Setting up a Linux VPN server with OpenVPN and configuring firewall rules, routing, and port-forwarding

How to Setup a Linux VPN Server

If you want to use OpenVPN to tunnel all network traffic through your server, you need to establish some firewall rules and routing configurations.

If your server is behind a router/firewall, you need to configure port-forwarding on that device as well. You may also need to set up a small ping interval for the tunnel.


OpenVPN is a flexible and secure virtual private networking (VPN) solution available in the Ubuntu repositories. It provides a number of benefits over proprietary solutions like PPTP.

When a client connects to an OpenVPN server, they are able to send traffic to machines on the server’s side as though it were within the same subnet. This is achieved by establishing an Ethernet bridge on the server with its tap interface.

To enable this feature, you must run a few commands. First, create a new directory with sudo mkdir /etc/openvpn/easy-rsa. Then, copy the files in this directory to your samba share with the command sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/easy-rsa.cfg.

You must also edit the config file to specify your authentication options. For example, you could specify auth-user-pass-verify to prompt for username/password from stdin and verify the common name of a certificate or auth-dh-keys-verify to use key-based authentication. If you use the latter option, you must also generate a key pair and add it to your CA directory.


Using a home-grown VPN server allows you to securely access your network while on the go. This includes things like doing online banking while at a public WiFi hotspot, or accessing your home files from anywhere.

In order to accept client connections, the ethernet device on your server needs to be configured for promiscuous mode at boot. This can be done with the network-d-dispatcher package on Debian or Ubuntu, and by configuring the DHCP options in the OpenVPN configuration file to push all traffic through the tunnel.

Some settings in the OpenVPN configuration file may require a change of user privileges. For example, if you set the –configuser option, and then enable auto-login, OpenVPN will run as root after connecting to the tunnel. This can lead to lingering routes, which might be problematic for some systems. Consider setting a small ping interval to keep openvpn up if this is the case. A tool called openvpn-reconnectAUR (available on the AUR) helps solve this by sending a SIGHUP to openvpn after reconnecting.


The OpenVPN Access Server (AS) allows you to create a virtual private network between your computer and another device that has a client application, such as a macOS or Windows system. Traffic sent over this connection is encrypted, and a range of other configuration options are available.

You can configure the server to accept connections from clients by supplying a gateway profile. This defines the server’s IP address, a CIDR subnet that will exist behind it to enable clients to connect, and a DHCP configuration that clients can use to find the VPN server.

You can also configure the server to set up its ethernet devices in promiscuous mode, which will allow it to direct web traffic from connected clients over other physical ethernet devices rather than only the VPN interface. This increases tunnel stability but does cause slightly higher network traffic. You can also specify a ping interval that the server will use to keep track of client connections.


After generating your configuration files with openvpn-generate, copy them to your server and start it. You can then connect to the server using a client program like Viscosity for macOS or Windows.

If you have trouble connecting to your openvpn server, you can run a simple test by pinging the host name or IP address of the Access Server and looking at the response from the machine. If the connection fails, it is likely that either the config or the VPN client has an incorrect network interface setting.

Make sure that you have the correct network interface configured in the Admin UI under Server Network Settings and that the value in this field matches the interface used by the VPN client. Also, ensure that the user account created and provisioned to the client has admin permissions and auto-login enabled. This will prevent users from being able to connect by default and can increase security. Also, it is important to keep in mind that the asymmetric routing provided by NAT can cause some issues.

Press on to know more


Your email address will not be published. Required fields are marked *

Related Posts