How to Install OpenVPN on Ubuntu-20.04



  Environment
    Device : Odroid-HC2
    OS : Ubuntu-20.04
    Host : test(192.168.101.100/24)
    VPN Network : 10.8.0.0/24





    File Info
      ca.crt : CA(Certificate Authority) crt File
      dh2048.pem : DH(Diffie-Hellman) parameters File
      ta.key : tls-auth key File
      test.key : OpenVPN Server key File
      test.crt : OpenVPN Server crt File
      test.conf : Server Configuration File
      test-1.key : OpenVPN Client-1 key File
      test-1.crt : OpenVPN Client-1 crt File
      test-1.ovpn : OpenVPN Client-1 Configuration File
      test-2.key : OpenVPN Client-2 key File
      test-2.crt : OpenVPN Client-2 crt File
      test-2.ovpn : OpenVPN Client-2 Configuration File


1. Create vpn account


$ sudo adduser vpn
$ sudo nano /etc/group
Chanage Connfiguration
sudo:x:27:odroid,test
==>
sudo:x:27:odroid,test,vpn
su vpn

2. Install Openvpn


$ sudo apt install openvpn easy-rsa -y
3. Generate of the CA(Certificate Authority)
$ ls
$ make-cadir easy-rsa
$ ls
$ cd easy-rsa
$ cp vars vars.orig
$ nano vars
Chanage Connfiguration
#set_var EASYRSA_REQ_COUNTRY    "US"
#set_var EASYRSA_REQ_PROVINCE   "California"
#set_var EASYRSA_REQ_CITY       "San Francisco"
#set_var EASYRSA_REQ_ORG        "Copyleft Certificate Co"
#set_var EASYRSA_REQ_EMAIL      "me@example.net"
#set_var EASYRSA_REQ_OU         "My Organizational Unit
==>
set_var EASYRSA_REQ_COUNTRY    "US"
set_var EASYRSA_REQ_PROVINCE   "NY"
set_var EASYRSA_REQ_CITY       "NY"
set_var EASYRSA_REQ_ORG        "TEST"
set_var EASYRSA_REQ_EMAIL      "test@test.com"
set_var EASYRSA_REQ_OU         "TEST"
$ ./easyrsa init-pki
$ ./easyrsa build-ca
$ cp ./pki/ca.crt ~/

4. Generate the server key and certificate request


$ ./easyrsa gen-req test nopass
$ ./easyrsa sign-req server test
$ cp ./pki/private/test.key ./pki/issued/test.crt ~/

5. Generate the DH(Diffie-Hellman) parameters


$ ./easyrsa gen-dh
$ cp ./pki/dh.pem ~/dh2048.pem

6. Generate the tls-auth key (ta.key)


$ openvpn --genkey --secret ta.key
$ cp ./ta.key ~/

7. Setup IP Forward


$ sudo cp /etc/sysctl.conf /etc/sysctl.conf.orig
$ sudo nano /etc/sysctl.conf
Chanage Configuration
#net.ipv4.ip_forward=1
==>
net.ipv4.ip_forward=1
$ sudo sysctl -p

8. Setup Sever configuration


$ cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz ./
$ gzip -d server.conf.gz
$ cp server.conf test.conf
$ nano test.conf
Chanage Configuration
cert server.crt
key server.key  # This file should be kept secret
==>
cert test.crt
key test.key  # This file should be kept secret
server 10.8.0.0 255.255.255.0
==>
server 10.8.0.0 255.255.255.0
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
==>
push "route 192.168.101.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;push "redirect-gateway def1 bypass-dhcp"
==>
push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
==>
push "dhcp-option DNS 192.168.101.210"
push "dhcp-option DNS 8.8.8.8"
;user nobody
;group nogroup
==>
;user nobody
;group nogroup
$ cp test.conf ~/

9. Generate the Client key and certificate request


Generate the Client-1 key and certificate request
$ ./easyrsa gen-req test-1 nopass
$ ./easyrsa sign-req client test-1
$ cp ./pki/issued/test-1.crt pki/private/test-1.key ~/
Generate the Client-2 key and certificate request
$ ./easyrsa gen-req test-2 nopass
$ ./easyrsa sign-req client test-2
$ cp ./pki/issued/test-2.crt pki/private/test-2.key ~/

10. Setup Client configuration



    Environment
      Remote Server : XXX.XXXX.XXX
      Remote Port : YYYY


$ cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ./
$ cp client.conf ~/test-1.ovpn
$ cp client.conf ~/test-2.ovpn
$ cd ~/
$ nano test-1.opvn
Chanage Configuration
remote my-server-1 1194
==>
remote XXX.XXXX.XXX  YYYY
;user nobody
;group nogroup
==>
;user nobody
;group nogroup
cert client.crt
key client.key
==>
cert test-1.crt
key test-1.key
$ nano test-1.opvn
Chanage Configuration
remote my-server-1 1194
==>
remote XXX.XXXX.XXX  YYYY
;user nobody
;group nogroup
==>
;user nobody
;group nogroup
cert client.crt
key client.key
==>
cert test-2.crt
key test-2.key

11. Activate OpenVPN Server


$ sudo ls /etc/openvpn/
$ sudo cp ca.crt dh2048.pem ta.key test*.* /etc/openvpn/
$ sudo ls /etc/openvpn/
$ sudo systemctl start openvpn@test
$ sudo journalctl -u openvpn@test -xe

12. Install OpenVPN Client


Setup Sever Netawork GW
Copy File to Client
Install OpenVPN App on Client