Disclosure: This post contains affiliate links for ExpressVPN and Vultr.
Hosting your own VPN has never been easier. There are now multiple Github projects that will reduce the pain on setting up your own VPN server.
Before we start installing the VPN, lets talk about what VPN is and how it can help us.
A VPN or Virtual Private Network is a network between the VPN client(s) and the VPN server. The advantage of this network is, that it is fully encrypted and the whole network traffic of the VPN client will go through the encrypted tunnel.
The VPN client never access other (web)servers directly, everything will be requested from the VPN server and the VPN server will forward the request.
Having your own VPN means that you have fully control over it and only YOU are able to read the logs of the server.
Here are some use cases, where a VPN can be helpful:
- Hiding your real IP address
- Secure surfing in public Wi-Fis
- Accessing services inside the VPN servers network
If you want to have access to multiple server in different locations, you should probably buy a VPN from a known provider such as ExpressVPN or NordVPN. These providers have lots of VPN servers in different countries.
I am using a Ubuntu 18.04.3 LTS server hosted on Vultr
This Tutorial should also work on Debian, Ubuntu and CentOS
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
The script will ask a few questions on how you want to setup your VPN server. Press Enter to use the default (and most of the time recommended) option.
I only changed the default DNS to use
Welcome to this OpenVPN road warrior installer! I need to ask you a few questions before starting setup. You can use the default options and just press enter if you are ok with them. Which protocol do you want for OpenVPN connections? 1) UDP (recommended) 2) TCP Protocol : What port do you want OpenVPN listening to? Port : Which DNS do you want to use with the VPN? 1) Current system resolvers 2) 188.8.131.52 3) Google 4) OpenDNS 5) Verisign DNS : 2 Finally, tell me a name for the client certificate. Client name [client]: Okay, that was all I needed. We are ready to set up your OpenVPN server now. Press any key to continue...
The script will now install OpenVPN on your server.
After the Installation has finished, you need the make the
chmod +x openvpn-install.sh
To add a new user just run the script again and select 1 and type in a name for which device you will be using this client certificate. In my case I created a user for my iPhone.
./openvpn-install.sh Looks like OpenVPN is already installed. What do you want to do? 1) Add a new user 2) Revoke an existing user 3) Remove OpenVPN 4) Exit Select an option: 1 Tell me a name for the client certificate. Client name: iphone Using SSL: openssl OpenSSL 1.1.1 11 Sep 2018 Can't load /etc/openvpn/server/easy-rsa/pki/.rnd into RNG 140236248433088:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/etc/openvpn/server/easy-rsa/pki/.rnd Generating a RSA private key ................................+++++ .................+++++ writing new private key to '/etc/openvpn/server/easy-rsa/pki/private/iphone.key.BnNBhJXQKm' ----- Using configuration from ./safessl-easyrsa.cnf Can't load /etc/openvpn/server/easy-rsa/pki/.rnd into RNG 140374526300608:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/etc/openvpn/server/easy-rsa/pki/.rnd Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'iphone' Certificate is to be certified until Jan 19 18:31:07 2030 GMT (3650 days) Write out database with 1 new entries Data Base Updated Client iphone added, configuration is available at: /root/iphone.ovpn
To copy the file with
scp run the following command:
scp <USERNAME>@<SERVER_IP>:/root/<CLIENT>.ovpn .
an example could look like this:
scp firstname.lastname@example.org:/root/iphone.ovpn .
If the certificate is for a smartphone, it is important that you copy it using a secure medium. With a Mac and a iPhone it is recommended that you copy the .ovpn file using AirDrop.
If you have to use Email, please zip the .ovpn file and give the zip file a strong password before you send it.
Usually the process is the same for every client. You have to import the .ovpn file into the client and connect to the server. If the connection was successful you can type into google "what is my ip address" and Google should show you your current IP address.
If the IP address is the same as the server, you can congratulate yourself! You just set up your (first) self hosted VPN server 🎉