Tutorials

How to Setup OpenVPN Server on Ubuntu 15.04

ubuntu_brushes_wallpaper2_by_acousticjacob

Setting up your own OpenVPN server on Ubuntu has never been easier, or for that matter, cheaper than it is today. Thanks to the GNU project, everyone has access to free and high quality software. However, in decades past, you really had to understand tough technical concepts and procedures to configure your operating system.

Ubuntu was one of the first Linux operating systems that succeeded in providing an easy-to-use GUI while still providing an efficient and secure kernel. For this reason, Ubuntu became wildly popular with both power users and novices alike. Though beginners like to use the Ubuntu GUI as often as possible, the command line (i.e. the BASH shell or the terminal) is still the best way to configure software. You simply have greater control over your Ubuntu software than you would if you tried to use the visual interface.

When you’re new to Linux or simply don’t know how to work from the Ubuntu command line, the procedure can seem a little intimidating at first. If you feel apprehensive about working from the command line, take a deep breath and relax. I’ll take you through the process from start to finish.

The following is the procedure you need to follow to install and configure the latest version of OpenVPN server on Ubuntu (version 15.04). Understand that you will want to have root access to your Linux distribution. If you don’t, you will need to precede the following commands with the “sudo” command to successfully run the commands with administrator privileges. However, this is generally tedious and unacceptable. In reality, you need to have root privileges.

Installing the Software and Configuring the Server

The first thing you need to do is to download and install the OpenVPN software by using the following commands:

  • apt-get update
  • apt-get install openvpn easy-rsa

apt-getupdate

Once it has completed and installed, extract the sample server configuration files into the ‘etsy’ directory as follows:

  • gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf

The next thing you are going to want to do is to edit the extracted server.conf file. Simply fire up your favorite text editor – such as vim, nano, gedit, or others – and edit the following file:

  • vim /etc/openvpn/server.conf

Once you have the server.conf file open in your text editor, find the line that says “dh1024.pem” and change it to “dh2048.pem” and save the file. This will double the encryption length setup by the DH (Diffie-Hellman) RSA key for your VPNs. Next, look through the text file and make sure that the following line is uncommented:

  •  push “redirect-gateway def1 bypass-dhcp”

You will also want to add the following two lines of code:

  • push “dhcp-option DNS 208.67.222.222”
  • push “dhcp-option DNS 208.67.220.220”

This will help OpenVPN make DNS queries over the VPN tunnel. The two IP addresses in the preceding code are OpenDNS IPs, but you can add other desired name servers if you prefer. In addition, make sure the following two lines are not commented out in the server.conf file:

  • user nobody
  • group nobody

These two lines will allow OpenVPN to run on a non-administrative account by default (i.e. not be required to use the root account).

Packet Forwarding and Firewall Configurations

Next you will want to enter the following commands to enable packet forwarding:

  • echo 1 > /proc/sys/net/ipv4/ip_forward
  • vim /etc/sysctl.conf

Once you are editing the sysctl.conf file, make sure that the “net.ipv4.ip_forward=1” line is uncommented. Save your work and get ready to configure the firewall. Next you need to edit the firewall as follows:

  • ufw allow ssh
  • ufw allow 1194/udp
  • vim /etc/default/ufw

firewall

In the ufw file, look for the DFAULT_FORWARD_POLICY, which should already be set to ‘DROP.’ Instead, change it to “ACCEPT” using your editor of choice.

DropPolicy

Now you will need to edit the following file:

  • vim /etc/ufw/before.rules

Once opened, add the following code to file after the line that reads “# ufw-before-forward” as follows:

  • # START OPENVPN RULES
  • # NAT table rules
  • *nat
  • :POSTROUTING ACCEPT [0:0]
  • # Allow traffic from OpenVPN client to eth0
  • -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
  • COMMIT
  • # END OPENVPN RULES

rules-before

Finally, we can enable the firewall:

  • ufw enable

It will prompt you whether or not you want to proceed, so just enter a ‘y.’ To verify your firewall configuration, just use this command:

  • ufw status

You should be able to see the that ports we enabled are open and active. They should be set to “Allow” at this point.

