This post is for installing OpenVPN CE on Ubuntu 18.04. The instructions are for a brand new install of the OS so if you are following along on a server that has been up for a while, it will most likely still work but you may need to do some investigating if you run into problems. OpenVPN uses TLS/SSL encryption to hide the traffic between the server and the clients. SSL is awesome and pretty easy to setup once you get understand the process.

It is highly recommended that you use a different system for certificate generation, also called a certificate authority (CA). Any system will work as a CA but I am using the same setup as the OpenVPN server, Ubuntu 18.04, to build the public key infrastructure or PKI CA. The process flows like this:

  1. Create a root certificate authority.
  2. Request a new certificate from the OpenVPN host.
  3. Create and sign a certificate for the OpenVPN host.
  4. Revoke certificates if they become compromised or for any other reason.
  5. Run a VPN to hide your traffic or connect to resources behind a firewall/CG-NAT.

Use Easy-RSA to create your PKI CA infrastructure

Easy-RSA is developed by the folks over at OpenVPN along side the VPN software but it is a separate package. We need to have the package on both the CA and VPN host, run the following on both machines:

```easy-rsa

wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v3.0.6.tgz

Once you have your shiny new server installed, head to over to a terminal emulator and gain access to your server. I use ssh for remote access to all my machines, it's typically already installed on every machine you will need to access and it is very secure if configured properly. The format for the ssh command is like this:

ssh username@host.domain.tld

I use the same name for my accounts on all my servers and I add all my machines to ``/etc/hosts`` so you may see me use ssh like this:

ssh host

Now that we are logged in to the host we plan to use as an OpenVPN server, lets get down to business. First thing to do is remove any of the default packages you may not need, I've a document where I discuss the pros and cons to some of the default software installed on Ubuntu server, some of these packages may not be needed and take up resources that can be used in better ways. Next update the software cache and upgrade any out of date software.

sudo apt update && sudo apt upgrade

You will see many guides adding "-y" to the end of the command above, that just tells the upgrade to proceed without needing input from the user. I like to see what packages are going to be installed so I am able to stop the installation if there is something I have a question about.

Install OpenVPN comunity edition

sudo apt install openvpn