- Lab
-
Libraries: If you want this lab, consider one of these libraries.
- Cloud

Configure an OpenVPN Server and Client on Ubuntu
A virtual private network (VPN) provides a secure connection for users to access a private network remotely. This grants access to resources on the private network and prevents third parties from accessing sensitive information. In this hands-on lab, you will be tasked with configuring an OpenVPN server that includes a public key infrastructure (PKI) that is capable of receiving connections from an OpenVPN client.

Lab Info
Table of Contents
-
Challenge
Configure the Public Key Infrastructure (PKI) on the OpenVPN Server Host
- Install the
openvpn
andeasy-rsa
services. - Configure the certificate authority (CA). The common name should be
openvpn-ca
. - Create keys and certificates for the OpenVPN server and client. The server should be called
vpnserver
, and the client should be calledvpnclient
. - Sign certificates for the OpenVPN server and client.
- Generate Diffie-Hellman parameters.
- Copy the following files to
/etc/openvpn
:dh.pem
,ca.crt
,vpnserver.crt
, andvpnserver.key
. - Copy
ca.crt
,vpnclient.crt
, andvpnclient.key
to the/home/cloud_user
directory on the OpenVPN client host (10.0.1.102).
- Install the
-
Challenge
Configure the OpenVPN Server
- Unzip
usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz
to/etc/openvpn
. Ensure that the name of the file isvpnserver.conf
. - Modify
vpnserver.conf
, and ensure that it correctly points to the following files:ca.crt
,vpnserver.crt
,vpnserver.key
, anddh.pem
. - Generate the TLS authentication key (
ta.key
) and copy it to the/home/cloud_user
directory on the OpenVPN client. - Enable IPv4 forwarding.
- Start and enable the
openvpn
service.
- Unzip
-
Challenge
Configure the OpenVPN Client
- Install the
openvpn
service. - Copy
/usr/share/doc/openvpn/examples/sample-config-files/client.conf
as well as the certificates and keys in/home/cloud_user
to/etc/openvpn
. - Modify /
etc/openvpn/client.conf
and ensure that it does the following:- Points to the
ca.crt
,vpnclient.crt
,vpnclient.key
, andta.key
files - Includes the word
client
- Includes the correct IP address and port for the OpenVPN server
- Points to the
- Start and enable the
openvpn
service.
- Install the
About the author
Real skill practice before real-world application
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Learn by doing
Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.
Follow your guide
All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.
Turn time into mastery
On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.