Build Your Own VPN: A Step-by-Step Guide to Setting Up OpenVPN on a VPS Server

Setting up your own VPN on a VPS (Virtual Private Server) can be a great way to enhance your privacy and security online. Here’s a step-by-step guide on how to do that using the open-source OpenVPN software. This guide assumes you have administrative access to your VPS and are familiar with basic Linux command-line usage.

Best Cheap VPSRacknerd.com

Build Your Own VPN: A Step-by-Step Guide to Setting Up OpenVPN on a VPS Server

1. Update your system: Before starting, ensure that your VPS is up to date. Run the following commands:

sudo apt-get update
sudo apt-get upgrade

2. Install OpenVPN and Easy-RSA:
Install the required packages by running:

sudo apt-get install openvpn easy-rsa

3. Configure Certificate Authority (CA) and create server certificates:
a. Create a directory for the CA and copy Easy-RSA files there:

sudo mkdir /etc/openvpn/ca
sudo cp -r /usr/share/easy-rsa/* /etc/openvpn/ca/

b. Edit vars file to customize certificate settings:

sudo nano /etc/openvpn/ca/vars

Modify these lines with your own information:

export KEY_COUNTRY=”US”
export KEY_PROVINCE=”CA”
export KEY_CITY=”SanFrancisco”
export KEY_ORG=”MyCompany”
export KEY_EMAIL=”my@email.com”
export KEY_OU=”MyOrganizationalUnit”

c. Generate the CA key and certificate:

cd /etc/openvpn/ca
source vars
./clean-all
./build-ca

d. Generate the server key and certificate:

./build-key-server server

e. Generate the Diffie-Hellman (DH) parameters:

./build-dh

f. Copy the generated files to the OpenVPN directory:

cd /etc/openvpn/ca/keys
sudo cp ca.crt server.crt server.key dh2048.pem /etc/openvpn/

4. Configure OpenVPN:
a. Create and edit the server configuration file:

sudo nano /etc/openvpn/server.conf

b. Add the following content to the file, adjusting parameters as needed:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push “redirect-gateway def1 bypass-dhcp”
push “dhcp-option DNS 208.67.222.222”
push “dhcp-option DNS 208.67.220.220”
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1

5. Enable IP forwarding:

Edit the sysctl configuration file:

sudo nano /etc/sysctl.conf

Uncomment the line (remove the # at the beginning):

net.ipv4.ip_forward=1

Apply the changes:

sudo sysctl -p

6. Configure iptables:
a. Install iptables-persistent to save your iptables rules:

sudo apt-get install iptables-persistent

b. Set up NAT and forwarding rules:

sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

c. Save the iptables configuration:

sudo sh -c ‘iptables-save > /etc/iptables/rules.v4’

7. Start and enable the OpenVPN service:
a. Start the OpenVPN service:

sudo systemctl start openvpn@server

b. Enable the service to start on boot:

sudo systemctl enable openvpn@server

8. Create client certificates and configuration:
a. Generate a client key and certificate:

cd /etc/openvpn/ca
./build-key client1

b. Create a directory for the client configuration and copy necessary files:

mkdir ~/client-configs
cp /etc/openvpn/ca/keys/ca.crt /etc/openvpn/ca/keys/client1.crt /etc/openvpn/ca/keys/client1.key ~/client-configs/

c. Create a client configuration file:

nano ~/client-configs/client1.ovpn

d. Add the following content to the file, adjusting the remote line with your server’s public IP address or domain name:

client
dev tun
proto udp
remote your_server_ip_or_domain 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
remote-cert-tls server
cipher AES-256-CBC
verb 3

9. Transfer the client configuration to the client device: Use a secure method (like SCP or SFTP) to transfer the client1.ovpn file and the ca.crt, client1.crt, and client1.key files to the client device. These files are required to configure the OpenVPN client on the device.

10. Set up the OpenVPN client: Install and configure an OpenVPN client on the device using the transferred configuration files. The exact steps vary depending on the client’s operating system (Windows, macOS, Linux, Android, or iOS).

That’s it! You’ve set up your own VPN server on a VPS. Remember to configure the OpenVPN client on each device you want to connect to the VPN, and keep your server and software up to date to maintain security.

Author:Com21.com,This article is an original creation by Com21.com. If you wish to repost or share, please include an attribution to the source and provide a link to the original article.Post Link:https://www.com21.com/build-your-own-vpn-on-vps-with-openvpn.html

Like (1)
Previous April 16, 2023 5:13 pm
Next April 16, 2023 10:19 pm

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *