DEV Community

loading...

Host your own OpenVPN server in a few seconds

Florian Kapfenberger
I am a software developer from Austria πŸ‡¦πŸ‡Ή and very excited about Frontend Development.
Originally published at phiilu.com on ・4 min read

Disclosure: This post contains affiliate links for ExpressVPN and Vultr.

Hosting your own VPN has never been easier. There are now multiple Github projects that will reduce the pain on setting up your own VPN server.

Before we start installing the VPN, lets talk about what VPN is and how it can help us.

What is a VPN?

A VPN or Virtual Private Network is a network between the VPN client(s) and the VPN server. The advantage of this network is, that it is fully encrypted and the whole network traffic of the VPN client will go through the encrypted tunnel.

The VPN client never access other (web)servers directly, everything will be requested from the VPN server and the VPN server will forward the request.

Why do I want to host my own VPN server?

Having your own VPN means that you have fully control over it and only YOU are able to read the logs of the server.

Here are some use cases, where a VPN can be helpful:

  • Hiding your real IP address
  • Secure surfing in public Wi-Fis
  • Accessing services inside the VPN servers network

Why should I not host my own VPN server?

If you want to have access to multiple server in different locations, you should probably buy a VPN from a known provider such as ExpressVPN or NordVPN. These providers have lots of VPN servers in different countries.

Hosting your VPN server

I am using a Ubuntu 18.04.3 LTS server hosted on Vultr

This Tutorial should also work on Debian, Ubuntu and CentOS

To install our VPN server in seconds, we are using a shell script created by Nyr named openvpn-install.

OpenVPN installation

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

The script will ask a few questions on how you want to setup your VPN server. Press Enter to use the default (and most of the time recommended) option.

I only changed the default DNS to use 1.1.1.1

Welcome to this OpenVPN road warrior installer!

I need to ask you a few questions before starting setup.
You can use the default options and just press enter if you are ok with them.

Which protocol do you want for OpenVPN connections?
   1) UDP (recommended)
   2) TCP
Protocol [1]:

What port do you want OpenVPN listening to?
Port [1194]:

Which DNS do you want to use with the VPN?
   1) Current system resolvers
   2) 1.1.1.1
   3) Google
   4) OpenDNS
   5) Verisign
DNS [1]: 2

Finally, tell me a name for the client certificate.
Client name [client]:

Okay, that was all I needed. We are ready to set up your OpenVPN server now.
Press any key to continue...

The script will now install OpenVPN on your server.

Adding a new user

After the Installation has finished, you need the make the openvpn-install.sh exectuable.

chmod +x openvpn-install.sh

To add a new user just run the script again and select 1 and type in a name for which device you will be using this client certificate. In my case I created a user for my iPhone.

./openvpn-install.sh

Looks like OpenVPN is already installed.

What do you want to do?
   1) Add a new user
   2) Revoke an existing user
   3) Remove OpenVPN
   4) Exit
Select an option: 1

Tell me a name for the client certificate.
Client name: iphone

Using SSL: openssl OpenSSL 1.1.1 11 Sep 2018
Can't load /etc/openvpn/server/easy-rsa/pki/.rnd into RNG
140236248433088:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/etc/openvpn/server/easy-rsa/pki/.rnd
Generating a RSA private key
................................+++++
.................+++++
writing new private key to '/etc/openvpn/server/easy-rsa/pki/private/iphone.key.BnNBhJXQKm'
-----
Using configuration from ./safessl-easyrsa.cnf
Can't load /etc/openvpn/server/easy-rsa/pki/.rnd into RNG
140374526300608:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/etc/openvpn/server/easy-rsa/pki/.rnd
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'iphone'
Certificate is to be certified until Jan 19 18:31:07 2030 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

Client iphone added, configuration is available at: /root/iphone.ovpn

Retrieving the .ovpn file from the server

On macOS and Linux you can copy the file from the server to your machine using scp. On Windows it is best if you download Filezilla orWinSCP and logging into the server using SFTP.

