Reading our previous article on OpenVPN may be practical to many of the readers. You need to configure a non-root user with sudo privileges and ideally another server to certificate authority (CA). How to Create Own Certificate Authority (CA) With EasyRSA is a separate guide which is mandatory to read before proceeding with this guide. Also, try to follow our guide on Initial Cloud Server Setup For The New Users for both server instances.
Steps to Install OpenVPN on Cloud Server
End of the guide on how to create own CA, we ended with few commands :
1 2 3 4 5 6 7 | ./easyrsa init-pki ./easyrsa build-ca nopass ./easyrsa gen-req server-full nopass ./easyrsa gen-dh ./easyrsa sign-req server-full server ./easyrsa gen-req client1 nopass ./easyrsa sign-req client client1 |
Although the steps initially may make confused, it is not difficult to understand for the 2nd effort onwards. The actual steps to install OpenVPN is :
---
1 2 3 | sudo apt update sudo get upgrade sudo apt install OpenVPN |
There is a script to automated OpenVPN installation, which is good enough than the manual setup, yet we will continue talking about manual setup :
1 2 3 | curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh chmod +x debian10-vpn.sh ./debian10-vpn.sh |
Copy the server.crt,ca.crt, ta.key, dh.pem in /etc/openvpn/ directory.
1 2 | mkdir -p ~/client-configs/keys chmod -R 700 ~/client-configs |
Keys generated against client1 in the above steps should be there. You need to configure the OpenVPN installation :
1 2 3 | sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/ sudo gzip -d /etc/openvpn/server.conf.gz sudo nano /etc/openvpn/server.conf |
Here are some of the settings you should have. Choose DNS as 1.1.1.1 or Google DNS for trouble free, fast DNS server (IP addresses 8.8.8.8 and 8.8.4.4 as DNS servers). 1.1.1.1 is a public DNS resolver that makes DNS queries faster :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | tls-auth ta.key 0 # This file is secret key-direction 0 /etc/openvpn/server.conf cipher AES-256-CBC auth SHA256 dh dh.pem user nobody group nogroup push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 1.1.1.1" push "dhcp-option DNS 1.0.0.1" port 443 proto tcp explicit-exit-notify 0 cert server.crt key server.key |
You can use commands like the below for server management :
1 2 3 4 | sudo systemctl stop openvpn@server sudo systemctl start openvpn@server sudo systemctl restart openvpn@server sudo systemctl status openvpn@server |
On the server your will find a client configuration file called ~/linuxDesktop.ovpn. You have to copy this file to your desktop. Install the OpenVPN client application and use that file.
