Configure an OpenVPN Server and Client on Ubuntu

30 minutes
  • 3 Learning Objectives

About this Hands-on Lab

A virtual private network (VPN) provides a secure connection for users to access a private network remotely. This grants access to resources on the private network and prevents third parties from accessing sensitive information. In this hands-on lab, you will be tasked with configuring an OpenVPN server that includes a public key infrastructure (PKI) that is capable of receiving connections from an OpenVPN client.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Configure the Public Key Infrastructure (PKI) on the OpenVPN Server Host
  • Install the openvpn and easy-rsa services.
  • Configure the certificate authority (CA). The common name should be openvpn-ca.
  • Create keys and certificates for the OpenVPN server and client. The server should be called vpnserver, and the client should be called vpnclient.
  • Sign certificates for the OpenVPN server and client.
  • Generate Diffie-Hellman parameters.
  • Copy the following files to /etc/openvpn: dh.pem, ca.crt, vpnserver.crt, and vpnserver.key.
  • Copy ca.crt, vpnclient.crt, and vpnclient.key to the /home/cloud_user directory on the OpenVPN client host (
Configure the OpenVPN Server
  • Unzip usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz to /etc/openvpn. Ensure that the name of the file is vpnserver.conf.
  • Modify vpnserver.conf, and ensure that it correctly points to the following files: ca.crt, vpnserver.crt, vpnserver.key, and dh.pem.
  • Generate the TLS authentication key (ta.key) and copy it to the /home/cloud_user directory on the OpenVPN client.
  • Enable IPv4 forwarding.
  • Start and enable the openvpn service.
Configure the OpenVPN Client
  • Install the openvpn service.
  • Copy /usr/share/doc/openvpn/examples/sample-config-files/client.conf as well as the certificates and keys in /home/cloud_user to /etc/openvpn.
  • Modify /etc/openvpn/client.conf and ensure that it does the following:
    • Points to the ca.crt, vpnclient.crt, vpnclient.key, and ta.key files
    • Includes the word client
    • Includes the correct IP address and port for the OpenVPN server
  • Start and enable the openvpn service.

Additional Resources

You work as a system administrator and have been tasked with setting up an OpenVPN server and client to be used as a demo for the CIO of your company. This is the last step before OpenVPN is selected as the VPN solution for your company. Your first step is to set up a public key infrastructure (PKI) on the OpenVPN server host. This involves configuring the certificate authority (CA) and then generating certificates and keys for the OpenVPN server and client. After you set up the PKI, you will need to configure the OpenVPN server and client, ensuring that they are started and enabled.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?