How to Install OpenVPN on VPS for Private Network Access

OpenVPN is one of the most popular and reliable open-source VPN solutions that allows you to securely connect to remote networks. With OpenVPN installed on your VPS, you can create a private network for secure communication over the internet. This guide will walk you through the process of installing OpenVPN on your VPS, configuring it, and ensuring you have secure access to your private network.


Step 1: Choose a VPS Provider and Set Up Your Server

  1. Select a VPS Provider

    • For optimal performance, choose a reliable VPS provider, such as DigitalOcean, Linode, Vultr, or AnonVM. A basic VPS plan with 1GB of RAM and a single CPU should suffice for small to medium-scale use.
  2. Set Up the Operating System

    • In this tutorial, we will use Ubuntu 20.04 LTS for the OpenVPN installation, but it should work similarly on other Debian-based systems. Connect to your VPS via SSH:
       
      ssh username@your-vps-ip
  3. Update the System

    • Make sure your system is up to date by running the following commands:
       
      sudo apt update && sudo apt upgrade -y

Step 2: Install OpenVPN

  1. Install OpenVPN Package

    • The easiest way to install OpenVPN is using the default Ubuntu package manager. Install OpenVPN by running:
       
      sudo apt install openvpn -y
  2. Install Easy-RSA for Key Management

    • OpenVPN requires a Public Key Infrastructure (PKI) to encrypt the communication between the client and server. Install Easy-RSA to manage SSL certificates:
       
      sudo apt install easy-rsa -y
  3. Set Up Easy-RSA

    • Copy the Easy-RSA files to a new directory for use in creating certificates:
       
      make-cadir ~/easy-rsa cd ~/easy-rsa

Step 3: Configure the OpenVPN Server

  1. Set Up the CA (Certificate Authority)

    • Before configuring OpenVPN, you need to set up your Certificate Authority (CA). This will allow you to issue client and server certificates:
       
      cp /usr/share/easy-rsa/* ~/easy-rsa/
  2. Initialize the PKI

    • Initialize the PKI (Public Key Infrastructure):
       
      ./easyrsa init-pki
  3. Build the CA

    • Build the Certificate Authority (CA) certificate:
       
      ./easyrsa build-ca
    • You'll be prompted to provide a password and other details for the CA. Make sure to note the password as you’ll need it later.
  4. Generate the Server Certificate

    • Generate the server certificate and key:
       
      ./easyrsa gen-req server nopass
  5. Sign the Server Certificate

    • Sign the server certificate with the CA:
       
      ./easyrsa sign-req server server
  6. Generate the Diffie-Hellman Parameters

    • Generate the Diffie-Hellman parameters to enhance the security of the VPN:
       
      ./easyrsa gen-dh
  7. Generate the HMAC Key (tls-auth)

    • For extra security, generate an HMAC key to protect against DoS (Denial of Service) attacks:
       
      openvpn --genkey --secret ta.key

Step 4: Configure OpenVPN Server

  1. Copy the Certificates and Keys

    • Copy the generated files to the OpenVPN directory:
       
      sudo cp pki/ca.crt pki/private/server.key pki/issued/server.crt pki/dh.pem ta.key /etc/openvpn/
  2. Create OpenVPN Server Configuration

    • Create and edit the OpenVPN server configuration file:

       
      sudo nano /etc/openvpn/server.conf
    • Add the following configuration (adjust paths if needed):

       
      port 1194 proto udp dev tun ca /etc/openvpn/ca.crt cert /etc/openvpn/server.crt key /etc/openvpn/server.key dh /etc/openvpn/dh.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist /etc/openvpn/ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" keepalive 10 120 cipher AES-256-CBC user nobody group nogroup persist-key persist-tun status /var/log/openvpn-status.log log-append /var/log/openvpn.log verb 3 tls-auth /etc/openvpn/ta.key 0
  3. Enable IP Forwarding

    • OpenVPN needs to forward network traffic between the VPN clients and the internet. Enable IP forwarding by running:
       
      sudo sysctl -w net.ipv4.ip_forward=1
  4. Configure UFW (Uncomplicated Firewall)

    • Allow OpenVPN traffic through the firewall:

       
      sudo ufw allow 1194/udp sudo ufw allow OpenSSH sudo ufw enable sudo ufw status
    • Set up NAT (Network Address Translation) for routing traffic from the VPN clients to the internet:

       
      sudo nano /etc/ufw/before.rules
    • Add the following lines before the filter section:

       
      *nat :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE COMMIT
    • Reload UFW to apply changes:

       
      sudo ufw reload

Step 5: Start the OpenVPN Server

  1. Start OpenVPN Service

    • Start the OpenVPN server and enable it to start on boot:
       
      sudo systemctl start openvpn@server sudo systemctl enable openvpn@server
  2. Check OpenVPN Status

    • Verify that OpenVPN is running correctly:
       
      sudo systemctl status openvpn@server

Step 6: Set Up OpenVPN Client

  1. Generate Client Certificates

    • On the server, generate a client certificate using Easy-RSA:
       
      ./easyrsa gen-req client1 nopass ./easyrsa sign-req client client1
  2. Transfer Files to Client

    • Transfer the following files to your client machine (using scp or another secure method):
      • client1.crt
      • client1.key
      • ca.crt
      • ta.key
  3. Install OpenVPN Client

    • On the client machine, install the OpenVPN client. On Ubuntu, you can install OpenVPN using:
       
      sudo apt install openvpn -y
  4. Create Client Configuration

    • Create a configuration file on the client (e.g., client.ovpn) with the following:
       
      client dev tun proto udp remote your-vps-ip 1194 resolv-retry infinite nobind user nobody group nogroup persist-key persist-tun ca ca.crt cert client1.crt key client1.key tls-auth ta.key 1 cipher AES-256-CBC verb 3
  5. Connect to VPN

    • Connect to your OpenVPN server by running the following command:
       
      sudo openvpn --config client.ovpn

Conclusion

By following these steps, you've successfully installed OpenVPN on your VPS and set up a secure private network. You can now securely access your server or private resources through a VPN tunnel from anywhere in the world. OpenVPN is highly configurable, so you can customize it to suit specific needs, including adding multiple users, integrating with corporate authentication systems, or enabling additional encryption protocols.

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Powered by WHMCompleteSolution