Incapio - Blog Posts © 2022 by Incapio is licensed under CC BY-SA 4.0 

How to Setup OpenVPN-AS in Ubuntu 20.04 - Google Cloud(GCP)

Updated: Jan 28

Prerequisites:

You will need the following items to complete this tutorial

Step - 1. Create a Compute Engine (VM) Instance.

OpenVPN GCP, Compute Engine - Instance Name, Region, Zone, Machine Family, Series, and Type
  • Next, click on "create instance" to launch a new virtual machine and type the instance name (For example, openvpn-access-server), then choose the region you prefer to launch VM instance, next choose the zone and machine family, series, type or leave those options to default.

OpenVPN setup GCP, Ubuntu 20.04 LTS Book Disk
  • Scroll down until you notice the boot disk, and click on change the boot disk, then select the operating system to Ubuntu and choose the version to 20.04 LTS also increase the disk size to 15 GB (if you prefer to or leave it as default) and click on "select " to finalize the boot disk.

OpenVPN Setup GCP, Compute Engine Networking, Network Tag, Hostname, and IP Forwarding
OpenVPN Setup GCP, Compute Engine, Static IP Address. External IP
  • Lastly, scroll down to the network interface, and expand the default field to edit network interfaces. Beneath the External IP, click on the drop-down and choose to create an IP address for the virtual machine instance.

  • Then scroll down to the bottom of the page and click on create to deploy the virtual machine instance.

  • Usually, virtual machine deployment takes a few seconds; Once it is complete, We can notice the status information of the virtual machine, such as name, zone, internal IP, External IP and so forth.

Step - 2. Create Firewall Rules.


Add Ingress firewall rules.
OpenVPN Setup GCP, Firewall Rules, TCP and UDP
  1. Go to the Firewall rules page in the VPC network section in the Cloud Console.

  2. Click Create a firewall rule.

  3. On the Create a firewall rule page, enter a name and description.

  4. In the Targets menu, select Specified target tags.

  5. In the Target tags field, enter op-firewall (which is the name that you gave in the Network tags field in the previous section).

  6. In the Source IP ranges field, enter 0.0.0.0/0.

  7. In the Protocols and ports section, select Specified protocols and ports.

  8. Select TCP and enter the following: 22,443,943,945

  9. Select UDP and enter the following: 1194

  10. Click Create.

Add Egress firewall rules
  1. Go to the Firewall rules page in the VPC network section in the Cloud Console.

  2. Click Create a firewall rule.

  3. On the Create a firewall rule page, enter a name and description.

  4. In the Direction of Traffic, choose Egress.

  5. In the Targets menu, select Specified target tags.

  6. In the Target tags field, enter op-firewall (which is the name that you gave in the Network tags field in the previous section).

  7. In the Destination IP ranges field, enter 0.0.0.0/0.

  8. In the Protocols and ports section, select Allow all.

  9. Click Create.

Step -3. Install Dependencies for OpenVPN Access Server.

  • Navigate to the virtual machine instances interface, and click on the VM instance (OpenVPN server) SSH option to launch the secure shell access and type "sudo su -" and hit enter to switch to root user.

Install Dependencies:

  • Update and install CA, Net-tools and GnuPG.

apt update && apt -y install ca-certificates wget net-tools gnupg
  • Import Public Key

wget -qO - https://as-repository.openvpn.net/as-repo-public.gpg | apt-key add -
  • Then, as root, create a sources.list fragment so that apt can find the new OpenVPN packages.

echo "deb http://as-repository.openvpn.net/as/debian focal main">/etc/apt/sources.list.d/openvpn-as-repo.list

Step - 4. Install OpenVPN Access Server.

  • Run the following command to install OpenVPN.

apt update && apt -y install openvpn-as
  • Output

Please enter "passwd openvpn" to set the initial
administrative password, then login as "openvpn" to continue
configuration here: https://10.128.0.4:943/admin
To reconfigure manually, use the /usr/local/openvpn_as/bin/ovpn-init tool.
+++++++++++++++++++++++++++++++++++++++++++++++
Access Server 2.9.6 has been successfully installed in /usr/local/openvpn_as
Configuration log file has been written to /usr/local/openvpn_as/init.log
Access Server Web UIs are available here:
Admin  UI: https://10.128.0.4:943/admin
Client UI: https://10.128.0.4:943/
+++++++++++++++++++++++++++++++++++++++++++++++
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for libc-bin (2.31-0ubuntu9.2) ...
  • To Access Server Web User Interface

  • Admin UI:

  • https://VM-External-IP:943/admin or https://VM-External-IP/admin

  • Client UI:

  • https://VM-External-IP/?src=connect

Conclusion:

Here are some more setup options that are recommended.



886 views0 comments

Do you need assistance? Visit Forum to join the conversation.