How to create VPN on a VPS with Ubuntu

If you do not want to overpay for any third-party VPN services, we suggest you use these guidelines to install your own VPN server on a Linux virtual machine. Thus, your data will be completely under your control and protected from malicious attacks.

The server side of the software is installed on a VPS with Ubuntu 18.04. We will also show you how to install the client software for the OpenVPN protocol on your personal computer with Windows 10.

VPN (Virtual Private Network) is a closed and secure logical network in addition to an insecure network (the Internet). You can read more about VPN services and how to use them in our blog (“VPN technology for business: pros and cons”).

How to install the OpenVPN server-side from a script

Today, OpenVPN is one of the most stable and reliable open-source VPN technology protocols. OpenVPN is characterized by a large number of implementations for most of the platforms used.

To install the server-side of the VPN software on a virtual server, we use the openvpn-install open-source script.

The ready-made script makes it possible to install and configure any VPN easily. In this case, the installation process is a set of simple steps:

• connection to the server;
• preliminary update of the operating system, if required;
• downloading and activation of the installation script;
• making a copy of the configuration file;
• service performance check.

We will not begin to install the script on a VPS with Ubuntu 18.04.

Step 1. Connect to the server

When making the order, you receive an e-mail with the information necessary to connect to your virtual server: your server IP address, server administrator’s login and password (root), server control panel (URL), as well as login and password, to access it – here you can choose the required operating system.

In order to connect to the VPS, we recommend using any ssh client: PuTTY, Xshell, etc. Run the following command:

ssh root@ХХ.ХХХ.ХХХ.ХХ

where ХХ.ХХХ.ХХХ.ХХ – your server IP address.

If a non-privileged user is previously created on a virtual server for security purposes and allowed to temporarily have a higher level of privileges running the sudo command, then do not forget to run this command every time for all actions that require administrator rights.

In order to log in as a non-privileged user, run the following command:

ssh -l user ХХ.ХХХ.ХХХ.ХХ

where ХХ.ХХХ.ХХХ.ХХ – your server IP address, user – name of the non-privileged user.

Step 2. Update your operating system

You can skip this step if your server ensures the regular update of the operating system. If Ubuntu is recently installed, update it using the following commands for a root user:

apt-get update
apt-get upgrade -y

or a non-privileged user:

sudo apt-get update
sudo apt-get upgrade -y        

Step 3. Download and launch the VPN server installation script

The following command allows you to download and launch the script:

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

or

sudo wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

First of all, you will see a welcome screen and a few questions:

Welcome to this OpenVPN road warrior installer!
Which protocol should OpenVPN use?
1) UDP (recommended)
2) TCP
Protocol [1]:
What port should OpenVPN listen to?
Port [1194]:
Select a DNS server for the clients:
1) Current system resolvers
2) Google
3) 1.1.1.1
4) OpenDNS
5) Quad9
6) AdGuard
DNS server [1]:
Enter a name for the first client:
Name [client]:
OpenVPN installation is ready to begin.
Press any key to continue…    

In our example, we run the script on a server with a single IP address, so all questions may be answered by pressing the Enter key. The first option out of all offered will be selected. Namely:

• IP address will be determined automatically. If there are several addresses on the server, then the script will offer to select one manually;
• Protocol: UDP;
• Connection port: 1194;
• Servery DNS: Current system resolvers;
• DNS servers: Current system resolvers;

Then, the script will install the repository and all necessary packages, generate RSA keys, install certificates and configuration files for both the server and the client, configure the network filter, and directly launch the openvpn-server service.

When the installation process is complete, the script will display a message about the location of the client configuration file. In case of an administrator user, the file will be installed in the root user's home directory: /root/client.ovpn. If the script is installed on behalf of an ordinary user with temporary sudo privileges, then the file will be located in the home directory of this user. This file must be transferred to the computer or other device that will be used to connect to the server. The server configuration file is located here: /etc/openvpn/server/server.conf.

