Adityacprtm
Aditya Pratama
Site Reliability Engineer
operator/01
system status
status available
tzGMT+7
response<24h
Return to Blog

How to Set Up a Self-Hosted OpenVPN Server on Ubuntu 24.04

Complete guide to setting up your own OpenVPN server on Ubuntu 24.04 LTS with Nyr's automated script. Self-hosted VPN for secure remote access, encrypted tunneling, and privacy protection.

Adityacprtm

Setting up your own VPN server is easier than most people think. Several open-source scripts automate the entire OpenVPN setup in under a minute. This guide walks through deploying a self-hosted OpenVPN server on Ubuntu 24.04 LTS, from provisioning to client connection.

What is a VPN?

A VPN (Virtual Private Network) encrypts all network traffic between your device and the VPN server, then forwards requests to the internet from the server’s IP address. This prevents eavesdropping on your connection and hides your real IP from the services you access.

Why self-host instead of using a VPN service?

Commercial VPN services (NordVPN, ExpressVPN, etc.) handle thousands of users — their logs, DNS queries, and traffic patterns are outside your control. Running your own VPN server means:

  • Complete privacy — only you read the server logs
  • No third-party risk — your data never touches a commercial VPN provider’s infrastructure
  • Full control — choose the server region, protocol, port, and encryption settings
  • Network access — securely reach services inside your cloud VPC or homelab

Use cases include hiding your IP on public Wi-Fi, accessing geo-restricted resources in your cloud region, and securely connecting to your private network.

Prerequisites

  • An Ubuntu 24.04 LTS server (AWS EC2, DigitalOcean, or any VPS)
  • UDP port 1194 open in the firewall / security group
  • SSH access to the server

The same script works on Debian 12, Ubuntu 22.04+, and CentOS 7+. This guide uses Ubuntu 24.04 LTS.

OpenVPN Server Installation

The fastest method is using Nyr’s openvpn-install script — a battle-tested shell script used by thousands of self-hosters.

bash
wget https://git.io/vpn -O openvpn-install.sh
chmod +x openvpn-install.sh
sudo bash openvpn-install.sh

The script prompts you for a few settings. Defaults are recommended for most options:

code
Welcome to this OpenVPN road warrior installer!

Which protocol do you want for OpenVPN connections?
   1) UDP (recommended)
   2) TCP
Protocol [1]:

What port do you want OpenVPN listening to?
Port [1194]:

Which DNS do you want to use with the VPN?
   1) Current system resolvers
   2) 1.1.1.1
   3) Google
   4) OpenDNS
   5) Verisign
DNS [1]: 2

Client name [client]:

Press enter to accept defaults. For DNS, 1.1.1.1 (Cloudflare) is a solid privacy-focused choice.

After confirming, the script compiles and installs OpenVPN, generates server certificates, and creates the initial client profile — all in about 30 seconds.

Retrieving the Client Configuration

The script outputs a .ovpn file (typically /root/client.ovpn). Copy it to your local machine:

bash
scp user@<SERVER_IP>:/root/client.ovpn ~/Downloads/

For smartphones, use AirDrop (Apple) or a USB cable. If you must email the file, zip it with a strong password first.

Connecting to Your VPN

Import the .ovpn file and connect. Verify by searching “what is my ip address” — it should show your server’s IP.

Adding More Clients

Re-run the script to add or revoke users:

bash
sudo bash openvpn-install.sh

What do you want to do?
   1) Add a new user
   2) Revoke an existing user
   3) Remove OpenVPN
   4) Exit
Select an option: 1

WireGuard — The Modern Alternative

If you prioritize performance over OVPN compatibility, consider WireGuard. Nyr’s script also supports WireGuard — just select it during installation. WireGuard offers:

  • Faster throughput — simpler crypto, less CPU overhead
  • Kernel-level performance — built into the Linux kernel since 5.6
  • Roaming — connections survive network changes gracefully

To install WireGuard instead, run the same script and choose option when prompted.

Next Steps

Now that your VPN is running, apply basic server hardening steps — SSH key auth, firewall rules, and fail2ban — to keep your infrastructure secure.


First published August 2022. Updated July 2026 for Ubuntu 24.04 LTS and WireGuard support.

Comments
← PreviousLinux ACL Guide: Manage Access Control Lists with setfacl & getfaclNext →Linux Server Security: Initial Setup Steps for Ubuntu 24.04
© 2026 Aditya Chamim PratamaContactAll systems operational