I recommend following this guide to install OpenVPN only on a clean operating system. Any automated installation will inevitably break when your super-duper programmer or system administrator tries to tweak it.
Step 0: Choosing a CHEAP VPS
You don’t need an expensive VPS to run OpenVPN. It is worth paying attention to the provider’s internet speed for your plan so that movies don’t lag while watching and torrents download quickly. Take a look at the selection of the Best VPS for VPN hosting.
Step 1: OS Preparation
So, you have bought a VPS with some version of Linux; just choose the latest versions of the Linux distribution you like. The script in question supports the following Linux distributions: AlmaLinux 8, Amazon Linux 2, Arch Linux, CentOS Stream >= 8, Rocky Linux 8, Ubuntu >= 18.04.
You must update your operating system before installing the OpenVPN script. For Ubuntu and Debian, enter the commands and wait for them to complete:
apt update
apt upgradeStep 2: Downloading the simple openvpn server script
In this step, we download the script from GitHub author: angristan using the wget command. Next, commands will be used that are the same across all Ubuntu and Debian distributions. You might also be interested in the Top 3 solutions for installing and managing WireGuard on a VPS by the same author.
Let’s go to the directory where we will download the script; usually, this is the user’s home directory, and since you have just bought a VPS, your user will be root!
cd /root
wget https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.shLet’s make the script executable:
chmod +x openvpn-install.shStep 3: Installing the OpenVPN server
And let’s start the installation:
./openvpn-install.sh- The first question will be about your IP address. Don’t enter anything (unless, of course, you have more than one IP address), and press Enter.
Welcome to the OpenVPN installer!
The git repository is available at: https://github.com/angristan/openvpn-install
I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.
I need to know the IPv4 address of the network interface you want OpenVPN listening to.
Unless your server is behind NAT, it should be your public IPv4 address.
IP address:The second question is whether we want to enable IPv6, which is disabled by default. On modern distributions, we’ll go ahead and enable it. If you’re curious about what it is, read the article on IPv6.
Do you want to enable IPv6 support (NAT)? [y/n]: yBy default, OpenVPN uses port 1194; press 1
What port do you want OpenVPN to listen to?
1) Default: 1194
2) Custom
3) Random [49152-65535]
Port choice [1-3]: 1- Select the protocol—and of course, choose UDP (unless you plan to connect MikroTik equipment to the VPN or you know for sure that you need TCP). Enter 1.
What protocol do you want OpenVPN to use?
UDP is faster. Unless it is not available, you shouldn't use TCP.
1) UDP
2) TCP
Protocol [1-2]: 1Now you need to select a DNS provider. If you don’t have a preference, choose Google DNS. To do this, enter 9:
What DNS resolvers do you want to use with the VPN?
1) Current system resolvers (from /etc/resolv.conf)
2) Self-hosted DNS Resolver (Unbound)
3) Cloudflare (Anycast: worldwide)
4) Quad9 (Anycast: worldwide)
5) Quad9 uncensored (Anycast: worldwide)
6) FDN (France)
7) DNS.WATCH (Germany)
8) OpenDNS (Anycast: worldwide)
9) Google (Anycast: worldwide)
10) Yandex Basic (Russia)
11) AdGuard DNS (Anycast: worldwide)
12) NextDNS (Anycast: worldwide)
13) Custom
DNS [1-12]: 9Do you want to use compression? You shouldn’t use it without understanding what will be compressed and where. We’ll skip compression by typing n.
Do you want to use compression? It is not recommended since the VORACLE attack makes use of it.
Enable compression? [y/n]: nWhen asked about encryption settings, we decline. We enter n
Do you want to customize encryption settings?
Unless you know what you're doing, you should stick with the default parameters provided by the script.
Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN's defaults)
See https://github.com/angristan/openvpn-install#security-and-encryption to learn more.
Customize encryption settings? [y/n]: nOnly now will the OpenVPN installation process begin; press Enter and watch the installation proceed.
Okay, that was all I needed. We are ready to setup your OpenVPN server now.
You will be able to generate a client at the end of the installation.
Press any key to continue...Step 4: Adding an OpenVPN Client Certificate
Once the OpenVPN server installation is complete, the installation script will prompt you to add your first client. You will see the following screen, where you will need to enter the client’s name (for example, user1).
Tell me a name for the client.
The name must consist of alphanumeric character. It may also include an underscore or a dash.
Client name: user1Next, you will be asked if you want to password-protect the configuration file; select 1 (i.e., protect).
Do you want to protect the configuration file with a password?
(e.g. encrypt the private key with a password)
1) Add a passwordless client
2) Use a password for the client
Select an option [1-2]: 1The installation process is now complete. As a result, you now have a working OpenVPN server, and a user named `user1` has been created with a configuration file located at `/root/user1.ovpn` for connecting the OpenVPN client program. This is what we see on the screen:
Client гuser1 added.
The configuration file has been written to /root/гuser1.ovpn.
Download the .ovpn file and import it in your OpenVPN client.Now you need to copy the guser1.ovpn file to the client.
Step 5: Configuring OpenVPN Clients
See this section for available clients and connection options: Configuring OpenVPN Clients for PCs, Smartphones, and Routers
To reinforce the material, let’s add another client: To do this, we need to run the script again. The script will detect that the OpenVPN server is already installed and offer 4 options: 1) Add a new user 2) Delete an existing user 3) Remove the OpenVPN server 4) Exit the running script
./openvpn-install.shIt looks like OpenVPN is already installed.
What do you want to do?
1) Add a new user
2) Revoke existing user
3) Remove OpenVPN
4) Exit
Select an option [1-4]:Congratulations! You’ve set up a VPN server in just 5 minutes!
An alternative script with web-based management is available at https://github.com/theonemule/simple-openvpn-server, but it only supports Debian and Ubuntu.
Conclusion, or What Happened Behind the Scenes
At the beginning of this article, I provided a link to a detailed guide on installing OpenVPN.
Please note that the installation script added a rule to your Linux firewall (iptables); do not delete it, or the VPN will stop working.
iptables -L -t nat
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 10.8.0.0/24 anywhereSomeone asked how to set up two OpenVPN servers on a single VPS. Oh boy… guys, you’re up to something fishy here, because there aren’t many good reasons to do that. The link below explains one of those reasons and how I had to fix it—specifically, how to set up a second OpenVPN server. See also: Best VPN and Proxy Services
