Vultr DocsLatest Content

How to Install OpenVPN on Ubuntu 24.04

Updated on 06 November, 2025
Step-by-step article to install, configure, and secure OpenVPN on Ubuntu 24.04 for encrypted server-client VPN connections.
How to Install OpenVPN on Ubuntu 24.04 header image

OpenVPN is an open-source, full-featured VPN solution that enables secure site-to-site and point-to-point connections. OpenVPN creates encrypted tunnels using TLS (Transport Layer Security) to secure data transmission over untrusted networks such as the Internet between clients and servers. It supports multiple encryption algorithms, including AES-256, to encrypt traffic and protect network communication from man-in-the-middle and eavesdropping attacks.

This article explains how to install OpenVPN on Ubuntu 24.04 and configure it to create secure end-to-end encrypted connections between the VPN server and client devices.

Prerequisites

Before you begin, you need to:

Install OpenVPN

OpenVPN is available in the default package repositories on Ubuntu 24.04. Follow the steps below to update the APT package manager index and install OpenVPN on your server.

  1. Update the APT package index.

    console 
    $ sudo apt update

  2. Install OpenVPN.

    console 
    $ sudo apt install openvpn -y

  3. Verify the installed OpenVPN version.

    console 
    $ openvpn --version

    Your output should be similar to the one below.

    OpenVPN 2.6.12 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
library versions: OpenSSL 3.0.13 30 Jan 2024, LZO 2.10
DCO version: N/A
Originally developed by James Yonan
.................................................................

    OpenVPN 2.6.12 is installed based on the above output.

Create the OpenVPN Server Private Key, Certificate, and TLS Encryption Files

OpenVPN requires a server certificate, private key, and encryption files signed by a trusted certificate authority (CA) to enable VPN tunnel connections. Easy-RSA is a certificate authority management tool for applications like OpenVPN that issue digital certificates, including server certificates and private key pairs. Follow the steps below to install Easy-RSA, create the public key infrastructure (PKI), build a certificate authority, and generate a new server certificate and private key.

  1. Install Easy-RSA.

    console 
    $ sudo apt install easy-rsa -y

  2. Navigate to your user's home directory.

    console 
    $ cd

  3. Create a new easy-rsa directory.

    console 
    $ mkdir easy-rsa

  4. Link the /usr/share/easy-rsa directory to easy-rsa to access the Easy-RSA script and package files.

    console 
    $ ln -s /usr/share/easy-rsa/* easy-rsa/

  5. List the easy-rsa directory and verify the linked files.

    console 
    $ ls easy-rsa

    Output:

    easyrsa  openssl-easyrsa.cnf  vars.example  x509-types

  6. Change to the easy-rsa directory.

    console 
    $ cd easy-rsa

  7. Create a new vars configuration using a text editor such as nano.

    console 
    $ nano vars

  8. Add the following certificate authority configurations to the file.

    ini 
    set_var EASYRSA_REQ_COUNTRY    "US"
set_var EASYRSA_REQ_PROVINCE   "Georgia"
set_var EASYRSA_REQ_CITY       "Atlanta"
set_var EASYRSA_REQ_ORG        "Vultr Docs"
set_var EASYRSA_REQ_EMAIL      "linuxuser@example.com"
set_var EASYRSA_REQ_OU         "Community"
set_var EASYRSA_ALGO           "ec"
set_var EASYRSA_DIGEST         "sha512"

    Save and close the file.

    The above configuration specifies the organizational information for building your CA, including the country, city, administrative email, and unit details.

  9. Initialize the PKI using the easy-rsa script.

    console 
    $ ./easyrsa init-pki

    Output:

    Notice
------
'init-pki' complete; you may now create a CA or requests.

Your newly created PKI dir is:
* /home/linuxuser/easy-rsa/pki

Using Easy-RSA configuration:
* /home/linuxuser/easy-rsa/vars

  10. Build the CA to generate the root public certificate and private key pair.

    console 
    $ ./easyrsa build-ca

    • Enter a strong passphrase for signing certificate requests and repeat it when prompted to secure the CA.

      ...
Enter New CA Key Passphrase:

    • Enter a common name for the CA, such as OpenVPN-CA.

