🛡️ Set Up Your Own Secure OpenVPN Server on Linux
This guide will walk you through installing and configuring an OpenVPN server on your Linux machine using a convenient script. You’ll be able to create your own Virtual Private Network (VPN) to secure your online communications.
🚀 Why Use Your Own VPN?
Using your own OpenVPN server offers numerous benefits:
- 🔒 Enhanced Security: Creates an economical, isolated, and secure private network over the public Internet.
- 💼 Remote Access: Increases mobile workforce productivity by providing secure remote access to internal services.
- 🚫 Risk Reduction: Prevents unauthorized access to specific network resources, significantly reducing security risks.
- 🕵️♂️ Privacy Protection: Encryption ensures your privacy on untrusted Wi-Fi and other public access networks.
- 🌐 Extended Security: Extends centralized unified threat management to remote networks.
✨ What You’ll Need
Before you begin, make sure you have the following:
- 💻 VPS Server: A Virtual Private Server (VPS) with at least 512 MB of RAM.
- 🖥️ Virtualization Type: KVM, Hyper-V, or VMware virtualization types are recommended for optimal performance.
- ⚡ Internet Speed: A stable internet connection of 100 Mbps or 1 Gbps.
🛠️ Let’s Get Started!
Follow these steps to set up your OpenVPN server.
⬇️ Download the OpenVPN Install Script
First, you’ll download the installation script to a new directory.
mkdir /root/vpn cd /root/vpn curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh chmod +x openvpn-install.sh
▶️ Run the Installer
Now, execute the script to begin the installation process.
./openvpn-install.sh
The script will present a series of questions.
Now follow the onscreen instructions, below i’ve tried to cover them most of it :
you’ll be ask to choose the server ip (if you’ve NAT server the ip can be different) press enter :
Welcome to the OpenVPN installer !
The git repository is available at: https://github.com/angristan/openvpn-installI need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.I need to know the IPv4 address of the network interface you want OpenVPN listening to.
Unless your server is behind NAT, it should be your public IPv4 address.IP address: 123.224.555.222
IPv6 Support: Now it will asks for ipv6 if available hit enter by selecting y :
Checking for IPv6 connectivity…
Your host appears to have IPv6 connectivity.
Do you want to enable IPv6 support (NAT)? [y/n]: y
Port Choice: Then it will ask to choose port and prompted with 3 options, I’ll choose Random by typing 3 and it will output some random port remember that port we need it later:
What port do you want OpenVPN to listen to?
1) Default: 1194
2) Custom
3) Random [49152-65535]
Port choice [1-3]: 3 <– Type ‘3’ and press Enter
Next it will prompt to select UDP or TCP protocol. I’ll recommended to use UDP by selecting 1 for faster speed :
What protocol do you want OpenVPN to use?
UDP is faster. Unless it is not available, you shouldn’t use TCP.
1) UDP
2) TCP
Protocol [1-2]: 1 <– Type ‘1’ and press Enter
DNS Resolvers: Next it will ask you to select the DNS provider for VPN connection communication, I’ll select 9 for google dns :
What DNS resolvers do you want to use with the VPN?
1) Current system resolvers (from /etc/resolv.conf)
2) Self-hosted DNS Resolver (Unbound)
3) Cloudflare (Anycast: worldwide)
4) Quad9 (Anycast: worldwide)
5) Quad9 uncensored (Anycast: worldwide)
6) FDN (France)
7) DNS.WATCH (Germany)
8) OpenDNS (Anycast: worldwide)
9) Google (Anycast: worldwide)
10) Yandex Basic (Russia)
11) AdGuard DNS (Anycast: worldwide)
12) NextDNS (Anycast: worldwide)
13) Custom
DNS [1-12]: 9
Compression: Next it will ask for if you want to enable compression, its not needed hit enter by selecting n :
Do you want to use compression? It is not recommended since the VORACLE attack make use of it.
Enable compression? [y/n]: n
Customize Encryption: Then it will ask to customize encryption, I’ll leave default settings and hit enter by selecting n :
Do you want to customize encryption settings?
Unless you know what you’re doing, you should stick with the default parameters provided by the script.
Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN’s defaults)
See https://github.com/angristan/openvpn-install#security-and-encryption to learn more.Customize encryption settings? [y/n]: n
Proceed with Setup: At this point you’ve completed most of needed option now you’ll be prompted to proceed by clicking any key :
Okay, that was all I needed. We are ready to setup your OpenVPN server now.
You will be able to generate a client at the end of the installation.
Press any key to continue…
Now you can see installation is started it will take a minute or two to complete, then the script will ask you to enter the openvpn username client, I’ll use panelwebhosting client username:
Tell me a name for the client.
The name must consist of alphanumeric character. It may also include an underscore or a dash.
Client name: panelwebhosting
Password Protection: Next it will ask to add password or passwordless login, I’ll choose passwordless client by choosing 1 because auto-reconnect option work with it better :
Do you want to protect the configuration file with a password?
(e.g. encrypt the private key with a password)
1) Add a passwordless client
2) Use a password for the client
Select an option [1-2]: 1
thats it the script will now end and it will create client-username.ovpn in /root/vpn dir or check the path mentioned by the script , you need to download the .ovpn file to your pc and use it to connect via openvpn client download openvpn connect client from above link. Install the client and import the .ovpn file in client and connect.
firewall 🔓 Configure Your Firewall
It’s crucial to open the OpenVPN port you chose earlier in your server’s firewall. Remember the random port number from Step [Port Choice]? You’ll need to add that port for either UDP or TCP, depending on the protocol you selected.
Specific firewall commands e.g., `ufw`, `firewalld`, `iptables`) will vary based on your Linux distribution. Consult your distribution’s documentation for exact commands.
🔄 Manage OpenVPN (Add/Remove Users, Uninstall)
If you need to add new users, revoke existing ones, or completely remove OpenVPN, simply re-run the installation script:
cd /root/vpn ./openvpn-install.sh
You’ll be presented with a menu of options:
Welcome to OpenVPN-install!
The git repository is available at: https://github.com/angristan/openvpn-installIt looks like OpenVPN is already installed.
What do you want to do?
1) Add a new user
2) Revoke existing user
3) Remove OpenVPN
4) Exit
📱 Connect with OpenVPN Client
Once you have your `.ovpn` file, you can connect to your new VPN server:
- Download OpenVPN Connect Client: CLICK HERE to download OpenVPN Connect Client.
- Install the Client: Install the OpenVPN Connect client on your device (Windows, macOS, Linux, Android, iOS).
- Import `.ovpn` File: Open the OpenVPN Connect client and import the `.ovpn` file you downloaded from your server.
- Connect: Initiate the connection, and you should now be securely connected to your private VPN server!
🧩 Tips
- 📥 Always keep your .ovpn files secure – they grant access to your VPN.
- 🔄 Re-run the script to manage users or reconfigure your setup.
- 📶 Enable auto-connect in OpenVPN client for always-on protection.