FirewallStatus

Creating the Certificates and Keys

Now we need to configure the keys and certificates the client and server will use to build a trustworthy connection. First, copy the RSA scripts and create a directory for the keys as follows:

  • cp -r /usr/share/easy-rsa/ /etc/openvpn
  • mkdir /etc/openvpn/easy-rsa/keys

Next you will want to create Easy-RSA variables that are unique to your location and will help identify people or businesses. Edit the following file:

  • vim /etc/openvpn/easy-rsa/vars

You can edit the following information to the file as it pertains to you. The only information you need to edit is enclosed in quotes:

  • export KEY_COUNTRY=”US
  • export KEY_PROVINCE=”MO
  • export KEY_CITY=”Kansas City
  • export KEY_ORG=”Company
  • export KEY_EMAIL=”Leeroy@example.com
  • export KEY_OU=”OrganizationalUnit

You can also change the name of the key in the same file by changing the KEY_NAME variable. However, the same variable would need to be updated in the server.key and server.crt files. Editing the same vars file, you can edit the key name:

  • export KEY_NAME=”server”

Now you need to generate the DH (Diffie Hellman) settings:

  • openssl dhparam -out /etc/openvpn/dh2048.pem 2048

For the next step, simply change your directory to where we had moved the scripts. If you need to see your current working directory, just use the pwd command.

  • cd /etc/openvpn/easy-rsa

You also need to fire up the PKI:

  • . ./vars

Be certain that you include a space after the first period. Also make sure that you clear any old or preexisting keys before you build the Certificate Authority with the following commands:

  • ./clean-all
  • ./build-ca

Once you enter the command, you will be prompted for information. If it looks OK, just keep hitting the enter key to proceed to the next value.

Creating the Server’s Certificate and Key Data

Now you will want to actually build the key with the following command:

  • ./build-key-server server

Leave both prompts blank, but sign the certificate and enter ‘y’ for the second prompt.

Next, copy the keys to the following directory:

  • cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt} /etc/openvpn
  • ls /etc/openvpn

The ls command (list) will show you if the copy was indeed successful within you current working directory. So run the following two commands to start the service and verify it is running:

  • service openvpn start
  • service openvpn status

If you were successful, you should see a green dot next to your OpenVPN service.

ubuntustartservice

Generate Keys and Certificates for Client Connections

Understand that the remainder of these steps will only use one client as the configuration parameters. To add extra clients (with separate parameters), you will need to repeat these steps.

For the next few steps, make sure your working directory is the following:

  • /etc/openvpn/easy-rsa

Then build the key by using this command:

  • ./build-key client1

Press enter for the first two prompts to leave them blank, and enter a ‘y’ for the following two prompts. When this procedure completes successfully, you will see the following message:

  • Write out database with 1 new entries
  • Data Base Updated

Also understand that connecting clients will need a file extension of .ovpn. For this reason, we will copy the client configuration to be used as a template.

  • cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/client.ovpn

Remember, you can repeat these steps for as many unique clients and devices as necessary.

Moving the Keys to Connected Devices

Please note that each connected device will need to download the .key and .cert files. They are located on the server in the following directories:

  • /etc/openvpn/easy-rsa/keys/client1.crt
  • /etc/openvpn/easy-rsa/keys/client1.key

The apps and programs that you use to facilitate the connection is up to you, but they need to use SCP (Secure Copy) or SFTP (Secure File Transfer Protocol) to facilitate the operation. Validate that your connected device has downloaded the following files:

  • client1.crt
  • client1.key
  • client.ovpn
  • ca.crt

Connecting Clients

Now that the server configuration has been completed on your Ubuntu distribution, the last step is connecting clients to your VPN server. There are two general steps to complete this procedure. Firstly, dependent on your client’s operating system, you will need to install the appropriate VPN client. In addition, you will need to copy the keys and certificate from your VPN server. If you run into any questions, please leave comments below, and I will do my best to answer. I hope that this guide has facilitated your OpenVPN setup on Ubuntu.

Extra Troubleshooting Notes

Below are some problems that readers have faced and shared about in the comments section. In case you run into any problems, the solution might be one of the causes listed in the comments. If you have any questions, or would like to share information, please do take the time to comment below.

Renee Biana

VPN Pick brings you all the latest vpn news, reviews and discounts.

Related Articles

7 Comments

  1. Great post! Thank you!! Works perfectly with one caveat – if your ethernet interface is not ‘eth0’ you will get a perfect VPN connection but no internet. Took a while for me to figure this out. In my case the ethernet interface was ‘venet0’ and not ‘eth0’. Change this in the following line. corrected the problem.

