OpenVPN is arguably the most common VPN protocol used by commercial VPN providers today. But what if you want to run your own OpenVPN server? How hard is it to install and manage the server yourself? Not that hard: automated scripts come to the rescue!
Here is a guide to install OpenVPN on your own VPS server running Debian or Ubuntu Linux.
First you need to download an auto-installer for OpenVPN, such as Nyr’s openvpn-install
Login to your Debian/Ubuntu VPS and run the following:
wget http://git.io/vpn --no-check-certificate -O openvpn-install.sh; chmod +x openvpn-install.sh;
if you are logged in as root, run:
as user, run:
The auto installer will start and will prompt you for some information
1. It will autodetect your public IP address. Change it only if you have multiple IP addresses on the server and you want to use a specific one.
2. Insert the port number used for incoming OpenVPN connections or use the default (1194). You can use any port, such as a random one, as long as it is not in-use by other service.
3. Choose whether to listen on port 53, too. This is useful for stealthier connections
4. You will be asked for a name of client certificate. You can use anything, e.g. “user1”, “anonymous”
This is all, now the auto OpenVPN installer will download the packages, generate the encryption keys and certificates and start the server. It is using 2048 RSA keys for authentication and Blowfish 128 bit for data encryption.
If everything went smoothly, the auto-installer will notify you that the client certificates are available in a .tar.gz archive, e.g. ovpn-client1.tar.gz
Check if your OpenVPN server is running:
ps ax|grep openvpn
You should see something like this
6646 ? Ss 0:00 /usr/sbin/openvpn --writepid /var/run/openvpn.server.pid --daemon ovpn-server --cd /etc/openvpn --config /etc/openvpn/server.conf
Traffic forwarding has to be enabled for the VPN connection to work.
Edit /etc/sysctl.conf and enable ipv4 forwarding by un-commenting the line “net.ipv4.ip_forward=0” removing the # sign and changing 0 to 1 so it looks like this:
Save the file and activate the changes:
sysctl -p /etc/sysctl.conf
Also enable masquerading in firewall
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Now you need to install OpenVPN on your PC. Get it here (the Windows installer): http://openvpn.net/index.php/open-source/downloads.html
After you install it, transfer the ovpn-client1.tar.gz archive to your PC and unpack it to your OpenVPN GUI’s config folder (usually in “C:\Program Files(x86)\OpenVPN\config\”)
Start OpenVPN GUI with right click, Run as Administrator (it works only when you run it as administrator). Right click on its System Tray icon and click connect.