      ...
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:

    • Verify the generated ca.crt CA certificate path.

      Notice
------
CA creation complete. Your new CA certificate is at:
* /home/linuxuser/easy-rsa/pki/ca.crt

  11. Generate a new server certificate request. Replace vpnserver with your desired server common name.

    console 
    $ ./easyrsa gen-req vpnserver nopass

    • Press Enter when prompted to verify the common name.

      ...
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [vpnserver]:

    • Verify the generated public certificate request and private key paths when successful.

      Notice
------
Private-Key and Public-Certificate-Request files created.
Your files are:
* req: /home/linuxuser/easy-rsa/pki/reqs/vpnserver.req
* key: /home/linuxuser/easy-rsa/pki/private/vpnserver.key

  12. Sign the server certificate request using the CA.

    console 
    $ ./easyrsa sign-req server vpnserver

    • Enter yes and press Enter when prompted to verify the certificate request.

      Using Easy-RSA 'vars' configuration:
* /home/linuxuser/easy-rsa/vars
...
Type the word 'yes' to continue, or any other input to abort.
  Confirm request details:

    • Enter your CA passphrase when prompted to sign the server certificate request.

      Using configuration from /home/linuxuser/easy-rsa/pki/openssl-easyrsa.cnf
Enter pass phrase for /home/linuxuser/easy-rsa/pki/private/ca.key:

      Your output should look like the one below when successful.

      ...
Notice
------
Certificate created at:
* /home/linuxuser/easy-rsa/pki/issued/vpnserver.crt

  13. List the pki/issued directory to verify the generated server certificate.

    console 
    $ ls pki/issued

    Output:

    vpnserver.crt

  14. Generate a ta.key HMAC signature file to enable TLS verification and authentication on the OpenVPN server.

    console 
    $ sudo openvpn --genkey secret ta.key

  15. List your working directory files to verify the generated ta.key file.

    console 
    $ ls

    Output:

    df.pem easyrsa  openssl-easyrsa.cnf  pki  ta.key  vars  vars.example  x509-types

  16. Create a strong Diffie-Hellman parameters file to secure key exchange for encrypted OpenVPN sessions.

    console 
    $ ./easyrsa gen-dh

    Output:

    Generating DH parameters, 2048 bit long safe prime
.....................
DH parameters appear to be ok.

Notice
------

DH parameters of size 2048 created at:
* /home/linuxuser/easy-rsa/pki/dh.pem

  17. List the pki directory to verify the generated dh.pem file.

    console 
    $ ls pki/

    Output:

    ca.crt           dh.pem     .....................

  18. Copy the ca.crt, vpnserver.key, vpnserver.crt, ta.key, and dh.pem files to the /etc/openvpn directory.

    console 
    $ sudo cp ta.key pki/ca.crt pki/private/vpnserver.key pki/issued/vpnserver.crt pki/dh.pem /etc/openvpn/

Configure OpenVPN

OpenVPN uses server and client configurations in the /etc/openvpn directory to create tunnel interfaces and the respective systemd services. /etc/openvpn contains the server configurations you can manage with the openvpn@ service, while /etc/openvpn/server contains additional configurations manageable with the openvpn-server@ service. Follow the steps below to create a new OpenVPN server configuration in the /etc/openvpn directory to enable a VPN tunnel interface on your server.

  1. Copy the sample /usr/share/doc/openvpn/examples/sample-config-files/server.conf OpenVPN server configuration template to the /etc/openvpn directory.

    console 
    $ sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf /etc/openvpn/

  2. Navigate to the /etc/openvpn directory.

    console 
    $ cd /etc/openvpn

  3. Open the copied server.conf file.

    console 
    $ sudo nano server.conf

    • Optional: Remove ; to uncomment the local directive and replace a.b.c.d with the server IP address OpenVPN should use to listen for incoming connections. Replace 192.0.2.100 with your server's actual public IP address.

      ini 
      local 192.0.2.100

    • Find the dev directive and verify the default OpenVPN tunnel type.

      ini 
      dev tun

      tun creates routed IP tunnels, while tap creates Ethernet tunnels.

