OpenVPN Setup on Ubuntu
To get the latest version of OpenVPN, which will be 2.6 since files for 3.0 are still not yet available at the time of this article, we first need to import the OpenVPN repository key:
# ls -altri /etc/apt/keyrings/
# curl -fsSL https://swupdate.openvpn.net/repos/repo-public.gpg | gpg –dearmor > /etc/apt/keyrings/openvpn-repo-pub-key.gpg
Change ‘arch’ to match your CPU architecture. Check the release versions available here:
https://build.openvpn.net/debian/openvpn/release/
And select the folder that actually has files in it. For example, 2.6 has files in it and it’s the latest version:
Index of /debian/openvpn/release/2.6/
../
dists/ 12-Feb-2024 13:28 –
pool/ 09-Nov-2023 10:41 –
keyring.gpg 12-Feb-2024 13:28 7416
pubkey.gpg 12-Feb-2024 13:28 9903
Get the OS distribution to be used in the later command:
# lsb_release -c | awk ‘{print $2}’
Using the above, create the OpenVPN repository file within the /etc/apt/sources.list.d/ folder like this:
# echo “deb [arch=amd64 signed-by=/etc/apt/keyrings/openvpn-repo-public.gpg] https://build.openvpn.net/debian/openvpn/release/2.6 jammy main” > /etc/apt/sources.list.d/openvpn-aptrepo.list
Verify the repository is working correctly by running an apt-get update:
# apt-get update
or
apt update
Followed by:
# apt install openvpn
Verify with:
# dpkg -l | grep -Ei vpn
Following this, configure your OpenVPN Client as follows. For the purpose of this article, assumption will be made that all the necessary files to connect to an OpenVPN Servers have been generated and sent over in a file such as user-vpn-config.zip or equivalent ( Replace user-vpn-cnofig.zip with the actual zip name sent to you. ):
ca.crt
ta.key
openvpn.domain.com-user.ovpn
user.key
user.crt
Copy the zip then extract the files to a folder such as:
# mkdir ~/openvpn
# cd ~/openvpn
# wget https://SOURCE-URL.com/SOURCE-PATH/user-vpn=config.zip # Replace the uppercase text with the actual path provided by your OpenVPN Server provider.
# unzip user-vpn-config.zip
The ‘~’ indicates the home folder of the currently logged in user. To find the current user, type:
# who am i
at the terminal prompt. Use a line such as this to verify the contents of the .ovpn config file:
# grep -Eiv “#|;” openvpn.domain.com-user.ovpn | sed ‘/^[[:space:]]*$/d’
client
dev tun2
proto tcp
remote openvpn.domain.com 12345
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert user.crt
key user.key
remote-cert-tls server
tls-auth ta.key 1
data-ciphers AES-256-GCM:AES-128-GCM
data-ciphers-fallback AES-256-CBC
auth SHA256
comp-lzo no
verb 3
auth-nocache
tun-mtu 1500
#
Time to connect. Issue the following to connect to the remote site:
# openvpn openvpn.domain.com-user.ovpn
Important to note that when running the above command, it will not exit in that terminal window. This is expected. To access the remote host resources, either use another terminal tab or just another plain terminal or simply minimize the terminal running the OpenVPN command above, and use the rest of your workstation as if it was connected directly to your ISP.
Try to access some of the resources on the remote site. See your OpenVPN Server or ISP emails for further details.
Enjoy!
REF: https://askubuntu.com/questions/291035/how-to-add-a-gpg-key-to-the-apt-sources-keyring
REF: https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
REF: https://support.surfshark.com/hc/en-us/articles/360011051133-How-to-set-up-manual-OpenVPN-connection-using-Linux-Terminal