OpenVPN is one of the most popular and reliable open-source VPN solutions that allows you to securely connect to remote networks. With OpenVPN installed on your VPS, you can create a private network for secure communication over the internet. This guide will walk you through the process of installing OpenVPN on your VPS, configuring it, and ensuring you have secure access to your private network.
Step 1: Choose a VPS Provider and Set Up Your Server
-
Select a VPS Provider
- For optimal performance, choose a reliable VPS provider, such as DigitalOcean, Linode, Vultr, or AnonVM. A basic VPS plan with 1GB of RAM and a single CPU should suffice for small to medium-scale use.
-
Set Up the Operating System
- In this tutorial, we will use Ubuntu 20.04 LTS for the OpenVPN installation, but it should work similarly on other Debian-based systems. Connect to your VPS via SSH:
-
Update the System
- Make sure your system is up to date by running the following commands:
Step 2: Install OpenVPN
-
Install OpenVPN Package
- The easiest way to install OpenVPN is using the default Ubuntu package manager. Install OpenVPN by running:
-
Install Easy-RSA for Key Management
- OpenVPN requires a Public Key Infrastructure (PKI) to encrypt the communication between the client and server. Install Easy-RSA to manage SSL certificates:
-
Set Up Easy-RSA
- Copy the Easy-RSA files to a new directory for use in creating certificates:
Step 3: Configure the OpenVPN Server
-
Set Up the CA (Certificate Authority)
- Before configuring OpenVPN, you need to set up your Certificate Authority (CA). This will allow you to issue client and server certificates:
-
Initialize the PKI
- Initialize the PKI (Public Key Infrastructure):
-
Build the CA
- Build the Certificate Authority (CA) certificate:
- You'll be prompted to provide a password and other details for the CA. Make sure to note the password as you’ll need it later.
-
Generate the Server Certificate
- Generate the server certificate and key:
-
Sign the Server Certificate
- Sign the server certificate with the CA:
-
Generate the Diffie-Hellman Parameters
- Generate the Diffie-Hellman parameters to enhance the security of the VPN:
-
Generate the HMAC Key (tls-auth)
- For extra security, generate an HMAC key to protect against DoS (Denial of Service) attacks:
Step 4: Configure OpenVPN Server
-
Copy the Certificates and Keys
- Copy the generated files to the OpenVPN directory:
-
Create OpenVPN Server Configuration
-
Create and edit the OpenVPN server configuration file:
-
Add the following configuration (adjust paths if needed):
-
-
Enable IP Forwarding
- OpenVPN needs to forward network traffic between the VPN clients and the internet. Enable IP forwarding by running:
-
Configure UFW (Uncomplicated Firewall)
-
Allow OpenVPN traffic through the firewall:
-
Set up NAT (Network Address Translation) for routing traffic from the VPN clients to the internet:
-
Add the following lines before the filter section:
-
Reload UFW to apply changes:
-
Step 5: Start the OpenVPN Server
-
Start OpenVPN Service
- Start the OpenVPN server and enable it to start on boot:
-
Check OpenVPN Status
- Verify that OpenVPN is running correctly:
Step 6: Set Up OpenVPN Client
-
Generate Client Certificates
- On the server, generate a client certificate using Easy-RSA:
-
Transfer Files to Client
- Transfer the following files to your client machine (using
scp
or another secure method):- client1.crt
- client1.key
- ca.crt
- ta.key
- Transfer the following files to your client machine (using
-
Install OpenVPN Client
- On the client machine, install the OpenVPN client. On Ubuntu, you can install OpenVPN using:
-
Create Client Configuration
- Create a configuration file on the client (e.g.,
client.ovpn
) with the following:
- Create a configuration file on the client (e.g.,
-
Connect to VPN
- Connect to your OpenVPN server by running the following command:
Conclusion
By following these steps, you've successfully installed OpenVPN on your VPS and set up a secure private network. You can now securely access your server or private resources through a VPN tunnel from anywhere in the world. OpenVPN is highly configurable, so you can customize it to suit specific needs, including adding multiple users, integrating with corporate authentication systems, or enabling additional encryption protocols.