Configure an OpenVPN Server and Client on Ubuntu

Libraries: If you want this lab, consider one of these libraries.
Cloud

Configure an OpenVPN Server and Client on Ubuntu

A virtual private network (VPN) provides a secure connection for users to access a private network remotely. This grants access to resources on the private network and prevents third parties from accessing sensitive information. In this hands-on lab, you will be tasked with configuring an OpenVPN server that includes a public key infrastructure (PKI) that is capable of receiving connections from an OpenVPN client.

Get started Contact sales

Lab Info

Level

Intermediate

Last updated

Sep 25, 2025

Duration

30m

Challenge

Configure the Public Key Infrastructure (PKI) on the OpenVPN Server Host
- Install the openvpn and easy-rsa services.
- Configure the certificate authority (CA). The common name should be openvpn-ca.
- Create keys and certificates for the OpenVPN server and client. The server should be called vpnserver, and the client should be called vpnclient.
- Sign certificates for the OpenVPN server and client.
- Generate Diffie-Hellman parameters.
- Copy the following files to /etc/openvpn: dh.pem, ca.crt, vpnserver.crt, and vpnserver.key.
- Copy ca.crt, vpnclient.crt, and vpnclient.key to the /home/cloud_user directory on the OpenVPN client host (10.0.1.102).
Challenge

Configure the OpenVPN Server
- Unzip usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz to /etc/openvpn. Ensure that the name of the file is vpnserver.conf.
- Modify vpnserver.conf, and ensure that it correctly points to the following files: ca.crt, vpnserver.crt, vpnserver.key, and dh.pem.
- Generate the TLS authentication key (ta.key) and copy it to the /home/cloud_user directory on the OpenVPN client.
- Enable IPv4 forwarding.
- Start and enable the openvpn service.
Challenge

Configure the OpenVPN Client
- Install the openvpn service.
- Copy /usr/share/doc/openvpn/examples/sample-config-files/client.conf as well as the certificates and keys in /home/cloud_user to /etc/openvpn.
- Modify /etc/openvpn/client.conf and ensure that it does the following:
  
  Points to the ca.crt, vpnclient.crt, vpnclient.key, and ta.key files
  
  Includes the word client
  
  Includes the correct IP address and port for the OpenVPN server
- Start and enable the openvpn service.

About the author

Pluralsight Skills

Pluralsight Skills gives leaders confidence they have the skills needed to execute technology strategy. Technology teams can benchmark expertise across roles, speed up release cycles and build reliable, secure products. By leveraging our expert content, skill assessments and one-of-a-kind analytics, keep up with the pace of change, put the right people on the right projects and boost productivity. It's the most effective path to developing tech skills at scale.

Real skill practice before real-world application

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Learn by doing

Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.

Follow your guide

All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.

Turn time into mastery

On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.