    -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE

    Would be great if you could call this out in your post as a ‘watch out for’.

  2. Probably a stupic question, as I’m real new to this. At about step 3, when I enter sudo gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf, I am getting “Permision denied” messages.

    1. @smuxed – someone may explain more correctly but the > which acts as a redirect means only the left command is using elevated priviledges, and your regular accoutn doesn’t have access to the right hand side folder. What I did was simply change the right hand of > to ~/server.conf then do sudo cp ~/server.conf /etc/openvpn/server.conf hope this helps

  3. Thank you for the tutorial. I have followed the instructions to setup an OpenVPN server on a Ubuntu 15.10 machine.
    Everything look good, except that all the clients are stuck in “Waiting for server response” during connection stage. Any suggestions?

  4. Thanks for the post, but more simplest way (takes 5 minutes) is to use pre-shared key, like described here – `http://sysadm.pp.ua/linux/shifrovanie/openvpn-point-to-point.html . Does anyone used OpenSSL for certs and keys generation for OpenVPN ???

  5. I built my open vpn server with this website:
    https://vpnpick.com/setup-openvpn-server-ubuntu-15-04/
    but openvpn server wont start and I get these errors
    My computer is running ubuntu 15.04

    Dec 30 07:54:50 explosions1000-G1-Sniper-M5 anacron[17625]: Job `cron.daily’ terminated (exit status: 1) (mailing output)
    Dec 30 07:54:51 explosions1000-G1-Sniper-M5 anacron[17625]: Normal exit (1 job run)
    Dec 30 08:17:01 explosions1000-G1-Sniper-M5 CRON[18894]: (root) CMD ( cd / && run-parts –report /etc/cron.hourly)
    Dec 30 09:17:01 explosions1000-G1-Sniper-M5 CRON[18965]: (root) CMD ( cd / && run-parts –report /etc/cron.hourly)
    Dec 30 10:17:01 explosions1000-G1-Sniper-M5 CRON[19005]: (root) CMD ( cd / && run-parts –report /etc/cron.hourly)
    Dec 30 11:17:01 explosions1000-G1-Sniper-M5 CRON[19593]: (root) CMD ( cd / && run-parts –report /etc/cron.hourly)
    Dec 30 11:31:38 explosions1000-G1-Sniper-M5 ovpn-client[20969]: Options error: –cert fails with ‘client.crt’: No such file or directory
    Dec 30 11:31:38 explosions1000-G1-Sniper-M5 ovpn-client[20969]: Options error: –key fails with ‘client.key’: No such file or directory
    Dec 30 11:31:38 explosions1000-G1-Sniper-M5 ovpn-client[20969]: Options error: Please correct these errors.
    Dec 30 11:31:38 explosions1000-G1-Sniper-M5 ovpn-client[20969]: Use –help for more information.
    Dec 30 11:31:38 explosions1000-G1-Sniper-M5 ovpn-server[20983]: Options error: –dh fails with ‘dh1024.pem’: No such file or directory
    Dec 30 11:31:38 explosions1000-G1-Sniper-M5 ovpn-server[20983]: Options error: Please correct these errors.
    Dec 30 11:31:38 explosions1000-G1-Sniper-M5 ovpn-server[20983]: Use –help for more information.
    Dec 30 11:33:07 explosions1000-G1-Sniper-M5 dbus[454]: [system] Activating service name=’org.debian.apt’ (using servicehelper)
    Dec 30 11:33:08 explosions1000-G1-Sniper-M5 AptDaemon: INFO: Initializing daemon
    Dec 30 11:33:08 explosions1000-G1-Sniper-M5 dbus[454]: [system] Successfully activated service ‘org.debian.apt’
