DEV Community

Florian Kapfenberger
Florian Kapfenberger

Posted on • Originally published at on

Host your own OpenVPN server in a few seconds

Disclosure: This post contains affiliate links for ExpressVPN and Vultr.

Hosting your own VPN has never been easier. There are now multiple Github projects that will reduce the pain on setting up your own VPN server.

Before we start installing the VPN, lets talk about what VPN is and how it can help us.

What is a VPN?

A VPN or Virtual Private Network is a network between the VPN client(s) and the VPN server. The advantage of this network is, that it is fully encrypted and the whole network traffic of the VPN client will go through the encrypted tunnel.

The VPN client never access other (web)servers directly, everything will be requested from the VPN server and the VPN server will forward the request.

Why do I want to host my own VPN server?

Having your own VPN means that you have fully control over it and only YOU are able to read the logs of the server.

Here are some use cases, where a VPN can be helpful:

  • Hiding your real IP address
  • Secure surfing in public Wi-Fis
  • Accessing services inside the VPN servers network

Why should I not host my own VPN server?

If you want to have access to multiple server in different locations, you should probably buy a VPN from a known provider such as ExpressVPN or NordVPN. These providers have lots of VPN servers in different countries.

Hosting your VPN server

I am using a Ubuntu 18.04.3 LTS server hosted on Vultr

This Tutorial should also work on Debian, Ubuntu and CentOS

To install our VPN server in seconds, we are using a shell script created by Nyr named openvpn-install.

OpenVPN installation

wget -O && bash

The script will ask a few questions on how you want to setup your VPN server. Press Enter to use the default (and most of the time recommended) option.

I only changed the default DNS to use

Welcome to this OpenVPN road warrior installer!

I need to ask you a few questions before starting setup.
You can use the default options and just press enter if you are ok with them.

Which protocol do you want for OpenVPN connections?
   1) UDP (recommended)
   2) TCP
Protocol [1]:

What port do you want OpenVPN listening to?
Port [1194]:

Which DNS do you want to use with the VPN?
   1) Current system resolvers
   3) Google
   4) OpenDNS
   5) Verisign
DNS [1]: 2

Finally, tell me a name for the client certificate.
Client name [client]:

Okay, that was all I needed. We are ready to set up your OpenVPN server now.
Press any key to continue...

The script will now install OpenVPN on your server.

Adding a new user

After the Installation has finished, you need the make the exectuable.

chmod +x

To add a new user just run the script again and select 1 and type in a name for which device you will be using this client certificate. In my case I created a user for my iPhone.


Looks like OpenVPN is already installed.

What do you want to do?
   1) Add a new user
   2) Revoke an existing user
   3) Remove OpenVPN
   4) Exit
Select an option: 1

Tell me a name for the client certificate.
Client name: iphone

Using SSL: openssl OpenSSL 1.1.1 11 Sep 2018
Can't load /etc/openvpn/server/easy-rsa/pki/.rnd into RNG
140236248433088:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/etc/openvpn/server/easy-rsa/pki/.rnd
Generating a RSA private key
writing new private key to '/etc/openvpn/server/easy-rsa/pki/private/iphone.key.BnNBhJXQKm'
Using configuration from ./safessl-easyrsa.cnf
Can't load /etc/openvpn/server/easy-rsa/pki/.rnd into RNG
140374526300608:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/etc/openvpn/server/easy-rsa/pki/.rnd
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'iphone'
Certificate is to be certified until Jan 19 18:31:07 2030 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

Client iphone added, configuration is available at: /root/iphone.ovpn

Retrieving the .ovpn file from the server

On macOS and Linux you can copy the file from the server to your machine using scp. On Windows it is best if you download Filezilla orWinSCP and logging into the server using SFTP.

To copy the file with scp run the following command:

scp <USERNAME>@<SERVER_IP>:/root/<CLIENT>.ovpn .

an example could look like this:

scp root@ .

If the certificate is for a smartphone, it is important that you copy it using a secure medium. With a Mac and a iPhone it is recommended that you copy the .ovpn file using AirDrop.

If you have to use Email, please zip the .ovpn file and give the zip file a strong password before you send it.

Using the .ovpn file

On macOS you can use the app Tunnelblick, on Windows there is an official programm from OpenVPN and on iOS and Android there are offical OpenVPN Connect apps on the App Store and Google Play.

Usually the process is the same for every client. You have to import the .ovpn file into the client and connect to the server. If the connection was successful you can type into google "what is my ip address" and Google should show you your current IP address.

If the IP address is the same as the server, you can congratulate yourself! You just set up your (first) self hosted VPN server πŸŽ‰

Top comments (15)

defman profile image
Sergey Kislyakov

I used OpenVPN, but I've switched to WireGuard. Simpler to use, built in linux kernel (so I guess it's faster than OpenVPN in most cases). If you don't need any specific stuff from OpenVPN and just want a personal VPN, consider trying it. I've been using it for a year or two.

phiilu profile image
Florian Kapfenberger

Hey Sergey, I never heard of WireGuard before, but looks very interesting. Thanks for sharing!

xenstar profile image

Have you tried Trojan GFW - It's a modern undetectable proxy server and the speed with any server is mind-blowing. I am using it for last few months, I don't even feel like using a VPN anymore.

elindydotcom profile image
elindydotcom uses a modified version of NYR's script to fire up VPN servers on demand without having to deal with the maintenance/update of yet another server or even logging into the server at all. Most folks in this group might not need something like it since most members of the group is comfortable working at the command line. Just pointing it out as something to maybe go kick the tires on...

osde8info profile image
Clive Da • Edited

you also try mysteryium vpn

phiilu profile image
Florian Kapfenberger

Do you mean this site. The concept looks quite interesting and its decentralised.

osde8info profile image
Clive Da

yes just added link

gabrielski profile image

CyberGhost VPN does a very good job!

phiilu profile image
Florian Kapfenberger

Yes I have used CyberGhost before. I think I got it once through one of those macOS apps bundles.

leonard25160464 profile image

Hey all! I if someone need it, I find compare of vpns:
Both advantages and disadvantages are given there. I hope someone comes in handy)

iampaoloxd profile image

hey thanks for sharing.. have you seen v2ray by any chance ?

manu_seoane profile image
Manu Seoane

There’s a safer, much more up-to-date version of Nyr’s script forked here. I would definitely take a look at it πŸ˜‰

giovann97430186 profile image
Giovanni Cruz • Edited

Thanks for "the help"

Some comments may only be visible to logged-in visitors. Sign in to view all comments.