    • Find the ca, cert, and key options, then replace the default ca.crt,server.crt, and server.key values with the actual paths to your certificate authority, server certificate, and server private key files.

      ini 
      ca /etc/openvpn/ca.crt
cert /etc/openvpn/vpnserver.crt
key /etc/openvpn/vpnserver.key

      Within the above configuration:

      • ca: Specifies the certificate authority (CA) path.
      • cert: Specifies the server's public certificate path.
      • key: Specifies the private key used to verify the server's public certificate and establish secure VPN connections.

    • Find the dh directive and replace dh2048.pem with your actual Diffie-Hellman file path.

      ini 
      dh /etc/openvpn/dh.pem

    • Find the data-ciphers directive, remove ; to uncomment it to enable OpenVPN to use strong, modern ciphers for encryption, then add data-ciphers-fallback AES-256-CBC as a fallback.

      ini 
      data-ciphers AES-256-GCM:AES-128-GCM:?CHACHA20-POLY1305:AES-256-CBC
data-ciphers-fallback AES-256-CBC

    • Add the following auth directive below data-ciphers to specify the HMAC digest algorithm, such as SHA512, for authenticating each packet.

      ini 
      auth SHA512

    • Find the server directive and specify the VPN subnet to assign client addresses. For example, change the default 10.8.0.0 subnet to 10.10.10.0.

      ini 
      server 10.10.10.0 255.255.255.0

    • Find the ;push "redirect-gateway def1 bypass-dhcp" directive and remove ; to uncomment it, redirecting all traffic through the VPN.

      ini 
      push "redirect-gateway def1 bypass-dhcp"

    • Find the dhcp-option directives and replace the default addresses with your preferred DNS servers, such as 8.8.8.8 and 1.1.1.1, to enable faster name resolution, then remove ; to uncomment the options.

      ini 
      push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 1.1.1.1"

    • Find the tls-auth directive, uncomment it, replace ta.key with your actual key path, and keep 0 as the direction.

      ini 
      tls-auth /etc/openvpn/ta.key 0 # This file is secret

    • Find the user and group pair, replace openvpn with nobody and nogroup respectively to run OpenVPN with reduced privileges, then remove ; to uncomment the options.

      ini 
      user nobody
group nogroup

      Save and close the server.conf file.

    • Your modified server.conf file should look like the one below.

      ini 
      port 1194
proto udp
dev tun

ca /etc/openvpn/ca.crt
cert /etc/openvpn/vpnserver.crt
key /etc/openvpn/vpnserver.key
dh /etc/openvpn/dh.pem

data-ciphers AES-256-GCM:AES-128-GCM:?CHACHA20-POLY1305:AES-256-CBC
data-ciphers-fallback AES-256-CBC
auth SHA512
topology subnet

server 10.10.10.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 1.1.1.1"

keepalive 10 120
tls-auth /etc/openvpn/ta.key 0

user nobody
group nogroup
persist-key
persist-tun

status /var/log/openvpn/openvpn-status.log
verb 3
explicit-exit-notify 1

  4. Test the OpenVPN server configuration and verify it runs without errors.

    console 
    $ sudo openvpn --config /etc/openvpn/server.conf

    Your output should be similar to the one below when the configuration test is successful.

    ...
2025-07-10 22:21:00 IFCONFIG POOL IPv4: base=10.10.10.2 size=253
2025-07-10 22:21:00 IFCONFIG POOL LIST
2025-07-10 22:21:00 Initialization Sequence Completed
    • Press Ctrl + C to stop the configuration test.

Enable IP Forwarding

Follow the steps below to enable IP forwarding on the server, allowing OpenVPN clients to access the Internet through the VPN.

  1. Open the /etc/sysctl.conf file to enable IP forwarding on the server.

    console 
    $ sudo nano /etc/sysctl.conf

  2. Find the # net.ipv4.ip_forward=1 directive and remove # to uncomment it.

    ini 
    net.ipv4.ip_forward=1

    Save and close the file.

    The above net.ipv4.ip_forward=1 configuration enables IP forwarding, allowing OpenVPN clients to route traffic through the VPN.