    Dec 30 11:33:09 explosions1000-G1-Sniper-M5 AptDaemon.PackageKit: INFO: Initializing PackageKit compat layer
    Dec 30 11:33:41 explosions1000-G1-Sniper-M5 AptDaemon: INFO: CommitPackages() was called: dbus.Array([dbus.String(‘network-manager-openvpn’)], signature=dbus.Signature(‘s’)), dbus.Array([dbus.String(”)], signature=dbus.Signature(‘s’)), dbus.Array([dbus.String(”)], signature=dbus.Signature(‘s’)), dbus.Array([dbus.String(”)], signature=dbus.Signature(‘s’)), dbus.Array([dbus.String(”)], signature=dbus.Signature(‘s’)), dbus.Array([dbus.String(”)], signature=dbus.Signature(‘s’))
    Dec 30 11:33:41 explosions1000-G1-Sniper-M5 AptDaemon.Trans: INFO: Simulate was called
    Dec 30 11:33:41 explosions1000-G1-Sniper-M5 AptDaemon.Worker: INFO: Simulating trans: /org/debian/apt/transaction/31bcf2df79de4f1295ee9b9ab0f6ccfe
    Dec 30 11:33:42 explosions1000-G1-Sniper-M5 AptDaemon.Worker: INFO: Committing packages: dbus.Array([dbus.String(‘network-manager-openvpn’)], signature=dbus.Signature(‘s’)), dbus.Array([], signature=dbus.Signature(‘s’)), dbus.Array([], signature=dbus.Signature(‘s’)), dbus.Array([], signature=dbus.Signature(‘s’)), dbus.Array([], signature=dbus.Signature(‘s’)), dbus.Array([], signature=dbus.Signature(‘s’))
    Dec 30 11:33:43 explosions1000-G1-Sniper-M5 AptDaemon.Trans: INFO: Queuing transaction /org/debian/apt/transaction/31bcf2df79de4f1295ee9b9ab0f6ccfe
    Dec 30 11:33:58 explosions1000-G1-Sniper-M5 AptDaemon.Worker: INFO: Processing transaction /org/debian/apt/transaction/31bcf2df79de4f1295ee9b9ab0f6ccfe
    Dec 30 11:34:07 explosions1000-G1-Sniper-M5 dbus[454]: [system] Reloaded configuration
    Dec 30 11:34:08 explosions1000-G1-Sniper-M5 dbus[454]: message repeated 2 times: [ [system] Reloaded configuration]
    Dec 30 11:34:08 explosions1000-G1-Sniper-M5 NetworkManager[895]: VPN: loaded org.freedesktop.NetworkManager.openvpn
    Dec 30 11:34:08 explosions1000-G1-Sniper-M5 dbus[454]: [system] Reloaded configuration
    Dec 30 11:34:09 explosions1000-G1-Sniper-M5 dbus[454]: [system] Reloaded configuration
    Dec 30 11:34:10 explosions1000-G1-Sniper-M5 AptDaemon.Worker: INFO: Finished transaction /org/debian/apt/transaction/31bcf2df79de4f1295ee9b9ab0f6ccfe
    Dec 30 11:34:14 explosions1000-G1-Sniper-M5 AptDaemon: INFO: CommitPackages() was called: dbus.Array([dbus.String(‘gadmin-openvpn-client’)], signature=dbus.Signature(‘s’)), dbus.Array([dbus.String(”)], signature=dbus.Signature(‘s’)), dbus.Array([dbus.String(”)], signature=dbus.Signature(‘s’)), dbus.Array([dbus.String(”)], signature=dbus.Signature(‘s’)), dbus.Array([dbus.String(”)], signature=dbus.Signature(‘s’)), dbus.Array([dbus.String(”)], signature=dbus.Signature(‘s’))
    Dec 30 11:34:14 explosions1000-G1-Sniper-M5 AptDaemon.Trans: INFO: Simulate was called
    Dec 30 11:34:14 explosions1000-G1-Sniper-M5 AptDaemon.Worker: INFO: Simulating trans: /org/debian/apt/transaction/3acc722eb8954165baf379c7811cd6ee
    Dec 30 11:34:14 explosions1000-G1-Sniper-M5 AptDaemon.Worker: INFO: Committing packages: dbus.Array([dbus.String(‘gadmin-openvpn-client’)], signature=dbus.Signature(‘s’)), dbus.Array([], signature=dbus.Signature(‘s’)), dbus.Array([], signature=dbus.Signature(‘s’)), dbus.Array([], signature=dbus.Signature(‘s’)), dbus.Array([], signature=dbus.Signature(‘s’)), dbus.Array([], signature=dbus.Signature(‘s’))
