Install OpenVPN and OpenSSL: sudo apt-get update sudo apt-get install openvpn openssl Configure OpenVPN: 1. Create the OpenVPN Server Configuration nano /etc/openvpn/server.conf port 1194 proto udp dev tun0 dh dh.pem ca ca.crt cert server.crt key server.key server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 2. Generate SSL Certificates and Keys # Generate a dh key sudo openssl dhparam -out dh.pem 2048 # Generate a private key for the CA openssl genpkey -algorithm RSA -out ca.key # Generate a self-signed CA certificate openssl req -new -x509 -key ca.key -out ca.crt # Generate a private key for the server openssl genpkey -algorithm RSA -out server.key # Generate a Certificate Signing Request (CSR) for the server openssl req -new -key server.key -out server.csr # Sign the server CSR with the CA to create the server certificate openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt 3. Start OpenVPN sudo systemctl start openvpn@server 4. Enable IP Forwarding o Edit the sysctl configuration to enable IP forwarding on the OpenVPN server. Open the /etc/sysctl.conf file: Uncomment or add the following line to enable IP forwarding: net.ipv4.ip_forward=1 Apply the changes: sudo sysctl -p o Set up NAT (Network Address Translation): Assuming your OpenVPN interface is named tun0, you can set up NAT using iptables. Replace eth0 with your external network interface sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE Save the iptables rule: sudo sh -c 'iptables-save > /etc/iptables.rules' o Adjust Firewall Rules: sudo ufw allow in on tun0 sudo ufw allow out on tun0 o Restart OpenVPN and Apply Changes: sudo systemctl restart openvpn@server Create OpenVPN Client Configuration: 1. Generate Client Certificates # Generate a private key for the client openssl genpkey -algorithm RSA -out client.key # Generate a Certificate Signing Request (CSR) for the client openssl req -new -key client.key -out client.csr # Sign the client CSR with the CA to create the client certificate openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt 2. Restart the server sudo systemctl restart openvpn@server 3. Create Client Configuration (Client.ovpn) Nano /etc/openvpn/client.ovpn client dev tun0 proto udp remote 192.168.1.205 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key comp-lzo verb 3 Connect from Client: 1. Install OpenVPN on your Windows machine. 2. Copy the client configuration files (client.ovpn, client.key, client.crt, and ca.crt) to the OpenVPN configuration directory on your Windows machine. 3. Open the OpenVPN GUI on your Windows machine. You can find it in the Start menu or on the desktop. Right-click on the OpenVPN icon in the system tray and select "Connect." It will use the configuration file (client.ovpn) you placed in the configuration directory.