If you do not want to overpay for any third-party VPN services, we suggest you use these guidelines to install your own VPN server on a Linux virtual machine. Thus, your data will be completely under your control and protected from malicious attacks.
The server side of the software is installed on a VPS with Ubuntu 18.04. We will also show you how to install the client software for the OpenVPN protocol on your personal computer with Windows 10.
VPN (Virtual Private Network) is a closed and secure logical network in addition to an insecure network (the Internet). You can read more about VPN services and how to use them in our blog (“VPN technology for business: pros and cons”).
How to install the OpenVPN server-side from a script
Today, OpenVPN is one of the most stable and reliable open-source VPN technology protocols. OpenVPN is characterized by a large number of implementations for most of the platforms used.
To install the server-side of the VPN software on a virtual server, we use the openvpn-install open-source script.
The ready-made script makes it possible to install and configure any VPN easily. In this case, the installation process is a set of simple steps:
- connection to the server;
- preliminary update of the operating system, if required;
- downloading and activation of the installation script;
- making a copy of the configuration file;
- service performance check.
Attention! The script may be used with the following distributions: CentOS (from version 7), Debian (from version 9), Ubuntu (from version 17) (in case of version 16, use the vpn1604 script).
We will not begin to install the script on a VPS with Ubuntu 18.04.
Step 1. Connect to the server
When making the order, you receive an e-mail with the information necessary to connect to your virtual server: your server IP address, server administrator’s login and password (root), server control panel (URL), as well as login and password, to access it – here you can choose the required operating system.
In order to connect to the VPS, we recommend using any ssh client: PuTTY, Xshell, etc. Run the following command:
where ХХ.ХХХ.ХХХ.ХХ – your server IP address.
If a non-privileged user is previously created on a virtual server for security purposes and allowed to temporarily
have a higher level of privileges running the
sudo command, then do not forget to run this command
every time for all actions that require administrator rights.
In order to log in as a non-privileged user, run the following command:
ssh -l user ХХ.ХХХ.ХХХ.ХХ
where ХХ.ХХХ.ХХХ.ХХ – your server IP address, user – name of the non-privileged user.
Step 2. Update your operating system
You can skip this step if your server ensures the regular update of the operating system. If Ubuntu is recently installed, update it using the following commands for a root user:
apt-get update apt-get upgrade -y
or a non-privileged user:
sudo apt-get update sudo apt-get upgrade -y
Step 3. Download and launch the VPN server installation script
The following command allows you to download and launch the script:
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
sudo wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
First of all, you will see a welcome screen and a few questions:
Welcome to this OpenVPN road warrior installer! Which protocol should OpenVPN use? 1) UDP (recommended) 2) TCP Protocol : What port should OpenVPN listen to? Port : Select a DNS server for the clients: 1) Current system resolvers 2) Google 3) 22.214.171.124 4) OpenDNS 5) Quad9 6) AdGuard DNS server : Enter a name for the first client: Name [client]: OpenVPN installation is ready to begin. Press any key to continue…
In our example, we run the script on a server with a single IP address, so all questions may be answered by pressing the Enter key. The first option out of all offered will be selected. Namely:
- IP address will be determined automatically. If there are several addresses on the server, then the script will offer to select one manually;
- Protocol: UDP;
- Connection port: 1194;
- Servery DNS: Current system resolvers;
- DNS servers: Current system resolvers;
Then, the script will install the repository and all necessary packages, generate RSA keys, install certificates and configuration files for both the server and the client, configure the network filter, and directly launch the openvpn-server service.
When the installation process is complete, the script will display a message about the location of the client configuration file. In case of an administrator user, the file will be installed in the root user's home directory:
/root/client.ovpn. If the script is installed on behalf of an ordinary user with temporary
sudo privileges, then the file will be located in the home directory of this user. This file must be transferred to the computer or other device that will be used to connect to the server. The server configuration file is located here:
Step 4. Copy the client configuration file
Then, you need to transfer the client configuration file, which is created by the script, to a PC or other device. In our case, we will be transferring it to our personal computer with Windows 10.
You may transfer the file using the WinSCP software or the pscp utility from Putty or ensure the built-in implementation of the OpenSSH protocol on your device.
You may learn more about the WinSCP software on the official website of the developer:
We will consider a command for the pscp utility from Putty. In the Windows command line with administrator rights, specify the path to the software, server, and client configuration directory, which looks like this:
C:\Program Files\PuTTY\pscp.exe root@ХХ.ХХХ.ХХХ.ХХ:/root/client.ovpn "C:\Program Files\OpenVPN\config"
- ХХ.ХХХ.ХХХ.ХХ – your server IP address,
/root/client.ovpn– home directory of the root user on the serve,
C:\Program Files\OpenVPN\config– path where the client configuration file will be saved.
Then, it may be required to accept the server fingerprint. Enter the root user’s password.
If OpenSSH is installed on your computer, then the following command is to be run:
scp root@ХХ.ХХХ.ХХХ.ХХ:/root/client.ovpn .
The dot at the end of the command indicates to the user that the file is transferred to the same folder from which the command is run.
Attention! If you run the script not as a root user, but as a privileged user, then in the command you must specify the directory of this user on the server, instead of the directory of the root user.
Step 5. Check the performance of the VPN server
Before establishing any connection to the VPN server, we recommend you to perform certain service performance checks. Namely:
Checking server status:
systemctl status openvpn-server@server -l
● firstname.lastname@example.org - OpenVPN service for server Loaded: loaded (/usr/lib/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2021-10-17 16:15:44 GMT; 3s ago ...
Attention! If you find the inactive (dead) value in the server status, run the specific command (systemctl restart openvpn) and check the status again.
Checking socket status:
ss -4nlup | grep 1194
UNCONN 24960 0 XX.XXX.XX.XX:1194 *:* users:(("openvpn",pid=481,fd=8))
Checking network filter condition:
iptables -nL | grep 1194
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
If, as a result of such checks, there are similar results of the executed commands, then we congratulate you, because you do everything right and now may connect to the OpenVPN server.
How to connect to the OpenVPN server
In order to establish the relevant connection to the VPN server, you need to perform the following tasks:
- install a VPN client on your personal computer, smartphone, or other devices;
- establish the required connection;
- check the quality of the established connection.
Step 1. Install the OpenVPN GUI client on Windows 10
In case of personal computers and laptops with the Windows operating system, the OpenVPN GUI client should be used. The installation process does not cause any difficulties. However, if they take place, you may familiarize yourself with the official instructions posted on the developer's website. By default, the path to the installed software is the following:
Step 2. Establish the connection to the server
The installed client may be launched via the Start menu. The copied configuration file will be applied automatically, and the relevant connection will be established. If you already have the OpenVPN GUI software installed on your device and there are several VPN configuration files available, select the one you just created from the list and click on the “Connect” button.
If the connection is successfully established, the icon will change its color to green.
By clicking the icon in the taskbar, you may disable the connection, reestablish it, check the connection status, and much more.
Step 3. Check if the connection is correct
You can check whether you are really surfing the Internet using the VPN server by visiting https://whatismyipaddress.com/ or https://www.whatismyip.com/.
You should see your server IP address when the relevant VPN connection is enabled, as well as the IP address assigned to you by the Internet service provider when the connection is disabled.
To install any VPN client on MacOS, use the Tunnelblick software.
Official documents and detailed instructions on the OpenVPN protocol may be found on the developer's website:
Please find hereby our other VPN guidelines: