How to set up a VPN on your VPS (OpenVPN guide)

Virtual Private Networks (VPNs) are essential tools for enhancing online security and privacy. By setting up a VPN, users can encrypt their internet connection, ensuring that their data remains private and secure from prying eyes. For those with a Virtual Private Server (VPS), installing OpenVPN provides a powerful, flexible, and economical solution. This guide will walk through the steps of installing OpenVPN on a VPS, ensuring that you can secure your internet traffic effectively.

Step-by-Step OpenVPN Installation on VPS

The installation of OpenVPN on your VPS starts with ensuring your system is up-to-date. For most Linux distributions, you can update your system using package managers like apt or yum. For example, on Ubuntu, you would use:

sudo apt update && sudo apt upgrade

After updating, install the OpenVPN software package. On Ubuntu, this is simply:

sudo apt install openvpn

Once OpenVPN is installed, you need to configure the server. This involves setting up the Certificate Authority (CA), server certificate, and client certificates to ensure secure communications. This can be complex, but thankfully, easy-rsa, a CLI utility, can help simplify this process. Install easy-rsa via your package manager:

sudo apt install easy-rsa

Then, copy the easy-rsa template files to a directory where you will manage your certificates:

make-cadir ~/openvpn-ca
cd ~/openvpn-ca

Next, initiate the Public Key Infrastructure (PKI) and build the CA certificate and server certificate:

./easyrsa init-pki
./easyrsa build-ca
./easyrsa gen-req server nopass
./easyrsa sign-req server server

These commands set up the necessary certificates that your OpenVPN server will use to establish secure connections.

Configuring Your VPS for OpenVPN Use

With certificates in place, you must configure the OpenVPN server. Begin by copying the example server configuration file provided by OpenVPN to your working directory and editing it to suit your needs:

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
gzip -d /etc/openvpn/server.conf.gz
sudo nano /etc/openvpn/server.conf

In the configuration file, update the paths to the certificate files you have created and adjust other settings such as port number, encryption standards, and network settings as necessary.

Network routing is an essential aspect of your VPN’s configuration. Edit the server configuration to enable packet forwarding and configure iptables to handle traffic routing appropriately:

echo 1 > /proc/sys/net/ipv4/ip_forward
sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE

This setup directs all traffic from the VPS running OpenVPN to the internet, behaving as a gateway.

Finally, enable and start the OpenVPN service to ensure that it runs at boot:

sudo systemctl enable openvpn@server
sudo systemctl start openvpn@server

Monitoring the system log can help troubleshoot any initial issues:

sudo journalctl -u openvpn@server

By following this comprehensive guide, you have now equipped your VPS with OpenVPN, enhancing the security and privacy of your network communications. Once everything is set up and running smoothly, your VPS will serve as a robust VPN server, allowing secure and private connections from wherever you are. Remember that maintaining security on a VPN involves regular updates and monitoring, so keep your system and software up to date, and monitor the logs to ensure that everything is functioning as expected.

Related posts:

How to use Let’s Encrypt on a VPS (free SSL) How to secure a Linux VPS (basic security guide) How to Install a Free SSL Certificate on cPanel (Let’s Encrypt Guide) How to install SSL on a VPS (step-by-step)