    Dec 30 11:34:15 explosions1000-G1-Sniper-M5 AptDaemon.Trans: INFO: Queuing transaction /org/debian/apt/transaction/3acc722eb8954165baf379c7811cd6ee
    Dec 30 11:34:15 explosions1000-G1-Sniper-M5 AptDaemon.Worker: INFO: Processing transaction /org/debian/apt/transaction/3acc722eb8954165baf379c7811cd6ee
    Dec 30 11:34:25 explosions1000-G1-Sniper-M5 AptDaemon.Worker: INFO: Finished transaction /org/debian/apt/transaction/3acc722eb8954165baf379c7811cd6ee
    Dec 30 11:41:08 explosions1000-G1-Sniper-M5 ovpn-client[22428]: Options error: –cert fails with ‘client.crt’: No such file or directory
    Dec 30 11:41:08 explosions1000-G1-Sniper-M5 ovpn-client[22428]: Options error: –key fails with ‘client.key’: No such file or directory
    Dec 30 11:41:08 explosions1000-G1-Sniper-M5 ovpn-client[22428]: Options error: Please correct these errors.
    Dec 30 11:41:08 explosions1000-G1-Sniper-M5 ovpn-client[22428]: Use –help for more information.
    Dec 30 11:41:08 explosions1000-G1-Sniper-M5 ovpn-server[22442]: Options error: –dh fails with ‘dh8096.pem’: No such file or directory
    Dec 30 11:41:08 explosions1000-G1-Sniper-M5 ovpn-server[22442]: Options error: Please correct these errors.
    Dec 30 11:41:08 explosions1000-G1-Sniper-M5 ovpn-server[22442]: Use –help for more information.
    Dec 30 11:45:09 explosions1000-G1-Sniper-M5 AptDaemon: INFO: Quitting due to inactivity
    Dec 30 11:45:09 explosions1000-G1-Sniper-M5 AptDaemon: INFO: Quitting was requested
    Dec 30 11:46:23 explosions1000-G1-Sniper-M5 ovpn-client[22591]: Options error: –cert fails with ‘client.crt’: No such file or directory
    Dec 30 11:46:23 explosions1000-G1-Sniper-M5 ovpn-client[22591]: Options error: –key fails with ‘client.key’: No such file or directory
    Dec 30 11:46:23 explosions1000-G1-Sniper-M5 ovpn-client[22591]: Options error: Please correct these errors.
    Dec 30 11:46:23 explosions1000-G1-Sniper-M5 ovpn-client[22591]: Use –help for more information.
    Dec 30 11:46:23 explosions1000-G1-Sniper-M5 ovpn-server[22605]: Options error: –dh fails with ‘dh8096.pem’: No such file or directory
    Dec 30 11:46:23 explosions1000-G1-Sniper-M5 ovpn-server[22605]: Options error: Please correct these errors.
    Dec 30 11:46:23 explosions1000-G1-Sniper-M5 ovpn-server[22605]: Use –help for more information.
    Dec 30 12:17:01 explosions1000-G1-Sniper-M5 CRON[22900]: (root) CMD ( cd / && run-parts –report /etc/cron.hourly)
    Dec 30 13:17:01 explosions1000-G1-Sniper-M5 CRON[24243]: (root) CMD ( cd / && run-parts –report /etc/cron.hourly)
    Dec 30 13:23:19 explosions1000-G1-Sniper-M5 kernel: [133090.016748] [UFW BLOCK] IN=enp3s0 OUT= MAC=94:de:80:a2:dc:a9:08:10:74:26:50:92:08:00 SRC=216.58.218.206 DST=192.168.10.102 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=34081 PROTO=TCP SPT=443 DPT=51250 WINDOW=0 RES=0x00 RST URGP=0
    Dec 30 13:23:19 explosions1000-G1-Sniper-M5 kernel: [133090.016946] [UFW BLOCK] IN=enp3s0 OUT= MAC=94:de:80:a2:dc:a9:08:10:74:26:50:92:08:00 SRC=216.58.218.206 DST=192.168.10.102 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=34082 PROTO=TCP SPT=443 DPT=51250 WINDOW=0 RES=0x00 RST URGP=0
