Install an OpenVPN server in One Click

by InstallVPS


Posted on February 13, 2019 at 13:00 PM


OpenVPN installation in just one click.

Contents

Installation process

IMPORTANT: Make sure your vps server supports /dev/net/tun interface as it is required to use openvpn

Here are all the actions we will perform on your server:

  1. Update package versions from repositories.
  2. Update all installed packages to the latest version.
  3. Install and configure all the packages

Packages Installed

The following packages will be installed on your server:

  1. OpenVPN
  2. iptables-persistent

Configuration

The following configuration changes will be performed on your server.

  • All configuration files will be stored in /etc/openvpn
  • Logs will be placed in /var/log/openvpn
  • Required firewall rules will be created and saved using iptables-persistent (you can not use ufw on this server)
  • A bash script will be created so you can create new client certificates: /etc/openvpn/client-configs/new_client.sh

Versions Installed

Depending on the operating system you choose, a different version of the packages will be installed.

You can check the package version for each operating system below.

Debian 8

Installation from repositories without external packages.

Versions installed:

  • OpenVPN 2.3
  • iptables-persistent 1.0.3

Debian 9

Installation from repositories without external packages.

Versions installed:

  • OpenVPN 2.4
  • iptables-persistent 1.0.4

Ubuntu 16.04

Installation from repositories without external packages.

Versions installed:

  • OpenVPN 2.3
  • iptables-persistent 1.0.4

Ubuntu 18.04

Installation from repositories without external packages.

Versions installed:

  • OpenVPN 2.4
  • iptables-persistent 1.0.4

After Installation

Your server is fully installed. You can now check your installation or perform other actions in your server.

Testing Installation

Once the installation is completed, you can test everything works connecting to your server using a client certificate.

Get the client certificate that was automatically created in /etc/openvpn/client-configs/client1.ovpn:

In your linux box, connect to the VPN server running the following command:

# openvpn --config client1.ovpn

That's it, once you see the text "Initialization Sequence Completed" you are connected to your VPN server.

Backups

All files related to your VPN server are stored in /etc/openvpn. This way, if you want to do backups, you only need to backup this folder.

Create a certificate for a new VPN user

We have created a bash script so you can create new certificates easily. Just run this command.

# /etc/openvpn/client-configs/new_client.sh client-name New certificate created and available here: /etc/openvpn/client-configs/client-name.ovpn

Now your certificate is ready to use. You can create unlimited certificates.

How to revoke a working certificate

If you have a certificate that you don't want to use anymore, you can revoke it. This way, the certificate will not be able to stablish new vpn connections.

To get a list of active certificates in your server, you can run this command:

# /etc/openvpn/client-configs/revoke_client.sh list Active openvpn certificates: - client1 - testing-client

To revoke a certificate, run this command:

# /etc/openvpn/client-configs/revoke_client.sh client1

Once revoked, if the client tries to connect, he will get the following error:

TLS Error: TLS key negotiation failed
TLS Error: TLS handshake failed