How to Install ocserv on Ubuntu 22.04 (OpenConnect VPN Server) – The Ultimate Beginner-Friendly Guide

Servers / System & Hardware April 9, 2025

Want to host your own secure, reliable VPN without paying for third-party services? Look no further than ocserv (OpenConnect VPN Server)—a free, open-source solution that works with Cisco AnyConnect clients and gives you full control of your VPN. In this guide, you’ll learn how to install and configure ocserv on Ubuntu 22.04, step-by-step, in a clean, clear, and beginner-friendly way.

Whether you’re setting this up for remote work, secure browsing, or device privacy, this guide will help you go from zero to a fully working VPN in under 30 minutes.

What is ocserv and Why Should You Use It?

ocserv is a lightweight VPN server that implements the OpenConnect protocol (a Cisco AnyConnect-compatible protocol). It provides secure VPN access for Linux, Windows, macOS, Android, and iOS clients.

Why it’s a smart choice:

  • Open-source & free
  • Fast and lightweight
  • Works with Cisco AnyConnect clients
  • Easier to configure than OpenVPN
  • Supports 2FA and full traffic encryption

What You Need Before You Start

Make sure you have the following:

  • VPS or server running Ubuntu 22.04 LTS
  • A domain name (for SSL certificate setup)
  • A non-root user with sudo privileges
  • Basic terminal skills

Step-by-Step: How to Install ocserv on Ubuntu 22.04

Step 1: Update Your System

Start with the basics—update your package list and system:

bash
sudo apt update && sudo apt upgrade -y

Step 2: Install ocserv

Install the OpenConnect VPN server with this command:

bash
sudo apt install ocserv -y

Check if it’s running:

bash
sudo systemctl status ocserv

If it’s inactive, start it:

bash
sudo systemctl start ocserv

Step 3: Get a Free SSL Certificate with Let’s Encrypt

This gives your VPN secure HTTPS encryption.

First, install Certbot:

bash
sudo apt install certbot -y

Stop ocserv to free port 80:

bash
sudo systemctl stop ocserv

Now get your certificate:

bash
sudo certbot certonly --standalone --preferred-challenges http --agree-tos --email your@email.com -d your-domain.com

Replace your@email.com and your-domain.com with your actual info.

Step 4: Configure ocserv for Your Setup

Edit the main config file:

bash
sudo nano /etc/ocserv/ocserv.conf

Find and update these lines:

bash
server-cert = /etc/letsencrypt/live/your-domain.com/fullchain.pem
server-key = /etc/letsencrypt/live/your-domain.com/privkey.pem
ipv4-network = 192.168.10.0
ipv4-netmask = 255.255.255.0
dns = 8.8.8.8
dns = 1.1.1.1

Save and close (Ctrl + X, then Y, and Enter).

Step 5: Add VPN User Account

Create a new VPN user:

bash
sudo ocpasswd -c /etc/ocserv/ocpasswd yourusername

You’ll be prompted to set a password.

Step 6: Enable IP Forwarding

So your VPN clients can reach the internet:

bash
echo "net.ipv4.ip_forward = 1" | sudo tee /etc/sysctl.d/99-sysctl.conf
sudo sysctl -p /etc/sysctl.d/99-sysctl.conf

Step 7: Configure Firewall Rules

Allow essential ports:

bash
sudo ufw allow 80,443/tcp

Enable masquerading (replace eth0 with your actual network interface):

bash
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo apt install iptables-persistent -y

When prompted, save current rules.

Step 8: Restart ocserv and Go Live

bash
sudo systemctl restart ocserv

Now your VPN is ready!

How to Connect to Your ocserv VPN

From a client (Linux, macOS, Windows, Android, iOS):

Use any Cisco AnyConnect or OpenConnect client, and connect to:

arduino
https://your-domain.com

Enter the username/password you created earlier, and you’re in.

FAQs About Installing ocserv on Ubuntu 22.04

1. Is ocserv better than OpenVPN?

Yes, for many users. It’s easier to set up, supports AnyConnect clients, and uses less CPU.

2. What port does ocserv use?

By default, port 443 (HTTPS)—which is great because it’s rarely blocked by firewalls.

3. Can I use IPsec with ocserv

No. ocserv is based on OpenConnect (TLS + DTLS). For IPsec, consider StrongSwan or Libreswan.

4. How many users can ocserv handle?

That depends on your server resources. A 1GB RAM VPS can easily handle 5–10 users.

5. Does ocserv support two-factor authentication

Yes! It supports PAM and Radius, so you can add 2FA with tools like Google Authenticator.

6. What if my SSL certificate expires

Just renew it with Certbot:

bash
sudo certbot renew
sudo systemctl restart ocserv

Set up a cron job or systemd timer for auto-renewal.

7. Can I install ocserv on other Linux distros?

Absolutely. While this guide is for Ubuntu 22.04, ocserv works on Debian, CentOS, Fedora, and Arch with small tweaks.

Final Thoughts

Hosting your own VPN with ocserv on Ubuntu 22.04 is a smart, cost-effective, and private way to control your own internet security. Whether you want to browse securely on public Wi-Fi, access geo-blocked content, or create a private network between offices—ocserv has you covered.

And the best part? You don’t have to rely on third-party services. With just a domain and a KVM VPS, you’ve built your own VPN fortress.

You may also like...

Power Up Your Hosting with MainVPS!

Get blazing-fast, secure, and reliable VPS & Web hosting at unbeatable prices. Whether you’re a developer, business owner, or reseller, MainVPS has the perfect plan for you!