How to install and setup the OpenVPN server on Ubuntu/Debian?
A VPN is a tool that acts as a middleman between you and the Internet that you browse. Whatever you do online, the VPN acts as a connecting bridge between your computer and the Internet. To the services that you are using, for example – visiting a website), to them, it appears as if your VPN is the client, but in reality, the VPN relays the information back to your computer, and in turn, hides your identity (IP address). A good VPN encrypts your connection, so whatever data goes between your computer and the VPN server is encrypted, and your ISP cannot read your internet traffic. There are a lot of VPN services that you can subscribe to, but using them means trusting them with your browsing data. So, what is the alternative? Well, you can go on to create your own VPN server, and doing so is not that tricky at all. You would require the following to create your own VPN server:
- A Linux virtual machine with at least 1GB RAM and 1vCPU.
- A VPN software like OpenVPN.
There is a lot of VPN software that let you host a VPN server on a Linux virtual machine, in this article, we will be focusing on one of them, which is OpenVPN.
What is OpenVPN?
OpenVPN is Company that created the OpenVPN Community Edition VPN server which is open-source and free to use. They also developed the OpenVPN tunneling protocol which is a tunneling protocol based on SSL encryption protocol. Many VPN services use this protocol. There is something else which is called OpenVPN Access server which is an enterprise product that has a web Interface and only offers 2 simultaneous connections on the free version.
Why use OpenVPN?
There are a number of reasons which make OpenVPN a great choice.
- OpenVPN client (the software which is used on the client devices to connect to the VPN server) supports Windows, macOS, Linux, Android and iOS.
- It is very secure as it uses 256-bit encryption keys.
- It has vast community support.
- It is open source which makes it transparent, and you can modify the source code to tweak something as per your liking.
Installing and configuring OpenVPN
Step 1: We will begin to install and configure our OpenVPN server. Begin by updating and upgrading your system packages with the following commands.
sudo apt update sudo apt upgrade -y
Step 2: Now, configuring OpenVPN is a technical process and a lot of steps are required to be performed in order to configure it properly. Luckily, there is a script which makes this process easy for us. We will use this to script to install and configure our OpenVPN server. To download this script, execute the following command
Step 3: To execute this script, we have to give it execution permission. To do that, execute the following command
sudo chmod +x openvpn-install.sh
Step 4: Now, Execute the script
It will ask a bunch of questions.
- The first prompt asks you to check the IP address of your Linux machine. Press enter if it is the correct one, if not, press any other key.
- Next, it will ask if you want to enable IPv6 connectivity. You can leave it at default and press enter.
- Next, it will ask you which port you want to use. The default port is 1194. You can go with the default port or choose your own port. We need to open this port through our firewall, which we will do later.
- Next, it will ask you if you want to use TCP or UDP. Press enter to choose UDP.
- Next, It will ask you which DNS resolver you want to use. I’ll recommend you to choose Cloudflare (option 3).
- Next, It will ask you if you want to use compression. The default option is no, go ahead and press enter.
- Next, it will ask you to customize encryption settings. Again, the default option is no, go ahead and press enter.
- Press enter at the next prompt to start the process of applying the settings and installing the required certificates.
- Next, Enter the name of the client which will connect to our VPN server.
- Next, it will ask if you want to use a password for the client. Enter 2 and enter your password.
Step 5: That’s it, the configuration is done. Now OpenVPN creates a file for every client(user) that you create. To add more client, revoke an existing client or uninstall OpenVPN, execute the script again and it will give you the option to do so.
Step 6: We need to open port 1194 for UDP connections. Some cloud service providers have their own Firewall, you need to open this port through your cloud portal. If you use UFW to manage your firewall, execute the following command.
sudo ufw allow 1194/udp
Connecting to our OpenVPN server
To connect to our OpenVPN server, we first need the configuration file which was generated by the script at the end of its execution.
This jivendra.ovpn file in our configuration file, we need to download this in order for us to connect to it. Now, there are ways to download it, you can set up an FTP server, or use SCP. The easiest way to get this file is to copy the contents of this file, create a new file on the client device, paste the contents and save this file as the name of the configuration file. You can print the contents of the configuration file with the following command.
Copy the output from the terminal, create a new file on your local machine, paste the contents and save it as ‘jivendra.ovpn’, or you can name it anything, the name does not matter. Now, You need to download the client software on your machine.
Step 1: Let’s see how you connect to your VPN server from a Linux client. Download OpenVPN on your device with the following command
sudo apt install openvpn
Step 2: Now to connect to the server, execute the following command
sudo openvpn –config path_to_client_configuration_file
After that, we should see the following at your terminal.
Our device is successfully connected to your self-hosted OpenVPN server. To close the connection, press Ctrl + C.