How To Set Up OpenVPN In A VPS

Looking for a simple, stable and significant VPS as your web hosting? Check out DigitalOcean, only $5 per month, and you can get $10 in credit just for signing up now.

Different from PPTP and L2TP/IPSec, which are mainly based on Xen, OpenVPN is also workable well in the OpenVZ VPS, but you need to install a desktop client to run it.

This post will show you how to set up an OpenVPN in only 10 steps, and what you need are a VPS and a computer. Same as the PPTP and L2TP/IPSec tutorial, the following steps are based on the Ubuntu system of Xen VPS and the Terminal application of Mac, and for Linux, the steps will be nearly the same, but for Windows, you will need to install Putty first. Here we go:

I. Connect to your VPS

Run your Terminal, and enter the following command:

ssh [email protected]

Just replace “xxx.xxx.xxx.xxx” with your VPS’ IP, such as “178.18.17.142”.

Tips: You can check out the PPTP setup tutorial for more details.

II. Install OpenVPN

Enter the following command:

apt-get install openvpn

Press the "Return" key, and enter "y", then press the "Return" key.

III. Move easy-rsa into the correct place

Enter the following command:

cp -R /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn

Press the "Return" key, then you can move the easy-rsa folder to the OpenVPN directory.

IV. Generate keys

Enter the following commands one by one, press the "Return" key at each line, and answer "yes" to all "yes/no" questions:

cd /etc/openvpn/easy-rsa/2.0

. ./vars

./clean-all

./build-ca

./build-key-server server

./build-key client

./build-dh

Tips: You can change the "client" to any name you like, but don’t forget to change accordingly in the following steps.

V. Apply iptables rules

This step will let your OpenVPN connect with the whole internet world.

1. Forward the IP

Enter the following command:

vi /etc/sysctl.conf

Press the "Return" key, find the line of "#net.ipv4.ip_forward=1" and press the "x" key to remove the "#", then enter ":wq" to save it.

2. Run the forward

Enter the following command to make the forward active:

sysctl -p

Then you will see the following message as a result:

net.ipv4.ip_forward=1

3. Create iptables rules

Enter the following command:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to 178.18.17.142

Remember to replace "178.18.17.142" with the actual IP address of your VPS.

Tips: For OpenVZ VPS, you need to replace "eth0" with "venet0".

VI. Create the VPS OpenVPN configuration file

Enter the following command:

# vi /etc/openvpn/server.conf

Press the "Return" key, and press the "i" key, then paste the following contents:

port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
duplicate-cn
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3

Press the "esc" to quit the insert mode, and enter ":wq" to save the change.

Tips: You can also replace 8.8.8.8 & 8.8.4.4 with 208.67.222.222 & 208.67.220.220.

VII. Start OpenVPN

Enter the following command:

# /etc/init.d/openvpn start

Press the "Return" key.

VIII. Create the PC OpenVPN configuration file

Enter the following command:

vi /etc/openvpn/easy-rsa/2.0/keys/client.conf

Press the "Return" key, and press the "i" key, then paste the following contents:

client
dev tun
proto udp
remote 178.18.17.142 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 3
redirect-gateway
script-security 2

Remember to replace "178.18.17.142" with your own VPS’ IP address.

After that, press the "esc" to quit the insert mode, and enter ":wq" to save the file.

IX. For reboot

In order to redo the above iptables settings when you reboot your VPS, you can enter the following command:

vi /etc/rc.local

Press the "Return" key, and press the "i" key, then paste the following contents above the line of "exit 0" :

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to 178.18.17.142
openvpn /etc/openvpn/server.conf

Remember to replace “178.18.17.142” with the actual IP address of your VPS. After that, press the "esc" to quit the insert mode, and enter ":wq" to save the file.

Tips: The above command is for Xen VPS, and for OpenVZ VPS, you need to replace "eth0" with "venet0".

X. Download some things to your PC

You need to download the following 4 files to your local PC:

  • client.conf
  • ca.crt
  • client.crt
  • client.key

To do so, you can use Fetch (for Mac), WinSCP (for Windows) or some other SFTP software, and you can also use your Mac’s Terminal with the following SSH commands:

1. Get into the path

Enter the following command:

cd /etc/openvpn/easy-rsa/2.0/keys/

Press the "Return" key.

2. Download the files

Enter the following content:

scp ca.crt client.crt client.key client.conf [email protected]:

Remember to replace "air" with your Mac’s user name, and "68.68.40.151" with your local IP, which you can find out by opening a new Terminal window and entering "ifconfig", if you can see a "ppp0" item like the following:

How to set up OpenVPN

Then the first inet value will be THE IP, or you can’t download the files with the above scp command.

After that, press the "Return" key, answer "yes" to the question, and enter your Mac password if any, then you can download all the 4 files to the user name’s root.

3. Move the download files

When it is finished, go to the root of your user name, and move the 4 download files to your local OpenVPN configurations folder, then your own OpenVPN is ready.

Bonus:

The following is a configuration package of an OpenVPN created in a Xen VPS according to the above tutorials:

FreeNuts OpenVPN

The OpenVPN will be free and available for a month, you can download it and check out this post for how to use in your computer and mobile phone.

Spread the love
This entry was posted in Other Free Nuts and tagged , . Bookmark the permalink.