Setting up a VPN on Ubuntu via the command line (shell) can be done using various methods, depending on the VPN protocol (e.g., OpenVPN, WireGuard, or IPsec). Below are instructions for common VPN setups:
Many VPN providers (e.g., NordVPN, ProtonVPN) offer .ovpn configuration files.
Install OpenVPN
sudo apt update sudo apt install openvpn
Download VPN Configuration
Get .ovpn files from your VPN provider (usually from their website), then place them in /etc/openvpn/:
sudo cp ~/Downloads/your-vpn-config.ovpn /etc/openvpn/client.conf
Start the VPN
sudo systemctl start openvpn@client
Enable Auto-Start (Optional)
sudo systemctl enable openvpn@client
Check Connection
ip a show tun0 # Check if tun0 interface exists curl ifconfig.me # Check your public IP
WireGuard (Modern & Fast VPN)
WireGuard is lightweight and often faster than OpenVPN.
Install WireGuard
sudo apt update sudo apt install wireguard resolvconf
Generate Keys
cd /etc/wireguard/ umask 077 # Restrict file permissions wg genkey | tee privatekey | wg pubkey > publickey
Configure WireGuard
Create /etc/wireguard/wg0.conf (replace with your VPN provider's config):
[Interface] PrivateKey = <your_private_key> Address = 10.0.0.2/24 DNS = 1.1.1.1 [Peer] PublicKey = <server_public_key> Endpoint = vpn.example.com:51820 AllowedIPs = 0.0.0.0/0
Start WireGuard
sudo wg-quick up wg0
Enable Auto-Start
sudo systemctl enable wg-quick@wg0
IPsec VPN (for Enterprise VPNs)
For IPsec (e.g., Cisco VPN), use strongSwan.
Install strongSwan
sudo apt install strongswan
Configure /etc/ipsec.conf
Example config (adjust as needed):
conn myvpn
keyexchange=ikev2
ike=aes256-sha256-modp2048!
esp=aes256-sha256!
left=%config
leftsourceip=%config
right=vpn.example.com
rightid=@vpn.example.com
auto=start
Start the VPN
sudo ipsec start sudo ipsec up myvpn
Disconnect VPN
- OpenVPN:
sudo systemctl stop openvpn@client - WireGuard:
sudo wg-quick down wg0 - IPsec:
sudo ipsec down myvpn
Troubleshooting
- Permissions: Ensure config files are readable only by root (
chmod 600). - Logs: Check logs with
journalctl -u openvpn@clientorsudo wg show. - Firewall: Allow VPN ports (e.g., UDP 1194 for OpenVPN, UDP 51820 for WireGuard).
Let me know if you need help with a specific VPN provider or protocol!
