Page URL

https://documentation.ubuntu.com/server/how-to/security/install-openvpn/index.html

Select an option

• I found what I was looking for
• I couldn't find what I was looking for
• I found the information, but it was incorrect
• I found the information, but it was incomplete
• I found the information, but it was confusing
• I encountered a technical issue (e.g., broken link, image not loading)

Issue Description

Feedback 1: unexisting server.conf.gz

The mentioned guide cite this step:

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/myserver.conf.gz

But in Ubuntu 24.04 that file is not compressed.

So I'm quite sure it's just this in 24.04:

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf /etc/openvpn/myserver.conf

Unsure whenever we should report both, for pre-24.04 and for post.

Feedback 2: deprecated openvpn usage

The guide mentions this step:

sudo openvpn --genkey --secret ta.key

But it generates this deprecation warning:

2025-03-31 09:29:16 DEPRECATED OPTION: The option --secret is deprecated.
2025-03-31 09:29:16 WARNING: Using --genkey --secret filename is DEPRECATED.  Use --genkey secret filename instead.

Accordingly to the man page, this seems the correct version instead:

sudo openvpn --genkey secret ta.key

Feedback 3: TLS Auth must be enabled in server

After the step «Complete this set with a TLS Authentication (TA)» please add this line:

Edit again the file /etc/openvpn/myserver.conf and make sure that ta.key is activated, so, add this line:

tls-auth ./easy-rsa/ta.key 0

Feedback 4: add troubleshooting

In the troubleshooting it may be nice to mention this error:

TLS Error: cannot locate HMAC in incoming packet from ...

It happens when tls-auth is not specified in both the client and the server with the same file. Note that the server needs index "0" and client needs index "1" as second argument of tls-auth.