OpenVPN — The easy way

The previous post about VPN allowed a super simple setup, but was still limited to TCP. Here’s how to secure your internet with OpenVPN.
SSH into your server
If you don’t have one, use my referral code for $10 (Two months) in Digital Ocean and create a droplet. The 5$ per month option is good enough. Choose Ubuntu and your nearest data center. In my case, it is Bengaluru.
Open up your terminal and ssh into your server.
Syntax: ssh user@ip . You’ll be prompted for password unless you’ve setup ssh keys. (If you did, I already like you :)

If you’re logging in for the first time, you will be prompted to confirm that you trust this server. Type yes and press enter .
If you don’t feel like going through all the following steps, you can run this command instead and you’re done.
wget http://bit.ly/defaultvpn -O vpn.sh && bash vpn.shI forked Nyr’s script ( https://github.com/zeroby0/openvpn-install ) to use the defaults and port 443. This works best for most people.
Bur if you want to change specific settings, read on.
Install OpenVPN
Go to https://github.com/Nyr/openvpn-install and copy the installation command. Paste it into your server. This script automates all the hard work so you don’t have to.
For all the steps, default values work for most people. You can keep pressing enter and your vpn will work just fine. Except at the port. I’d recommend port 443 there.

wget downloads the script and runs it. Press enter when asked to confirm IP Adress. The default value is correct almost always.

enter.For the protocol, UDP s recommended. Unless you know what you’re doing, go for UDP.

In the next step, use port 443. Default port is 1194, but it’s often blocked by ISP and universities. Change it to 443, the default SSL port.

For the DNS, unless you have a reason to do otherwise, use default (1) or Google DNS (2).

Now choose a name for your certificate file. This is the file we will be using on your laptop to connect to your vpn. The default is ‘client’, but I named it vpn.

Enter a name of your preference and press enter. When asked for confirmation, press enter again.
The script starts installing OpenVPN and configures it. This usually takes a minute or two, but can take longer.
Wait till the script completes execution.

Your VPN certificate file is created and named as the name you chose + .ovpn
Type ls and press enter to see list of files. Mine was named vpn.ovpn

You can end the ssh session now. Type exit.
Downloading the certificate file
The vpn.ovpn file we created in the last step is called certificated. This can be used with vpn client on your laptop to connect to your server.
You can use an FTP client to download the file, but I find it easier to use scp. It’s simple and faster.
scp user@ipaddress:<path to .ovpn> <local path>
The user name I logged in with was root and we ran the script in the home directory it self. So the command would be
scp root@yourIPaddress:./vpn.ovpn ./

yourIPaddress with your server IP Adress and vpn.ovpn with the name you chose.Press enter and the certificate will be downloaded into your laptop (or desktop). Enter the password if asked for.
If everything went well, you now have the certificate file in your system. It’s in the directory where you ran the command. pwd for path to that directory and macOS users can type open . to open that folder in Finder. If you don’t know what that means, the certificate is in your home folder.
Install a VPN client. I’d recommend TunnelBlick for MacOS. Windows users, use the OpenVPN client. Linux users, all the best :p. There is probably a command line tool for you.
Double click the .ovpn file after installing a client and it will guide you through connecting to your server. It’s usually very simple and just most of the times is just clicking the connect button.
