Do you know what was always there but has increased multiple times in the last decade? Yes, remote work. These days your teams are usually not in the same place, not in the same country sometimes. With the distributed teams and people working from different places, it’s very common for them to access your business infrastructure from various places such as airports, cafes, their home or even from their mobile data connection. The fundamental problem is that the internet is a public space which means you are at risk all the time. So, you need something that could make a secure and private connection between your company’s servers and your teams connected to them.
This is where OpenVPN comes in, you can get their Access Server and deploy it easily on VMs, Cloud such as AWS, Azure etc. or even on your own infrastructure. So, what this does is that it builds a secure encrypted tunnel like connection between the company’s VPN server and the users (team members). So, it really is like they are on the same network even though they are thousands of miles apart.
In this tutorial, I will show you how to deploy OpenVPN Access Server on Ubuntu 24.04 which is installed on a VM on my own machine. You can install it the same way on your Ubuntu server, there is no difference in the procedure.
Part-1: Set Up OpenVPN Access Server on Ubuntu 24.04 (VM)
1. Signup for OpenVPN Access Server
Signup for OpenVPN Access Server account: https://myaccount.openvpn.com/signup
You can get a free 14-day trial.
2. Update & Upgrade Ubuntu Before Installing OpenVPN Access Server
You need to update and upgrade your Ubuntu system by using these commands:
Then:
Once done, go ahead and reboot:
Once your system reboots, update it again.
3. Install Required Dependencies (curl, ca-certificates, gnupg)
You need to install the required dependencies:
4. Switch to Root & Install OpenVPN Access Server
First, you need to become the root user:
Then install the OpenVPN Access Server with this command:
You will get the installation successful message:
5. Open the Admin UI & Login with Temporary Password
After the installation, scroll back and find this section where you will see Admin UI, Client UI, a username and a temporary password.
Copy the Admin UI address and paste it in the browser. It’d give you a warning as it’s a self signed SSL certificate so you need to click on “Advance” and then click on “Accept the Risk and Continue”.
Now, you will see a login screen like below where you enter your username and temporary password:
Once you are logged in, it will ask you to accept the license agreement. Read through that and then accept it.
Once inside, now go to the “Users” tab, click on the pencil icon and change the temporary password and save changes.
6. Activate OpenVPN Access Server (Enter Activation Key)
In your Admin UI, look at the bottom left where you will see the “Activation” tab. Click on that and you will see a pop up type window where you need to enter the key.
Now go to your OpenVPN Access Server portal.
Go to the “Activation Keys” tab and copy the key.
Come back to your Admin UI and paste the key in the same “Activation” tab pop up window and click “Activate”:
7. Create a VPN User
Now you can start to create users for your team members. For that matter, In your Admin UI, go to the “Users” tab.
Enter the name of the new user, in my case I entered “bobby” and then you can assign it to a group if you want, I didn’t assign it to any group and then you can click on “Save”.
This will bring you to a window where you can add a password for the newly created user and save changes.
Part-2: Connect to OpenVPN Access Server Using OpenVPN Connect
8. Open Client UI & Download Profile (.ovpn)
Go to the Client UI address you got at the time of the installation:
Select the platform, in my case it’s Linux:
Then click on “Connection profile” to download profile:
9. Configure Router Port Forwarding (For Remote Access)
Go to your router’s default gateway IP Address and login and then find the option of port forwarding and click on “New”:
In my case, it says “IPv4 Port Mapping”. In your case it might be different, it might say “Port Forwarding”, so keep that in mind.
Now add the relevant details and apply changes:
Keep a few things in mind while working with port forwarding:
A- UDP 1194 (VPN Connection): This is the VPN traffic port and your device makes a tunnel connection on this port.
B- TCP 943 (Web Portal): This is the web portal port for Admin UI and Client UI.
Important Note-1: With port forwarding, you will be able to access your OpenVPN Access Server from any WiFi network in the world or even mobile data. The only pre-requisite should be that your VM is running. If you want to work on the same WiFi Network, then skip port forwarding.
Important Note-2: While using a VM, for port forwarding, make sure your networking is set to “Bridged” and not “Shared”. You can go ahead and edit your VM to find the “Network” option and there you can make this change.
10. Import Profile into OpenVPN Connect
You can download and install OpenVPN Connect on any of your devices such as iPhone, Android, Windows, Mac OS, or Linux.
For this, I quickly picked up my iPhone and searched for OpenVPN Connect and installed the app.
After opening up the app, you can read through the licence agreement and click on “Agree” once you have read it:
Tap on “Upload” and upload the “Connection profile” we downloaded in step 8.
You can also go to your “Connection profile” file location and open it with the “OpenVPN Connect” app. It will show you the details, after checking them click on “Connect”.
Type in your password in the prompt and then click on “OK”.
11. Verify if VPN is Working
Now verify if your connection was successful and if your VPN was working.
Everything is working fine in our case and the fun part is that even if you turn on your mobile data, your VPN will still work and even if you move to any other location your VPN will still work as long as your VM is active and running.
Final Thoughts
OpenVPN Access Server is a powerful tool when it comes to the privacy and security of your distributed teams and your business infrastructure. Although the internet is not private, your team can be anywhere in the world and still enjoy the protection by the encrypted secure tunnel OpenVPN Access Server creates between the user and your server. If you are using a cloud server or a Linux server with a public IP address then you can simply share this link with your team members: https://your-ip/943 which is your Client UI. And of course you can skip step 9 (port forwarding) in case of cloud or linux servers that have a public IP address. For cloud servers or any servers with public IP addresses, you will need firewall rules instead of port forwarding. You just really need port forwarding if you have home servers. OpenVPN Access Server’s installation guides are available for all supported platforms on their web portal.
Discover more from Ubuntu-Server.com
Subscribe to get the latest posts sent to your email.
