Ubuntu VPN Setup

Introduction

Virtual Private Networks (VPNs) are essential tools in modern networking that create secure, encrypted connections between your computer and remote networks. Setting up a VPN on Ubuntu allows you to:

Access restricted resources securely from remote locations
Protect your privacy when using public networks
Bypass geographical restrictions on content
Secure your data transmission over untrusted networks

In this guide, we'll explore different methods to set up VPN connections on Ubuntu, focusing on both GUI-based approaches and command-line methods. We'll cover the most common VPN protocols used in Ubuntu: OpenVPN, WireGuard, and the built-in Network Manager VPN options.

Prerequisites

Before we begin, make sure you have:

An Ubuntu system (20.04 LTS or newer)
Administrator (sudo) privileges
Internet connection
VPN service credentials or configuration files

Network Manager VPN Setup (GUI Method)

Ubuntu's Network Manager provides a user-friendly interface to configure VPN connections. This is perfect for beginners who prefer visual interfaces.

Installing VPN Plugins

First, install the necessary VPN plugins for Network Manager:

bash
sudo apt update
sudo apt install network-manager-openvpn network-manager-openvpn-gnome network-manager-pptp network-manager-pptp-gnome network-manager-l2tp network-manager-l2tp-gnome

Setting Up OpenVPN with Network Manager

Obtain your OpenVPN configuration file (.ovpn) from your VPN provider
Click on the Network icon in the top-right corner of your screen
Select "VPN Connections" → "Configure VPN..."
Click the "+" button to add a new VPN connection
Select "Import from file..."
Navigate to your .ovpn file and select it
Fill in any additional details if prompted (username, password)
Click "Add" to save the connection

To connect to the VPN:

Click on the Network icon in the top-right corner
Select "VPN Connections"
Click on your newly created VPN connection

Setting Up PPTP with Network Manager

While PPTP is less secure than other protocols, it's still used in some environments:

Click on the Network icon in the top-right corner
Select "VPN Connections" → "Configure VPN..."
Click the "+" button to add a new VPN connection
Select "Point-to-Point Tunneling Protocol (PPTP)"
Fill in the following details:
- Connection name: A name for your VPN
- Gateway: Your VPN server address
- Username: Your VPN username
- Password: Your VPN password
In the "Advanced" settings, ensure "Use Point-to-Point encryption (MPPE)" is checked
Click "Add" to save the connection

Setting Up OpenVPN via Command Line

For users who prefer terminal-based setup or need to automate VPN connections, the command-line approach is more suitable.

Installing OpenVPN

bash
sudo apt update
sudo apt install openvpn

Basic OpenVPN Connection

To connect using an OpenVPN configuration file:

bash
sudo openvpn --config /path/to/your/config.ovpn

For example:

bash
sudo openvpn --config ~/Downloads/myvpn.ovpn

This will start the VPN connection in the foreground. To run it in the background, add the --daemon flag:

bash
sudo openvpn --daemon --config /path/to/your/config.ovpn

Creating a Systemd Service for OpenVPN

For a more permanent setup, create a systemd service for your VPN connection:

Create a configuration directory:

bash
sudo mkdir -p /etc/openvpn/client

Copy your OpenVPN configuration file:

bash
sudo cp ~/Downloads/myvpn.ovpn /etc/openvpn/client/myvpn.conf

Note: The file extension must be .conf for OpenVPN to recognize it as a configuration file.

Create a systemd service file:

bash
sudo nano /etc/systemd/system/[email protected]

Add the following content:

ini
[Unit]
Description=OpenVPN connection to %i
After=network.target

[Service]
Type=simple
ExecStart=/usr/sbin/openvpn --config /etc/openvpn/client/%i.conf
WorkingDirectory=/etc/openvpn/client
Restart=on-failure

[Install]
WantedBy=multi-user.target

Enable and start the service:

bash
sudo systemctl enable [email protected]
sudo systemctl start [email protected]

Check the status:

bash

sudo systemctl status [email protected]

Example output:

● [email protected] - OpenVPN connection to myvpn
     Loaded: loaded (/etc/systemd/system/[email protected]; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2023-05-10 14:23:42 UTC; 5s ago
   Main PID: 12345 (openvpn)
      Tasks: 1 (limit: 4612)
     Memory: 1.2M
        CPU: 120ms
     CGroup: /system.slice/system-openvpn\x2dclient.slice/[email protected]
             └─12345 /usr/sbin/openvpn --config /etc/openvpn/client/myvpn.conf

Setting Up WireGuard VPN

WireGuard is a modern, fast, and secure VPN protocol that's now built into the Linux kernel. It's often simpler to configure than OpenVPN.

Installing WireGuard

bash
sudo apt update
sudo apt install wireguard

Creating WireGuard Keys

First, generate a private and public key pair:

bash
wg genkey | tee privatekey | wg pubkey > publickey

This creates two files: privatekey and publickey in your current directory.