  3. Apply the /etc/sysctl.conf configuration changes.

    console 
    $ sudo sysctl -p

    Output:

    net.ipv4.ip_forward = 1

  4. Run the following command to verify the public network interface on your server.

    console 
    $ ip route | grep default

    Note the public interface name like enp1s0 in your output, similar to the one below.

    default via 192.0.2.1 dev enp1s0 proto dhcp src 192.0.2.100 metric 100

  5. Check the UFW status and verify that it's installed.

    console 
    $ sudo ufw status

    • Run the following command to install UFW and allow SSH traffic if it's not installed.

      console 
      $ sudo apt install ufw -y && sudo ufw allow ssh

  6. Open the /etc/ufw/before.rules file to enable NAT through the firewall.

    console 
    $ sudo nano /etc/ufw/before.rules

  7. Add the following POSTROUTING policy configuration before the *filter section. Replace enp1s0 with your actual public interface name.

    ini 
    *nat
:POSTROUTING ACCEPT [0:0]

-A POSTROUTING -s 10.10.10.0/24 -o enp1s0 -j MASQUERADE

COMMIT

    Save and close the file.

    The above firewall configuration modifies the default POSTROUTING policy in the nat table to masquerade all traffic from the 10.10.10.0/24 VPN subnet through the server's enp1s0 public network interface.

  8. Open the /etc/ufw/sysctl.conf file to enable IP forwarding through UFW.

    console 
    $ sudo nano /etc/ufw/sysctl.conf

  9. Find the #net/ipv4/ip_forward=1 directive and remove # to uncomment it.

    ini 
    net/ipv4/ip_forward=1

    Save and close the file.

    The above net/ipv4/ip_forward=1 configuration enables IP forwarding through the firewall to route packets between the OpenVPN tun interface and other interfaces on the server.

  10. Open the /etc/default/ufw file to allow forwarded packets through UFW.

    console 
    $ sudo nano /etc/default/ufw

  11. Find the DEFAULT_FORWARD_POLICY directive and change the default value from DROP to ACCEPT.

    ini 
    DEFAULT_FORWARD_POLICY="ACCEPT"

    Save and close the file.

    The above configuration enables UFW to allow forwarded packets through the firewall.

  12. Reload UFW to apply the firewall configuration changes.

    console 
    $ sudo ufw reload

Secure the OpenVPN Server

Follow the steps below to allow connections to the OpenVPN server through the default firewall configuration.

  1. Allow incoming connections to the tun0 OpenVPN interface.

    console 
    $ sudo ufw allow in on tun0

  2. Allow outgoing connections from the tun0 interface.

    console 
    $ sudo ufw allow out on tun0

  3. Allow network connections to the 1194 OpenVPN server port.

    console 
    $ sudo ufw allow 1194/udp

  4. Reload UFW to apply the firewall configuration changes.

    console 
    $ sudo ufw reload

  5. Check the UFW status to verify the active firewall rules.

    console 
    $ sudo ufw status

    Output:

    Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
Anywhere on tun0           ALLOW       Anywhere                  
1194/udp                   ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)             
Anywhere (v6) on tun0      ALLOW       Anywhere (v6)             
1194/udp (v6)              ALLOW       Anywhere (v6)             

Anywhere                   ALLOW OUT   Anywhere on tun0          
Anywhere (v6)              ALLOW OUT   Anywhere (v6) on tun0

Manage the OpenVPN Server

OpenVPN uses systemd to manage the VPN interfaces based on the server configurations in the /etc/openvpn directory. Follow the steps below to manage the OpenVPN service based on your server configuration and verify the VPN tunnel interface details.

  1. Enable the OpenVPN service to start automatically at boot.

    console 
    $ sudo systemctl enable openvpn@server.service

    Output:

    Created symlink /etc/systemd/system/multi-user.target.wants/openvpn@server.service → /usr/lib/systemd/system/openvpn@.service.

  2. Start the OpenVPN service.

    console 
    $ sudo systemctl start openvpn@server.service

  3. View the OpenVPN service status and verify that it runs without errors.

    console 
    $ sudo systemctl status openvpn@server.service

    Output:

    ● openvpn@server.service - OpenVPN connection to server
 Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; preset: enabled)
 Active: active (running) since Thu 2025-07-10 22:27:07 UTC; 6s ago
...

