{"id":1506,"date":"2025-02-19T15:18:06","date_gmt":"2025-02-19T12:18:06","guid":{"rendered":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/configuring-site-to-site-vpn-on-linux-servers-a-step-by-step-guide\/"},"modified":"2025-03-10T02:47:18","modified_gmt":"2025-03-09T23:47:18","slug":"configuring-site-to-site-vpn-on-linux-servers-a-step-by-step-guide","status":"publish","type":"post","link":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/configuring-site-to-site-vpn-on-linux-servers-a-step-by-step-guide\/","title":{"rendered":"Configuring Site-to-Site VPN on Linux Servers: A Step-by-Step Guide"},"content":{"rendered":"


\n<\/p>\n

In today\u2019s connected world, the need for secure communication between remote offices and networks is paramount. A Site-to-Site Virtual Private Network (VPN) allows you to create a secure tunnel between two or more networks over the Internet. This blog post will guide you through the process of configuring a Site-to-Site VPN using OpenVPN on Linux servers.<\/p>\n

<\/p>\n

Prerequisites<\/h2>\n

<\/p>\n

Before we begin, ensure you have the following:<\/p>\n

<\/p>\n

    <\/p>\n
  1. Two Linux servers<\/strong>: One will act as the VPN server and the other as the client. We\u2019ll assume both servers are running Ubuntu.<\/li>\n

    <\/p>\n

  2. Root access<\/strong>: You\u2019ll need administrative privileges to install packages and modify system configurations.<\/li>\n

    <\/p>\n

  3. Basic knowledge of Linux command line<\/strong>: Familiarity with terminal commands will help you through this guide.<\/li>\n

    \n<\/ol>\n

    <\/p>\n

    Step 1: Install OpenVPN<\/h2>\n

    <\/p>\n

    First, log in to both servers and install OpenVPN along with the required utilities.<\/p>\n

    <\/p>\n

    sudo apt update
    \nsudo apt install openvpn easy-rsa -y<\/code><\/pre>\n
    <\/p>\n
    Step 2: Configure the Certificate Authority (CA)<\/h2>\n
    <\/p>\n
    After installation, you need to set up the Certificate Authority (CA) on the server that will act as your VPN server.<\/p>\n
    <\/p>\n
      <\/p>\n
    1. \n
      Create a directory for the Easy-RSA files<\/strong>:<\/p>\n
      <\/p>\n
      make-cadir ~\/openvpn-ca
      \ncd ~\/openvpn-ca<\/code><\/pre>\n
      \n<\/li>\n
      <\/p>\n
    2. \n
      Edit the vars<\/code> file<\/strong> to set up the variables for your CA. Look for lines containing export KEY_COUNTRY<\/code>, KEY_PROVINCE<\/code>, and other details, and adjust them according to your location:<\/p>\n
      <\/p>\n
      nano vars<\/code><\/pre>\n
      \n<\/li>\n
      <\/p>\n
    3. \n
      Generate the CA<\/strong>:<\/p>\n
      <\/p>\n
      source vars
      \n.\/clean-all
      \n.\/build-ca<\/code><\/pre>\n
      \n<\/li>\n
      \n<\/ol>\n
      <\/p>\n
      Step 3: Create Server and Client Certificates<\/h2>\n
      <\/p>\n
      Generate Server Certificate<\/h3>\n
      <\/p>\n
        <\/p>\n
      1. \n
        Generate the server certificate and private key<\/strong>:<\/p>\n
        <\/p>\n
        .\/build-key-server server<\/code><\/pre>\n
        \n<\/li>\n
        <\/p>\n
      2. \n
        Generate Diffie-Hellman parameters<\/strong>:<\/p>\n
        <\/p>\n
        .\/build-dh<\/code><\/pre>\n
        \n<\/li>\n
        <\/p>\n
      3. \n
        Generate HMAC key<\/strong>:<\/p>\n
        <\/p>\n
        openvpn --genkey --secret keys\/ta.key<\/code><\/pre>\n
        \n<\/li>\n
        \n<\/ol>\n
        <\/p>\n
        Generate Client Certificate<\/h3>\n
        <\/p>\n
        On the server, generate a certificate for the client:<\/p>\n
        <\/p>\n
        .\/build-key client<\/code><\/pre>\n
        <\/p>\n
        Step 4: Configure OpenVPN on the Server<\/h2>\n
        <\/p>\n
          <\/p>\n
        1. \n
          Copy the example configuration file to the OpenVPN directory<\/strong>:<\/p>\n
          <\/p>\n
          sudo cp \/usr\/share\/doc\/openvpn\/examples\/sample-config-files\/server.conf.gz \/etc\/openvpn\/
          \nsudo gzip -d \/etc\/openvpn\/server.conf.gz<\/code><\/pre>\n
          \n<\/li>\n
          <\/p>\n
        2. \n
          Edit the OpenVPN configuration file<\/strong>:<\/p>\n
          <\/p>\n
          sudo nano \/etc\/openvpn\/server.conf<\/code><\/pre>\n
          <\/p>\n
          Modify the following lines (hold down Ctrl + W<\/code> to search):<\/p>\n
          <\/p>\n