Create an OpenVPN Server in Seconds
August 3, 2022
Nowadays creating your own VPN server is not as difficult as it might seem. There are several Github repositories that will reduce the difficulty in setting up a VPN, especially the OpenVPN server. Before starting to build a VPN server, let's talk a little about what a VPN is and how a VPN works.
Nowadays creating your own VPN server is not as difficult as it might seem. There are several Github repositories that will reduce the difficulty in setting up a VPN, especially the OpenVPN server. Before starting to build a VPN server, let's talk a little about what a VPN is and how a VPN works.
What is a VPN?
VPN or Virtual Private Network is a connection service that is secure (secure) and private (private) by encrypting all network traffic and changing the connection path through the VPN server and hiding data exchange that takes place.
For example, a VPN client never directly accesses another (web) server, everything will be requested from the VPN server and the VPN server will forward the request.
There is an article that can explain completely what VPN is and its functions as well as other things about VPN with easy-to-understand sentences, you can read the article here.
Why do you need your own VPN server?
Having your own VPN means you have complete control and only you can read the server logs. Without realizing it, the ISP (Internet Service Provider) we use can spy on our traffic, so we need a special lane so that our traffic is not visible.
There are many VPN services from free to paid. We can use it, but do not rule out the possibility of our data or traffic on the VPN service being leaked. You can see in full here.
Here are some use cases where a VPN can help:
- Hide real IP address
- Surf safely on public Wi-Fi
- Accessing services in the VPN server network
VPN server hosting
I am using an Ubuntu 20.04 LTS server hosted on AWS EC2. Before using the new server as a VPN Server, I did the initial configuration in securing the server, the steps can be read here In this particular case, we do not configure the firewall on the server but use the AWS provided Security Group.
For firewalls, make sure UDP port 1194 is open because that port will be used by OpenVPN. Or you can use another port and adjust it to the port during the installation stage later.
This tutorial can also be used on Debian, Ubuntu and CentOS.
To install a VPN server in seconds, I used a shell script created by Nyr named openvpn-install .
OpenVPN Server installation
Download the shell script.
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
After the download is complete, it is necessary to make openvpn-install.sh executable.
chmod + x openvpn-install.sh
The script will ask a few questions about how we want to set up the VPN server. Press Enter to use the default (recommended) options.
In this experiment, I just changed the default DNS to use 1.1.1.1.
Welcome to this OpenVPN road warrior installer!
I need to ask you a few questions before starting setup.
You can use the default options and just press enter if you are ok with them.
Which protocol do you want for OpenVPN connections?
1) UDP (recommended)
2) TCP
Protocol [1]:
What port do you want OpenVPN listening to?
Port [1194]:
Which DNS do you want to use with the VPN?
1) Current system resolvers
2) 1.1.1.1
3) Google
4) OpenDNS
5) Verisign
DNS [1]: 2
Finally, tell me a name for the client certificate.
Client name [client]:
Okay, that was all I needed. We are ready to set up your OpenVPN server now.
Press any key to continue ...
Then the script will install OpenVPN on the server.
Get the .ovpn file from the server
In order to connect to the VPN server, it requires the generated .ovpn file. On Windows, it is recommended to use Filezilla or WinSCP and log in to the server using SFTP. On macOS and Linux, you can copy files from server to machine using scp.
To copy files with scp run the following command:
scp <USERNAME> @ <SERVER_IP>: / root / <CLIENT> .ovpn.
If the certificate or file .ovpn is used for a smartphone, use a secure medium of transmission. For Mac or iPhone, it is recommended to copy files using AirDrop.
If you must use Email, please zip the .ovpn file and provide a strong password for the zip file before sending it.
Uses .ovpn files
For Windows OS, you can download the official application from OpenVPN, on iOS and Android there is the official OpenVPN Connect application on the App Store and Google Play, while for macOS you can use the Tunnelblick application .
How to use it is usually the same for each OS. First have to import the .ovpn file and then connect to the server. If the connection is successful, check the current IP address by typing the words what is my ip address in google and Google will show IP address.
If the IP address is the same as the server, it means that the VPN client and server have successfully connected.
Adding a new client user
To add a new user simply run the script and select 1 then a name for the device that will use the client certificate. In this case, I created a user for my iPhone.
./openvpn-install.sh
Looks like OpenVPN is already installed.
What do you want to do?
1) Add a new user
2) Revoke an existing user
3) Remove OpenVPN
4) Exit
Select an option: 1
Tell me a name for the client certificate.
Client name: iphone
Using SSL: openssl OpenSSL 1.1.1 11
...............
Write out database with 1 new entries
Data Base Updated
The iphone client added, configuration is available at: /root/iphone.ovpn
That's it! We've got our privacy protected while in cyberspace and we can congratulate ourselves for just setting up a self-hosted VPN server 脂.
Credits:
- icon: designed by monkik from Flaticon