How to Install OpenVPN on Linux Mint

OpenVPN is a widely-used VPN solution providing secure network connections. Installing OpenVPN on Linux Mint involves setting up the client or server components through the terminal, ensuring encrypted communication for your system.

Update System Packages

Updating package lists and installed packages keeps your system stable and ensures access to the latest OpenVPN version.

sudo apt update  
sudo apt upgrade -y

Install OpenVPN Package

Install OpenVPN and the Easy-RSA utility to generate encryption keys and certificates.

sudo apt install openvpn easy-rsa -y

Set Up Easy-RSA Directory

Copy Easy-RSA scripts to a working directory for generating the Public Key Infrastructure (PKI).

make-cadir ~/openvpn-ca  
cd ~/openvpn-ca

Configure the PKI Variables

Edit the variables file to set defaults for your certificates (country, organization, etc.).

nano vars

Modify values like set_var EASYRSA_REQ_COUNTRY or set_var EASYRSA_REQ_ORG according to your details, then save and exit.

Build the Certificate Authority (CA)

Initialize the PKI and build the root certificate authority required to sign client and server certificates.

./easyrsa init-pki  
./easyrsa build-ca

When prompted, enter a secure passphrase and confirm information.

Create Server Certificate and Key

Generate the server’s private key and certificate signed by the CA.

./easyrsa gen-req server nopass  
./easyrsa sign-req server server

Confirm signing request with “yes” when asked.

Generate Diffie-Hellman Parameters

Diffie-Hellman parameters facilitate secure key exchange during VPN connection setup.

./easyrsa gen-dh

Create TLS-Auth Key for Extra Security

TLS-auth key protects the server from unauthorized packets by adding an HMAC signature.

openvpn --genkey --secret ta.key

Copy Keys and Certificates to OpenVPN Directory

Place all necessary keys and certificates where OpenVPN expects them to enable server operation.

sudo cp pki/ca.crt pki/private/server.key pki/issued/server.crt pki/dh.pem ta.key /etc/openvpn/

Create Server Configuration File

Create a minimal server configuration file enabling routing, encryption, and networking settings.

sudo nano /etc/openvpn/server.conf

Example server.conf content:

port 1194  
proto udp  
dev tun  
ca ca.crt  
cert server.crt  
key server.key  
dh dh.pem  
tls-auth ta.key 0  
keepalive 10 120  
cipher AES-256-CBC  
persist-key  
persist-tun  
user nobody  
group nogroup  
status openvpn-status.log  
verb 3

Enable IP Forwarding

This allows packets to be routed between the VPN and the local network.

sudo nano /etc/sysctl.conf

Uncomment or add the following line:

net.ipv4.ip_forward=1

Apply changes:

sudo sysctl -p

Configure UFW Firewall

Allow OpenVPN traffic and enable masquerading for VPN subnet in the firewall rules.

sudo ufw allow 1194/udp  
sudo nano /etc/ufw/before.rules

Add the following at the top before the *filter section:

*nat  
:POSTROUTING ACCEPT [0:0]  
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE  
COMMIT

Enable forwarding in UFW config:

sudo nano /etc/default/ufw

Set:

DEFAULT_FORWARD_POLICY="ACCEPT"

Reload UFW:

sudo ufw disable  
sudo ufw enable

Start and Enable OpenVPN Server

Launch the OpenVPN server service and enable it to start on boot.

sudo systemctl start openvpn@server  
sudo systemctl enable openvpn@server

Check service status:

sudo systemctl status openvpn@server

Create Client Certificates

Generate client keys and certificates for secure server connection.

cd ~/openvpn-ca  
./easyrsa gen-req client1 nopass  
./easyrsa sign-req client client1

Transfer necessary client files (ca.crt, client1.crt, client1.key, ta.key) for VPN setup. OpenVPN installation on Linux Mint secures your network with strong encryption and flexible configuration. For more detailed tutorials, server purchases, and expert support, use dropvps services.