Openvpn Setup on Ubuntu 18.04 Bionic Beaver Linux -

Learn how to install and configure Openvpn server on Ubuntu 18.04 Bionic Beaver.
This is a companion discussion topic for the original entry at



In the client configuration example, you refer to the client.key and client.crt, where are these files generated?

Egidio Docile -> Ed

They are generated inside the “certificates/keys” directory, where “certificates” it’s the name used for the directory generated with the make-cadir command in this tutorial. It’s the same directory where the keys and certificates for the server are generated.

Cary Bielenberg

I get this when I type source vars “-su: /root/certificates/openssl-1.0.0.cnf: Permission denied” and i’m logged in as root

Matt -> Cary Bielenberg

Hey Cary, I ran into the same issue. Since the variable was previously being populated by a command, you need to remove the backticks ( ) and replace them with quotes.

Egidio Docile -> Cary Bielenberg

You should use administrative privileges only when strictly necessary. I see you are trying to generate the certificates in the /root directory, which is the “home” of root, don’t do that. Work as a normal user and generate the files inside /home/youruser.

Ricky M

Hi, the server’s CRL has expired. How can I re-generate it without having to make any changes on the clients side. I noticed that in the openssl-1.0.0.cnf file the variable “default_crl_days=” was set to just 30 days. I think this is the solution but I couldnt run it in my installation: [Solved] Regenerate expired crl? - OpenVPN Support Forum

What error do you receive when you run the command?

‘Activating’ instead of ‘Active’ was returned after checking the server status. Any suggestions as to what could have caused this?

so, I’ve followed the tutorial and except that I use a different firewall (firewalld), everything works wonderfully! Only problem: once connect to the VPN, when I visit whatismyip[dot]com, it still shows my current IP and not the one from the VPN server. Is there something else I need to do?

In Step 2.1 when I enter (source vars) I get this error “No /home/juan/certificates/openssl.cnf file could be found
Further invocations will fail”

NOTE: If you run ./clean-all, I will be doing a rm -rf on /home/juan/certificates/keys