Creating WireGuard Configuration

Create a configuration file:

bash
sudo nano /etc/wireguard/wg0.conf

Add the following content (replacing the example values with your actual information):

ini
[Interface]
PrivateKey = your_private_key_here
Address = 10.0.0.2/24
DNS = 8.8.8.8, 8.8.4.4

[Peer]
PublicKey = server_public_key_here
AllowedIPs = 0.0.0.0/0
Endpoint = server_ip:51820
PersistentKeepalive = 25

Where:

your_private_key_here is the content of your privatekey file
server_public_key_here is the public key provided by your VPN provider
server_ip is your VPN server's IP address or domain name

Starting WireGuard Connection

To start the connection:

bash
sudo wg-quick up wg0

To stop the connection:

bash
sudo wg-quick down wg0

Setting Up WireGuard as a Systemd Service

To automatically start WireGuard at boot:

bash
sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0

Check the status with:

bash
sudo systemctl status wg-quick@wg0

VPN Connection Flow Diagram

Here's a visual representation of how VPN connections work in Ubuntu:

Troubleshooting VPN Connections

Common Issues and Solutions

VPN Connection Fails to Establish

Check your credentials are correct
Verify server address is reachable:

bash
ping vpn-server-address

Check firewall settings:

bash
sudo ufw status

If the firewall is active, allow VPN traffic:

bash
sudo ufw allow openvpn
# Or for WireGuard
sudo ufw allow 51820/udp

DNS Leaks

DNS leaks occur when your DNS queries bypass the VPN tunnel. To check for DNS leaks:

Connect to your VPN
Visit a DNS leak test website
If your ISP's DNS servers appear, you have a leak

To fix DNS leaks:

bash
sudo nano /etc/systemd/resolved.conf

Add or modify the following lines:

[Resolve]
DNS=your_vpn_dns_server_ip
DNSOverTLS=yes

Then restart the service:

bash
sudo systemctl restart systemd-resolved

Split Tunneling

Sometimes you may want only specific traffic to go through the VPN. This is called split tunneling.

For OpenVPN, modify your .ovpn file to include:

route 192.168.1.0 255.255.255.0 net_gateway

Replace 192.168.1.0 with the subnet you want to exclude from the VPN.

For WireGuard, modify the AllowedIPs in your configuration:

# Instead of routing all traffic (0.0.0.0/0)
AllowedIPs = 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16

Testing Your VPN Connection

After setting up your VPN, it's important to verify it's working correctly:

Check Your IP Address

bash
curl ifconfig.me

This should show the IP address of your VPN server, not your regular internet connection.

Check for DNS Leaks

bash
dig +short whoami.akamai.net

This should return an IP address associated with your VPN.

Verify Encryption

To confirm your traffic is encrypted, you can use tcpdump:

bash
sudo tcpdump -i your_interface -n

Replace your_interface with your network interface (e.g., eth0 or wlan0). If the VPN is working correctly, you should see encrypted packets being exchanged with your VPN server.

Summary

In this guide, we've covered multiple methods for setting up VPN connections on Ubuntu:

GUI Method: Using Network Manager for simple point-and-click setup
OpenVPN: Command-line configuration for advanced users
WireGuard: A modern, high-performance VPN protocol

Each method has its advantages and use cases. Network Manager provides simplicity for desktop users, while command-line methods offer more control and are suitable for servers or automation.

Remember that a VPN encrypts your traffic and helps protect your privacy, but it's just one component of a comprehensive security strategy. Always keep your system updated and follow security best practices.

Additional Resources

Practice Exercises

Set up a VPN connection using Network Manager and test it works by checking your IP address before and after connecting.
Create an OpenVPN systemd service that automatically reconnects if the connection drops.
Configure split tunneling with WireGuard to route only specific traffic through the VPN.
Write a simple bash script that toggles your VPN connection on and off and displays the current public IP address.

If you spot any mistakes on this website, please let me know at [email protected]. I’d greatly appreciate your feedback! :)

Introduction​

Prerequisites​

Network Manager VPN Setup (GUI Method)​

Installing VPN Plugins​

Setting Up OpenVPN with Network Manager​

Setting Up PPTP with Network Manager​

Setting Up OpenVPN via Command Line​

Installing OpenVPN​

Basic OpenVPN Connection​

Creating a Systemd Service for OpenVPN​

Setting Up WireGuard VPN​

Installing WireGuard​

Creating WireGuard Keys​

Creating WireGuard Configuration​

Starting WireGuard Connection​

Setting Up WireGuard as a Systemd Service​

VPN Connection Flow Diagram​

Troubleshooting VPN Connections​

Common Issues and Solutions​

VPN Connection Fails to Establish​

DNS Leaks​

Split Tunneling​

Testing Your VPN Connection​

Check Your IP Address​

Check for DNS Leaks​

Verify Encryption​

Summary​

Additional Resources​

Practice Exercises​