To copy the file with scp run the following command:

scp <USERNAME>@<SERVER_IP>:/root/<CLIENT>.ovpn .

an example could look like this:

scp root@123.45.67.89:/root/iphone.ovpn .

If the certificate is for a smartphone, it is important that you copy it using a secure medium. With a Mac and a iPhone it is recommended that you copy the .ovpn file using AirDrop.

If you have to use Email, please zip the .ovpn file and give the zip file a strong password before you send it.

Using the .ovpn file

On macOS you can use the app Tunnelblick, on Windows there is an official programm from OpenVPN and on iOS and Android there are offical OpenVPN Connect apps on the App Store and Google Play.

Usually the process is the same for every client. You have to import the .ovpn file into the client and connect to the server. If the connection was successful you can type into google "what is my ip address" and Google should show you your current IP address.

If the IP address is the same as the server, you can congratulate yourself! You just set up your (first) self hosted VPN server πŸŽ‰

Discussion (15)

Collapse
defman profile image
Sergey Kislyakov πŸ‡·πŸ‡Ί πŸ‡ΊπŸ‡Έ

I used OpenVPN, but I've switched to WireGuard. Simpler to use, built in linux kernel (so I guess it's faster than OpenVPN in most cases). If you don't need any specific stuff from OpenVPN and just want a personal VPN, consider trying it. I've been using it for a year or two.

Collapse
phiilu profile image
Florian Kapfenberger Author

Hey Sergey, I never heard of WireGuard before, but looks very interesting. Thanks for sharing!

Collapse
xenstar profile image
xenstar

Have you tried Trojan GFW - trojan-gfw.github.io/trojan/ It's a modern undetectable proxy server and the speed with any server is mind-blowing. I am using it for last few months, I don't even feel like using a VPN anymore.

Collapse
elindydotcom profile image
elindydotcom

spinupvpn.com uses a modified version of NYR's script to fire up VPN servers on demand without having to deal with the maintenance/update of yet another server or even logging into the server at all. Most folks in this group might not need something like it since most members of the group is comfortable working at the command line. Just pointing it out as something to maybe go kick the tires on...

Collapse
osde8info profile image
Clive Da • Edited

you also try mysteryium vpn

mysterium.network/

Collapse
phiilu profile image
Florian Kapfenberger Author

Do you mean this site. The concept looks quite interesting and its decentralised.

Collapse
osde8info profile image
Clive Da

yes just added link

Collapse
gabrielski profile image
Gabrielski

CyberGhost VPN does a very good job!

Collapse
phiilu profile image
Florian Kapfenberger Author

Yes I have used CyberGhost before. I think I got it once through one of those macOS apps bundles.

Collapse
iampaoloxd profile image
Paolo

hey thanks for sharing.. have you seen v2ray by any chance ?

Collapse
leonard25160464 profile image
Leonard

Hey all! I if someone need it, I find compare of vpns: bestadvisor.com/vpn-services
Both advantages and disadvantages are given there. I hope someone comes in handy)

Collapse
giovann97430186 profile image
Giovanni Cruz • Edited

Thanks for "the help"

Collapse
manu_seoane profile image
Manu Seoane

There’s a safer, much more up-to-date version of Nyr’s script forked here. I would definitely take a look at it πŸ˜‰

Collapse
ledgeset profile image
ledgeset

Well, I used my own VPN from an old pc that I had, but in the end, I needed something to pass geo-blocks and I would not try to get my own server in another continent. NordVPN, as you suggested works really well, especially on android AND the price for it, is really good. They have dedicated IP's too if you want them

Collapse
phiilu profile image
Florian Kapfenberger Author

Yeah to pass geo blocking you would need access to lots of different servers in different countries, so your own personal VPN can not really help you there. The dedicated IP feature from NordVPN is quite an argument for choosing them as your VPN provider.