  4. Verify that the tun0 OpenVPN interface is active and correctly configured on the server.

    console 
    $ ip addr show dev tun0

    Output:

    4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq state UNKNOWN group default qlen 500
    link/none 
    inet 10.10.10.1/24 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::42ab:ad8b:dd59:baf4/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever

Create a Client Certificate and Private Key Pair

OpenVPN requires a valid client certificate and private key pair to connect to the VPN server. Follow the steps below to create a new client certificate and private key to use in your VPN client configuration.

  1. Create a new keys directory in /etc/openvpn/client to store the client encryption keys.

    console 
    $ sudo mkdir -p /etc/openvpn/client/keys

  2. Navigate to the easy-rsa directory.

    console 
    $ cd ~/easy-rsa

  3. Generate a new certificate request using the easyrsa script. Replace vpnclient1 with your desired client name.

    console 
    $ ./easyrsa gen-req vpnclient1 nopass

    • Press Enter when prompted to verify your client's common name.

      ...
Common Name (eg: your user, host, or server name) [vpnclient1]:

    • Verify the generated private key and public certificate request paths in your output similar to the one below.

      Notice
------
Private-Key and Public-Certificate-Request files created.
Your files are:
* req: /home/linuxuser/easy-rsa/pki/reqs/vpnclient1.req
* key: /home/linuxuser/easy-rsa/pki/private/vpnclient1.key

  4. Import the signing request to generate a new client certificate.

    console 
    $ ./easyrsa sign-req client vpnclient1

    • Enter yes and press Enter when prompted to verify the client's common name to sign the certificate.

      You are about to sign the following certificate:
...
subject=
    commonName                = vpnclient1

Type the word 'yes' to continue, or any other input to abort.
  Confirm request details:

    • Enter your CA passphrase to sign the certificate.

      Using configuration from /home/linuxuser/easy-rsa/pki/openssl-easyrsa.cnf
Enter pass phrase for /home/linuxuser/easy-rsa/pki/private/ca.key:

    • Verify the generated client certificate path in your output similar to the one below.

      ...
Notice
------
Certificate created at:
* /home/linuxuser/easy-rsa/pki/issued/vpnclient1.crt

  5. Copy the vpnclient1.crt client certificate to the /etc/openvpn/client/keys directory.

    console 
    $ sudo cp pki/issued/vpnclient1.crt /etc/openvpn/client/keys

  6. Move the vpnclient1.key private key to the /etc/openvpn/client/keys directory.

    console 
    $ sudo cp pki/private/vpnclient1.key /etc/openvpn/client/keys

Create OpenVPN Client Configuration Files

Follow the steps below to create a new client configuration to connect to the OpenVPN server.

  1. Copy the sample /usr/share/doc/openvpn/examples/sample-config-files/client.conf OpenVPN client configuration to /etc/openvpn/client.

    console 
    $ sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/client

  2. Navigate to the /etc/openvpn/client directory.

    console 
    $ cd /etc/openvpn/client

  3. Rename the client.conf configuration to vpnclient1.ovpn.

    console 
    $ sudo mv client.conf vpnclient1.ovpn

    Choose the OpenVPN client configuration format based on:

    • ovpn: For client configurations compatible with GUI OpenVPN clients for Windows, macOS, Android, or IOS devices.
    • conf: For client configurations compatible with scripts and CLI tools like systemd. Depending on your configuration, you can start the client configuration using a systemd service like openvpn-client@vpnclient.service.

  4. Open the vpnclient1.ovpn configuration.

    console 
    $ sudo nano vpnclient1.ovpn

  5. Verify the following directives:

    • client: OpenVPN configuration type.
    • proto udp: Client protocol. Value should match the server's configuration.

  6. Find the remote directive and replace my-server-1 1194 with your OpenVPN server's IP address and port. Replace 192.0.2.100 with your actual server IP.

    ini 
    remote 192.0.2.100 1194

  7. Find the ca, cert, and key options, then add # before each option to comment them.

    ini 
    #ca ca.crt
#cert client.crt
#key client.key

  8. Find the data-ciphers directive, remove ; to uncomment it, and verify that the cryptographic values match the OpenVPN server configuration.

    ini 
    data-ciphers AES-256-GCM:AES-128-GCM:?CHACHA20-POLY1305:AES-256-CBC

  9. Add the following auth directive on a new line to match the OpenVPN server configuration.

    ini 
    auth SHA512

    Save and close the vpnclient1.ovpn file.

