Installing OpenVPN on a Scaleway Instance running Ubuntu 24.04
Reviewed on 06 January 2025 • Published on 16 January 2019
vpn
OpenVPN
Ubuntu
Learn how to install and configure OpenVPN on Ubuntu 24.04 LTS with this comprehensive guide. Follow our step-by-step instructions to establish a secure VPN connection via your Scaleway Instance with ease.
Create the client configuration file:
On your server, create a new client configuration file named client1.ovpn:
nano ~/client1.ovpn
Add the following configuration in the file, replacing your_server_ip_or_domain with your server’s IP address or domain name:
client
dev tun
proto udp
remote your_server_ip_or_domain 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA256
cipher AES-256-GCM
verb 3
<ca>
-----BEGIN CERTIFICATE-----
# Insert the content of /etc/openvpn/ca.crt here
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
# Insert the content of /etc/openvpn/easy-rsa/pki/issued/client1.crt here
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
# Insert the content of /etc/openvpn/easy-rsa/pki/private/client1.key here
-----END PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
# Insert the content of /etc/openvpn/ta.key here
-----END OpenVPN Static key V1-----
</tls-auth>
key-direction 1
Note
Replace the placeholder text (e.g., # Insert the content of /etc/openvpn/ca.crt here) with the actual contents of the respective files. You can use the cat command to display the contents of each file and then copy and paste them into the appropriate sections of the client1.ovpn file.
For example:
cat /etc/openvpn/ca.crt
Copy the output and paste it between the <ca> and </ca> tags in the client1.ovpn file.
Transfer the client configuration file to the client device:
Use a secure method to transfer the client1.ovpn file to the device you intend to use as a client. You can use scp (secure copy) for this purpose:
Replace user with your username on the client device, client_device_ip with the client’s IP address, and /path/to/destination/ with the desired directory on the client device.
Install OpenVPN on the client device:
Ensure that the OpenVPN client is installed on your client device. Installation methods vary depending on the operating system:
Linux:
apt update
apt install -y openvpn
Windows:
Download and install the OpenVPN client from the official website.
macOS:
Download and install Tunnelblick, a free OpenVPN client for macOS.
Connect to the VPN:
Linux:
Use the following command to start the VPN connection:
openvpn --config /path/to/client1.ovpn
Windows/macOS:
Import the client1.ovpn file into your OpenVPN client application and initiate the connection through the application’s interface.
Verify the connection:
Once connected, verify that your public IP address matches the VPN server’s IP address, indicating that your internet traffic is being routed through the VPN. You can check your public IP address by visiting WhatIsMyIP.com or a similar service.
Your OpenVPN server is now configured on your Ubuntu 24.04 LTS instance, and your client device is set up to connect securely.
For ongoing maintenance, remember to renew your Let’s Encrypt certificates regularly (they expire every 90 days). You can automate this process with a cron job:
echo "0 0 1 */2 * certbot renew --quiet" | tee -a /etc/crontab
This cron job runs the certbot renew command on the first day of every second month at midnight.
Thank you for the feedback!
Your opinion helps us make a better documentation.