Skip to content →

Setup OpenVPN Server with Streisand VPN on Ubuntu 16.04 LTS and connect with Windows Client

Let’s say that you need a run-of-the-mill VPN for your own purposes and you aren’t worried about using VPN-detecting services like Netflix then OpenVPN is a great option. Unfortunately it’s also a configuration nightmare; so lucky us then that the folks over at Streisand VPN have taken care of that.

Step 0 : Unattended Upgrades

The preparation step is to install unattended upgrades as an un-patched web-server is a really bad thing

sudo apt-get update && sudo apt-get upgrade
sudo apt-get install unattended-upgrades apt-listchanges

Now to ensure /etc/apt/apt.conf.d/20auto-upgrades exists

dpkg-reconfigure -plow unattended-upgrades

Lets give it a test run to ensure things aren’t configured wrong

sudo unattended-upgrade -d

Step 1 : Setup of OpenVPN through Streisand VPN

Streisand is a VPN setup script that automatically installs and configures many popular VPNs including OpenVPN and WireGuard

First we need to generate an SSH keypair for Streisand to use (back these up since they will be necessary to login from SSH after a reboot)

ssh-keygen -t rsa
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

Now we need to install the dependencies and clone the github (note we don’t use the official github address here since there is a bug-fix we would like)

sudo add-apt-repository ppa:ansible/ansible-2.8
sudo apt-get update
sudo apt-get install ansible python
git clone https://github.com/akumaburn/streisand.git && cd streisand

Now execute the setup script, and be sure to enter your server’s IP address when prompted.

Also do NOT USE the default install, you can use all the default values in the custom install EXCEPT do not install wireguard and shadowsocks.

./streisand

At a certain point you may get an error about some tunnelblick issue, simply hit Ctrl +C and then C to continue

Once it is finished you will have your documentation available to you in the ~/streisand/generated-docs/tunnel.html file

Save it somewhere and open the file in a web-browser and follow the instructions

Step 2 : Configuration of OpenVPN

By default, OpenVPN is configured by the installation script to not allow multiple clients to use the same common-name (mentioned in the certificate), if you wish to change that you can by

sudo nano /etc/openvpn/server.conf

Find and un-comment this line so that you won’t need to generate a unique certificate for every VPN client

duplicate-cn

And hit Ctrl+o and Ctrl+x to save and exit

Now simply restart the OpenVPN server

sudo systemctl restart openvpn@server

Now you need to download the OpenVPN Connect Application and import the config file (you can pick any from the list on your website after following the tunnel.html instructions)

Now you should be able to connect

That’s it 🙂

Published in Uncategorized

Comments

Leave a Reply

Your email address will not be published.