    Dec 30 13:23:21 explosions1000-G1-Sniper-M5 kernel: [133092.018062] [UFW BLOCK] IN=enp3s0 OUT= MAC=94:de:80:a2:dc:a9:08:10:74:26:50:92:08:00 SRC=216.58.218.197 DST=192.168.10.102 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=16067 PROTO=TCP SPT=443 DPT=45564 WINDOW=0 RES=0x00 RST URGP=0
    Dec 30 13:23:21 explosions1000-G1-Sniper-M5 kernel: [133092.018261] [UFW BLOCK] IN=enp3s0 OUT= MAC=94:de:80:a2:dc:a9:08:10:74:26:50:92:08:00 SRC=216.58.218.197 DST=192.168.10.102 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=16068 PROTO=TCP SPT=443 DPT=45564 WINDOW=0 RES=0x00 RST URGP=0
    Dec 30 13:23:21 explosions1000-G1-Sniper-M5 kernel: [133092.018466] [UFW BLOCK] IN=enp3s0 OUT= MAC=94:de:80:a2:dc:a9:08:10:74:26:50:92:08:00 SRC=216.58.218.197 DST=192.168.10.102 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=16069 PROTO=TCP SPT=443 DPT=45564 WINDOW=0 RES=0x00 RST URGP=0
    Dec 30 13:23:24 explosions1000-G1-Sniper-M5 kernel: [133095.018318] [UFW BLOCK] IN=enp3s0 OUT= MAC=94:de:80:a2:dc:a9:08:10:74:26:50:92:08:00 SRC=74.125.227.233 DST=192.168.10.102 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=8046 PROTO=TCP SPT=443 DPT=57436 WINDOW=0 RES=0x00 RST URGP=0
    Dec 30 13:23:24 explosions1000-G1-Sniper-M5 kernel: [133095.018856] [UFW BLOCK] IN=enp3s0 OUT= MAC=94:de:80:a2:dc:a9:08:10:74:26:50:92:08:00 SRC=74.125.227.233 DST=192.168.10.102 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=8047 PROTO=TCP SPT=443 DPT=57436 WINDOW=0 RES=0x00 RST URGP=0
    Dec 30 13:23:24 explosions1000-G1-Sniper-M5 kernel: [133095.019060] [UFW BLOCK] IN=enp3s0 OUT= MAC=94:de:80:a2:dc:a9:08:10:74:26:50:92:08:00 SRC=74.125.227.233 DST=192.168.10.102 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=8048 PROTO=TCP SPT=443 DPT=57436 WINDOW=0 RES=0x00 RST URGP=0
    Dec 30 13:23:31 explosions1000-G1-Sniper-M5 kernel: [133102.021396] [UFW BLOCK] IN=enp3s0 OUT= MAC=94:de:80:a2:dc:a9:08:10:74:26:50:92:08:00 SRC=216.58.218.99 DST=192.168.10.102 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=20560 PROTO=TCP SPT=443 DPT=58588 WINDOW=0 RES=0x00 RST URGP=0
    Dec 30 13:24:34 explosions1000-G1-Sniper-M5 kernel: [133165.404287] [UFW BLOCK] IN=enp3s0 OUT= MAC=94:de:80:a2:dc:a9:08:10:74:26:50:92:08:00 SRC=216.58.218.131 DST=192.168.10.102 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=56614 PROTO=TCP SPT=443 DPT=36744 WINDOW=0 RES=0x00 RST URGP=0
    Dec 30 13:25:07 explosions1000-G1-Sniper-M5 kernel: [133198.085279] [UFW BLOCK] IN=enp3s0 OUT= MAC=94:de:80:a2:dc:a9:08:10:74:26:50:92:08:00 SRC=173.194.115.65 DST=192.168.10.102 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=54420 PROTO=TCP SPT=443 DPT=47100 WINDOW=0 RES=0x00 RST URGP=0
    Dec 30 13:25:09 explosions1000-G1-Sniper-M5 kernel: [133200.086429] [UFW BLOCK] IN=enp3s0 OUT= MAC=94:de:80:a2:dc:a9:08:10:74:26:50:92:08:00 SRC=173.194.115.21 DST=192.168.10.102 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=12597 PROTO=TCP SPT=443 DPT=51034 WINDOW=0 RES=0x00 RST URGP=0
    Dec 30 13:25:13 explosions1000-G1-Sniper-M5 kernel: [133204.155735] [UFW BLOCK] IN=enp3s0 OUT= MAC=94:de:80:a2:dc:a9:08:10:74:26:50:92:08:00 SRC=216.58.218.166 DST=192.168.10.102 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=41907 PROTO=TCP SPT=443 DPT=53552 WINDOW=0 RES=0x00 RST URGP=0
