OpenVPN install on a single Ubuntu 18.04 server with EasyRSA 3.0.5

Update the system and install the OpenVPN server

apt update && apt dist-upgrade -y
apt install openvpn

Get the right version of the EasyRSA from GitHub

cd ~
tar xvf EasyRSA-nix-3.0.5.tgz
cd ~/EasyRSA-3.0.5/

Configure the vars file

cp vars.example vars
nano vars
set_var EASYRSA_REQ_PROVINCE "California"
set_var EASYRSA_REQ_CITY "San Francisco"
set_var EASYRSA_REQ_ORG "Copyleft Certificate Co"
set_var EASYRSA_REQ_OU "My Organizational Unit"

Run init-pki to initiate the public key infrastructure

./easyrsa init-pki

Build the CA

./easyrsa build-ca nopass

Generate a request and sign the OpenVPN server’s certificate

 ./easyrsa gen-req server nopass 
./easyrsa sign-req server server

Copy the server.key server.crt and ca.crt to the right place

cp ~/EasyRSA-3.0.5/pki/private/server.key /etc/openvpn/
cp ~/EasyRSA-3.0.5/pki/issued/server.crt /etc/openvpn/
cp ~/EasyRSA-3.0.5/pki/ca.crt /etc/openvpn/

Create a strong Diffie-Hellman key and HMAC signature, than copy to /etc/openvpn/ directory

./easyrsa gen-dh
openvpn --genkey --secret ta.key
cp ~/EasyRSA-3.0.5/ta.key /etc/openvpn/
cp ~/EasyRSA-3.0.5/pki/dh.pem /etc/openvpn/

Generating a Client Certificate and Key Pair

mkdir -p ~/client-configs/keys
chmod -R 700 ~/client-configs
cd ~/EasyRSA-3.0.5/
./easyrsa gen-req client1 nopass
cp pki/private/client1.key ~/client-configs/keys/

Leave a Reply

Your email address will not be published. Required fields are marked *