We have been roaming around to establish VPN connection between our network to AWS network. There are servers which are in private network which needs to be accessed from our local network. Here comes the post on how to establish a VPN connection between your network to other network


  1. Ubuntu 14.04 or latest version
  2. Windows Client Machine/Linux Machine where you will connect


Let’s install openvpn server on the Ubuntu server.

apt-get install openvpn easy-rsa

Create a installation directory.

make-cadir ~/openvpn-ca

Move to the installation directory.

cd ~/openvpn-ca

Open vars file and modify the below settings.

vim vars

export KEY_CITY="Bangalore"
export KEY_ORG="PheonixSolutions"
export KEY_EMAIL="test-key-vpn@pheonixsolutions.com"
export KEY_OU="Devops"

# X509 Subject Field
export KEY_NAME="server"

Source the file vars.

source vars

Create the CA certificate


Just give enter for all the options and leave it blank for password. Note that, these options will be taken from vars file.

Create the  keyserver

./build-key-server server

Create dh.pem


Create ta.key

openvpn --genkey --secret keys/ta.key

We will be creating client key on the same machine and copying the key to client machine.

./build-key client1

Copy the server.key,server.crt,ca.crt,ca.crt,ta.key,dh2048.pem

cp ca.crt ca.key server.crt server.key ta.key dh2048.pem /etc/openvpn

Create server.conf

gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf

Add or update the following lines on /etc/openvpn/server.conf.

vim /etc/openvpn/server.conf

tls-auth ta.key 0 # This file is secret
key-direction 0

auth SHA256
user nobody
group nogroup
dh dh2048.pem
push “redirect-gateway def1 bypass-dhcp”

Enable Ip forward on the kernel level.

echo 1 > /proc/sys/net/ipv4/ip_forward

Append the following line /etc/sysctl.conf

vim /etc/sysctl.conf


mkdir -p ~/client-configs/files
chmod 700 ~/client-configs/files
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/client-configs/base.conf

vim ~/clien-configs/base.conf
remote server_IP_address 1194
cipher AES-128-CBC
auth SHA256
vim ~/client-configs/make_config.sh

# First argument: Client identifier


cat ${BASE_CONFIG} \
<(echo -e ‘<ca>’) \
${KEY_DIR}/ca.crt \
<(echo -e ‘</ca>\n<cert>’) \
${KEY_DIR}/${1}.crt \
<(echo -e ‘</cert>\n<key>’) \
${KEY_DIR}/${1}.key \
<(echo -e ‘</key>\n<tls-auth>’) \
${KEY_DIR}/ta.key \
<(echo -e ‘</tls-auth>’) \
> ${OUTPUT_DIR}/${1}.ovpn

Leave a Reply