How to install OpenVPN on Debian/Ubuntu Linux VPS

OpenVPN is arguably the most common VPN protocol used by commercial VPN providers today. But what if you want to run your own OpenVPN server? How hard is it to install and manage the server yourself? Not that hard: automated scripts come to the rescue!

Here is a guide to install OpenVPN on your own VPS server running Debian or Ubuntu Linux.

First you need to download an auto-installer for OpenVPN, such as Nyr’s openvpn-install

Login to your Debian/Ubuntu VPS and run the following:

wget http://git.io/vpn --no-check-certificate -O openvpn-install.sh; chmod +x openvpn-install.sh; 

if you are logged in as root, run:

./openvpn-install.sh

as user, run:

sudo ./openvpn-install.sh

The auto installer will start and will prompt you for some information

1. It will autodetect your public IP address. Change it only if you have multiple IP addresses on the server and you want to use a specific one.

2. Insert the port number used for incoming OpenVPN connections or use the default (1194). You can use any port, such as a random one, as long as it is not in-use by other service.

3. Choose whether to listen on port 53, too. This is useful for stealthier connections

4. You will be asked for a name of client certificate. You can use anything, e.g. “user1”, “anonymous”

This is all, now the auto OpenVPN installer will download the packages, generate the encryption keys and certificates and start the server. It is using 2048 RSA keys for authentication and Blowfish 128 bit for data encryption.

If everything went smoothly, the auto-installer will notify you that the client certificates are available in a .tar.gz archive, e.g. ovpn-client1.tar.gz

Check if your OpenVPN server is running:

ps ax|grep openvpn

You should see something like this

 6646 ?        Ss     0:00 /usr/sbin/openvpn --writepid /var/run/openvpn.server.pid --daemon ovpn-server --cd /etc/openvpn --config /etc/openvpn/server.conf

Traffic forwarding has to be enabled for the VPN connection to work.
Edit /etc/sysctl.conf and enable ipv4 forwarding by un-commenting the line “net.ipv4.ip_forward=0” removing the # sign and changing 0 to 1 so it looks like this:

net.ipv4.ip_forward=1

Save the file and activate the changes:

sysctl -p /etc/sysctl.conf

Also enable masquerading in firewall

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Now you need to install OpenVPN on your PC. Get it here (the Windows installer): http://openvpn.net/index.php/open-source/downloads.html

After you install it, transfer the ovpn-client1.tar.gz archive to your PC and unpack it to your OpenVPN GUI’s config folder (usually in  “C:\Program Files(x86)\OpenVPN\config\”)

Start OpenVPN GUI with right click, Run as Administrator (it works only when you run it as administrator). Right click on its System Tray icon and click connect.

21 Comments

  1. Jack August 9, 2014
    • Deshuai June 1, 2016
  2. francisco October 10, 2014
  3. siddharth raja March 11, 2015
    • vpnreviewer March 14, 2015
  4. Jack April 23, 2015
  5. hedel July 14, 2015
    • antoainb July 16, 2015
    • antoainb July 16, 2015
  6. Speed August 17, 2015
  7. dudes September 4, 2015
  8. spartan October 1, 2015
  9. Wayne December 1, 2015
  10. danielrudolf October 2, 2016
  11. ved October 4, 2016
  12. Haziq October 2, 2018
    • vpnreviewer October 6, 2018

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.