Step 4. Copy the client configuration file

Then, you need to transfer the client configuration file, which is created by the script, to a PC or other device. In our case, we will be transferring it to our personal computer with Windows 10.

You may transfer the file using the WinSCP software or the pscp utility from Putty or ensure the built-in implementation of the OpenSSH protocol on your device.

You may learn more about the WinSCP software on the official website of the developer:

• How to install WinSCP
• How to connect to the server (File Protocol: SCP)
• Documents

We will consider a command for the pscp utility from Putty. In the Windows command line with administrator rights, specify the path to the software, server, and client configuration directory, which looks like this:

C:\Program Files\PuTTY\pscp.exe root@ХХ.ХХХ.ХХХ.ХХ:/root/client.ovpn "C:\Program Files\OpenVPN\config"

where

• ХХ.ХХХ.ХХХ.ХХ – your server IP address,
• /root/client.ovpn – home directory of the root user on the serve,
• Documents
• C:\Program Files\OpenVPN\config – path where the client configuration file will be saved.

Then, it may be required to accept the server fingerprint. Enter the root user’s password.

If OpenSSH is installed on your computer, then the following command is to be run:

scp root@ХХ.ХХХ.ХХХ.ХХ:/root/client.ovpn .

The dot at the end of the command indicates to the user that the file is transferred to the same folder from which the command is run.

Step 5. Check the performance of the VPN server

Before establishing any connection to the VPN server, we recommend you to perform certain service performance checks. Namely:

1. Checking server status:

   systemctl status openvpn-server@server -l
   

       ● openvpn-server@server.service - OpenVPN service for server
       Loaded: loaded (/usr/lib/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled)
       Active: active (running) since Sat 2021-10-17 16:15:44 GMT; 3s ago
       ...    
   

   Attention! If you find the inactive (dead) value in the server status, run the specific command (systemctl restart openvpn) and check the status again.

2. Checking socket status:

   ss -4nlup | grep 1194
   

   UNCONN 24960 0 XX.XXX.XX.XX:1194 *:* 
   users:(("openvpn",pid=481,fd=8))    
   

3. Checking network filter condition:

   iptables -nL | grep 1194
   

   ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
   

   If, as a result of such checks, there are similar results of the executed commands, then we congratulate you, because you do everything right and now may connect to the OpenVPN server.

How to connect to the OpenVPN server

In order to establish the relevant connection to the VPN server, you need to perform the following tasks:

1. install a VPN client on your personal computer, smartphone, or other devices;
2. establish the required connection;
3. check the quality of the established connection.

Step 1. Install the OpenVPN GUI client on Windows 10

In case of personal computers and laptops with the Windows operating system, the OpenVPN GUI client should be used. The installation process does not cause any difficulties. However, if they take place, you may familiarize yourself with the official instructions posted on the developer's website. By default, the path to the installed software is the following: C:\Program Files\OpenVPN\.

Step 2. Establish the connection to the server

The installed client may be launched via the Start menu. The copied configuration file will be applied automatically, and the relevant connection will be established. If you already have the OpenVPN GUI software installed on your device and there are several VPN configuration files available, select the one you just created from the list and click on the “Connect” button.

If the connection is successfully established, the icon will change its color to green.

By clicking the icon in the taskbar, you may disable the connection, reestablish it, check the connection status, and much more.

Step 3. Check if the connection is correct

You can check whether you are really surfing the Internet using the VPN server by visiting https://whatismyipaddress.com/ or https://www.whatismyip.com/.

You should see your server IP address when the relevant VPN connection is enabled, as well as the IP address assigned to you by the Internet service provider when the connection is disabled.

To install any VPN client on MacOS, use the Tunnelblick software.

Official documents and detailed instructions on the OpenVPN protocol may be found on the developer's website:

• Openvpn Сommunity-resources Documentation
• Connect from a Linux host

Please find hereby our other VPN guidelines:

• How to create VPN on a VPS with CentOS
• How to set up a VPN on your smartphone