    Dec 30 13:25:13 explosions1000-G1-Sniper-M5 kernel: [133204.156365] [UFW BLOCK] IN=enp3s0 OUT= MAC=94:de:80:a2:dc:a9:08:10:74:26:50:92:08:00 SRC=216.58.218.206 DST=192.168.10.102 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=26146 PROTO=TCP SPT=443 DPT=51320 WINDOW=0 RES=0x00 RST URGP=0
    Dec 30 13:25:13 explosions1000-G1-Sniper-M5 kernel: [133204.156788] [UFW BLOCK] IN=enp3s0 OUT= MAC=94:de:80:a2:dc:a9:08:10:74:26:50:92:08:00 SRC=216.58.218.166 DST=192.168.10.102 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=41908 PROTO=TCP SPT=443 DPT=53552 WINDOW=0 RES=0x00 RST URGP=0
    Dec 30 13:25:23 explosions1000-G1-Sniper-M5 kernel: [133214.344819] [UFW BLOCK] IN=enp3s0 OUT= MAC=94:de:80:a2:dc:a9:08:10:74:26:50:92:08:00 SRC=216.58.218.98 DST=192.168.10.102 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=59879 PROTO=TCP SPT=443 DPT=47634 WINDOW=0 RES=0x00 RST URGP=0
    Dec 30 13:25:52 explosions1000-G1-Sniper-M5 kernel: [133242.854547] [UFW BLOCK] IN=enp3s0 OUT= MAC=94:de:80:a2:dc:a9:08:10:74:26:50:92:08:00 SRC=216.58.218.161 DST=192.168.10.102 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=48603 PROTO=TCP SPT=443 DPT=40286 WINDOW=0 RES=0x00 RST URGP=0
    Dec 30 14:17:01 explosions1000-G1-Sniper-M5 CRON[25720]: (root) CMD ( cd / && run-parts –report /etc/cron.hourly)
    Dec 30 15:17:01 explosions1000-G1-Sniper-M5 CRON[26623]: (root) CMD ( cd / && run-parts –report /etc/cron.hourly)
    Dec 30 16:17:01 explosions1000-G1-Sniper-M5 CRON[27708]: (root) CMD ( cd / && run-parts –report /etc/cron.hourly)
    Dec 30 17:17:01 explosions1000-G1-Sniper-M5 CRON[29061]: (root) CMD ( cd / && run-parts –report /etc/cron.hourly)
    Dec 30 18:10:08 explosions1000-G1-Sniper-M5 ovpn-client[30255]: Options error: –cert fails with ‘client.crt’: No such file or directory
    Dec 30 18:10:08 explosions1000-G1-Sniper-M5 ovpn-client[30255]: Options error: –key fails with ‘client.key’: No such file or directory
    Dec 30 18:10:08 explosions1000-G1-Sniper-M5 ovpn-client[30255]: Options error: Please correct these errors.
    Dec 30 18:10:08 explosions1000-G1-Sniper-M5 ovpn-client[30255]: Use –help for more information.
    Dec 30 18:10:08 explosions1000-G1-Sniper-M5 ovpn-server[30269]: Options error: –dh fails with ‘dh4096.pem’: No such file or directory
    Dec 30 18:10:08 explosions1000-G1-Sniper-M5 ovpn-server[30269]: Options error: Please correct these errors.
    Dec 30 18:10:08 explosions1000-G1-Sniper-M5 ovpn-server[30269]: Use –help for more information.
    can someone please help me?
    I have searched and searched and nothing
    thanks for your time
    Show less

  6. Thanks for the walkthrough, it was a really helpful quick start. One thing though, starting open vpn with
    service openvpn start

    didn’t work for me. I needed to use the method described here: http://askubuntu.com/questions/639855/how-to-start-the-openvpn-client-service-on-ubuntu-15-04

    Here’s the important bit

    “OpenVPN is a templatized service under systemd. The services are named openvpn@config.service. So you should be starting your /etc/openvpn/myvpn.conf instance with

    systemctl start openvpn@myvpn.service

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Exclusive Offer: Get a 49% Discount off ExpressVPNGet This Deal
+