.g. server FQDN or YOUR name) []:vpn-server.osradar.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# openssl x509 -req -in vpn.csr -out vpn.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365

Signature ok
subject=C = US, ST = la, L = la, O = osradar, OU = it, CN = vpn-server.osradar.com
# openssl dhparam -out dh2048.pem 2048

05. Configuring the Open VPN server

# vim /etc/openvpn/server/server.conf

port 443    
proto tcp    
dev tun    
server 10.11.0.0 255.255.255.0    
ca /etc/openvpn/server/keys/ca.crt    
cert /etc/openvpn/server/certs/vpn.crt    
key /etc/openvpn/server/certs/vpn.key    
dh /etc/openvpn/server/certs/dh2048.pem  
persist-key    
persist-tun    
keepalive 10 60    
reneg-sec 0    
comp-lzo    
tun-mtu 1468    
tun-mtu-extra 32    
mssfix 1400    
push "persist-key"    
push "persist-tun"    
push "redirect-gateway def1"    
push "dhcp-option DNS 8.8.8.8"    
push "dhcp-option DNS 8.8.4.4"    
status /etc/openvpn/443.log    
verb 3

06. Starting up the service

# systemctl start openvpn@server

07. Enable IPV4 routing between interfaces

# vim /etc/sysctl.d/60-ipv4-forward.conf

net.ipv4.ip_forward=1
# sysctl -p /etc/sysctl.d/60-ipv4-forward.conf

08. Changing the firewall rules

# vim /etc/ufw/before.rules

# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/16 -o main_nic -j MASQUERADE
COMMIT
# END OPENVPN RULES

main_nic => replace this with your outgoing NIC device name

Allow 443/tcp which we setup our VPN service

# ufw allow 443/tcp
# ufw disable
# ufw enable

09. Prepare user certificate. In the example below, I assume the username is bob.

# openssl genrsa -out bob.key 2048
# openssl req -new -key bob.key -out bob.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:LK
State or Province Name (full name) [Some-State]:CMB
Locality Name (eg, city) []:colombo
Organization Name (eg, company) [Internet Widgits Pty Ltd]:private
Organizational Unit Name (eg, section) []:it
Common Name (e.g. server FQDN or YOUR name) []:bob
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

 

10. Sign the user certificate using the CA certificate which we generated at step 03.

# openssl x509 -req -in bob.csr -out bob.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365

bob.crt should be shared with the user in order to them to launch OpenVPN client from their work-station.

Client Work-Station End.

11. Open the terminal and install the the required packages and then launch “nm-connection-editor”

# apt-get update && apt-get install -y network-manager-openvpn
$ nm-connection-editor

 

12. Setting up the VPN client profile

Click (+) Sign and then Select the OpenVPN option under the drop-down menu

 

 

That’s it. Now you can start newly created VPN connection which then initiate a encrypted tunnel between local station to the destination VPN server.

You can verify the result by looking at the IP address space

# ip addr show

“I hope this has been informative”

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to Update to MIUI 12 via Fastboot

Greetings friends. The new version of the Android-based operating system MIUI 12 released this year, is still being deployed with some devices missing. On...

How to use modprobe command?

The modprobe command is a Linux administration system created for management, visualization, inclusion and exclusion. From loadable modules to kernel. Also, the Module is...

Install Virtualmin on CentOS 8

Hello, friends. In this post, you will learn how to install Virtualmin on CentOS 8. In addition to that, we will leave it ready...

Different ways to open File Explorer in Windows 10

Hello! Certainly the archive scan is an essential element when it comes to controlling the contents. It is even so important, that there are...

How to setup WireGuard VPN with ubuntu 20.04

Here, we will learn today how to configure WireGuard VPN with Ubuntu 20.04. Wireguard® is an amazingly straightforward yet quick and present-day VPN that...
x