How to install OpenVPN on Debian/Ubuntu Linux VPS

OpenVPN is arguably the most common VPN protocol used by commercial VPN providers today. But what if you want to run your own OpenVPN server? How hard is it to install and manage the server yourself? Not that hard: automated scripts come to the rescue!

Here is a guide to install OpenVPN on your own VPS server running Debian or Ubuntu Linux.

First you need to download an auto-installer for OpenVPN, such as Nyr’s openvpn-install

Login to your Debian/Ubuntu VPS and run the following:

wget http://git.io/vpn --no-check-certificate -O openvpn-install.sh; chmod +x openvpn-install.sh; 

if you are logged in as root, run:

./openvpn-install.sh

as user, run:

sudo ./openvpn-install.sh

The auto installer will start and will prompt you for some information

1. It will autodetect your public IP address. Change it only if you have multiple IP addresses on the server and you want to use a specific one.

2. Insert the port number used for incoming OpenVPN connections or use the default (1194). You can use any port, such as a random one, as long as it is not in-use by other service.

3. Choose whether to listen on port 53, too. This is useful for stealthier connections

4. You will be asked for a name of client certificate. You can use anything, e.g. “user1”, “anonymous”

This is all, now the auto OpenVPN installer will download the packages, generate the encryption keys and certificates and start the server. It is using 2048 RSA keys for authentication and Blowfish 128 bit for data encryption.

If everything went smoothly, the auto-installer will notify you that the client certificates are available in a .tar.gz archive, e.g. ovpn-client1.tar.gz

Check if your OpenVPN server is running:

ps ax|grep openvpn

You should see something like this

 6646 ?        Ss     0:00 /usr/sbin/openvpn --writepid /var/run/openvpn.server.pid --daemon ovpn-server --cd /etc/openvpn --config /etc/openvpn/server.conf

Traffic forwarding has to be enabled for the VPN connection to work.
Edit /etc/sysctl.conf and enable ipv4 forwarding by un-commenting the line “net.ipv4.ip_forward=0” removing the # sign and changing 0 to 1 so it looks like this:

net.ipv4.ip_forward=1

Save the file and activate the changes:

sysctl -p /etc/sysctl.conf

Also enable masquerading in firewall

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Now you need to install OpenVPN on your PC. Get it here (the Windows installer): http://openvpn.net/index.php/open-source/downloads.html

After you install it, transfer the ovpn-client1.tar.gz archive to your PC and unpack it to your OpenVPN GUI’s config folder (usually in  “C:\Program Files(x86)\OpenVPN\config\”)

Start OpenVPN GUI with right click, Run as Administrator (it works only when you run it as administrator). Right click on its System Tray icon and click connect.

21 thoughts on “How to install OpenVPN on Debian/Ubuntu Linux VPS”

  1. Hello 🙂 Thanks for this guide, it’s working perfectly for UDP connections, but I cannot create TCP connections at all. I want to connect to the VPN using a SOCKS proxy, but need to be able to connect using TCP.

    Not sure where to start. Can you help?

    Reply
    • it’s not easily possible. You need to edit the vars file from /etc/openvpn/easy-rsa/2.0/ but it is overwritten during the installation. You can edit the script and comment the following lines:

      geteasyrsa () {
      wget –no-check-certificate -O ~/easy-rsa.tar.gz https://github.com/OpenVPN/easy-rsa/archive/2.2.2.tar.gz
      tar xzf ~/easy-rsa.tar.gz -C ~/
      mkdir -p /etc/openvpn/easy-rsa/2.0/
      cp ~/easy-rsa-2.2.2/easy-rsa/2.0/* /etc/openvpn/easy-rsa/2.0/
      rm -rf ~/easy-rsa-2.2.2
      rm -rf ~/easy-rsa.tar.gz
      }

      comment them by adding a “#” in front of each line and retry. Edit this script and also the vars file with nano in a terminal, save it with CTRL+S and exit with CTRL+X.

      Reply
  2. Hey
    thanks for your guide and it worked so far.
    but i have a vps with 5 ips now.
    how can i make 5 users for every ip one?
    greetings

    Reply
  3. thanks for the post.
    I can’t see the generated certificates, there say “Client client added, certs available at ~/client.ovpn” but I can’t find it in /home/myuser
    Any idea?
    thanks in advance

    Reply
  4. I never did find a .tar.gz archive even in /root. I did have a client.ovpn file in my in /home/myuser dir. It was a complete client configuration file including all the necessary certs information. I simply placed the file in my client’s /etc/openvpn folder and renamed it to client.conf The vpn establishes automatically at bootup (as long as my normal wired/wireless connection establishes automatically too. Works good. My first effort at this on VPS.

    Reply
  5. hey how do I remove all of this?
    I noticed a high increase ram & data, it can handle it but my internet is limited to around 250GB per month so I have to undo this and see if this doesn’t help…5GB download, and almost 2GB upload in a day or two is much to high. Thanks

    Reply
  6. Wow that made it so easy! Thanks a lot!
    I left off the “-o eth0” on the iptables command line as it’s unclear what the heck interfaces are used on my VPS, and it works fine.
    I already got it running on my phone and verified it goes through my VPS.

    Reply

Leave a Reply to Haziq Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.