    • Your modified vpnclient1.ovpn file should look like the one below.

      ini 
      client
dev tun
proto udp
remote 192.0.2.100 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
auth SHA512
verb 3

  10. Run the following command to append values from the ca.crt, vpnclient.crt, vpnclient.key, and ta.key files to vpnclient1.ovpn.

    console 
    $ sudo bash -c 'cat <<EOF >> vpnclient1.ovpn
<ca>
$(< /etc/openvpn/ca.crt)
</ca>
<cert>
$(< keys/vpnclient1.crt)
</cert>
<key>
$(< keys/vpnclient1.key)
</key>
<tls-auth>
$(< /etc/openvpn/ta.key)
</tls-auth>
key-direction 1
EOF'

  11. View the vpnclient1.ovpn file and verify your configuration's appended ca, certificate,private key, and tls values.

    console 
    $ cat vpnclient1.ovpn

  12. Copy the vpnclient1.ovpn configuration to your user's home directory.

    console 
    $ cp vpnclient1.ovpn ~/vpnclient1.ovpn

Test the OpenVPN Server

Follow the steps below to test the VPN server using the OpenVPN Connect application for GUI devices.

  1. Download and install OpenVPN Connect for your device from the official website. For example, OpenVPN Connect for Windows.

  2. Open a new terminal session on your local workstation.

  3. Change the working directory to your user's home directory.

    console 
    $ cd

  4. Connect to the OpenVPN server using SFTP. Replace linuxuser with your actual user.

    console 
    $ sftp linuxuser@SERVER-IP

  5. List the directory files and verify that the vpnclient1.ovpn client configuration is available.

    console 
    sftp> ls

  6. Download the vpnclient1.ovpn file to your local workstation.

    console 
    sftp> get vpnclient1.ovpn

    Output:

    Fetching /home/linuxuser/vpnclient1.ovpn to vpnclient1.ovpn
vpnclient1.ovpn                                                                           100% 8281   539.1KB/s   00:00

  7. Launch OpenVPN Connect from your applications menu.

  8. Click UPLOAD FILE on the Get Connected page.

    Upload OpenVPN Client Configuration

  9. Click Browse to find and open the downloaded vpnclient1.ovpn client configuration in your filesystem.

  10. Verify that the Server Hostname matches your OpenVPN IP and click Connect.

  11. Verify that your OpenVPN profile changes to Connected and monitor the connection statistics.

    Active OpenVPN Client Connection

  12. Run the following command in your terminal and verify that the VPN server IP is your OpenVPN server's active public IP address.

    console 
    $ curl ifconfig.me

  13. Test the connection to any network attached to the VPN server or the Internet using a domain like google.com to verify that it is successful.

    console 
    $ ping google.com

    Output:

    Pinging google.com [172.217.170.174] with 32 bytes of data:
Reply from 172.217.170.174: bytes=32 time=26ms TTL=108
Reply from 172.217.170.174: bytes=32 time=28ms TTL=108
Reply from 172.217.170.174: bytes=32 time=36ms TTL=108
Reply from 172.217.170.174: bytes=32 time=29ms TTL=108

Ping statistics for 172.217.170.174:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 26ms, Maximum = 36ms, Average = 29ms

Troubleshooting

OpenVPN may return connection errors depending on your server and client configurations. Follow the steps below to troubleshoot common OpenVPN errors.

Conclusion

You have installed OpenVPN on Ubuntu 24.04, configured the server, and connected a VPN client. You can use OpenVPN to connect multiple clients using different VPN tunnels and server configurations with unique port numbers. For more information, visit the OpenVPN documentation.

Tags:
Related Content
How to Create an OpenVPN Server on Ubuntu 20.04
21 November, 2023
Article
Deploy an AnyConnect Compatible VPN Server with Certificate Verification on CentOS 7
30 May, 2025
Article
How to Install and Setup Pritunl VPN Server on Ubuntu 24.04
06 November, 2025
Article
How to Harden Server SSH Access Using Advanced OpenSSH Features
01 April, 2025
Article

Comments