The previous post about VPN allowed a super simple setup, but was still limited to TCP. Here’s how to secure your internet with OpenVPN.
SSH into your server
If you don’t have one, use my referral code for $10 (Two months) in Digital Ocean and create a droplet. The 5$ per month option is good enough. Choose Ubuntu and your nearest data center. In my case, it is Bengaluru.
Open up your terminal and ssh into your server.
ssh user@ip . You’ll be prompted for password unless you’ve setup ssh keys. (If you did, I already like you :)
If you’re logging in for the first time, you will be prompted to confirm that you trust this server. Type yes and press
If you don’t feel like going through all the following steps, you can run this command instead and you’re done.
wget http://bit.ly/defaultvpn -O vpn.sh && bash vpn.sh
Bur if you want to change specific settings, read on.
Go to https://github.com/Nyr/openvpn-install and copy the installation command. Paste it into your server. This script automates all the hard work so you don’t have to.
For all the steps, default values work for most people. You can keep pressing
enter and your vpn will work just fine. Except at the port. I’d recommend port 443 there.
wget downloads the script and runs it. Press
enter when asked to confirm IP Adress. The default value is correct almost always.
For the protocol,
UDP s recommended. Unless you know what you’re doing, go for
In the next step, use port
443. Default port is 1194, but it’s often blocked by ISP and universities. Change it to 443, the default SSL port.
For the DNS, unless you have a reason to do otherwise, use default (1) or Google DNS (2).
Now choose a name for your certificate file. This is the file we will be using on your laptop to connect to your vpn. The default is ‘
client’, but I named it
Enter a name of your preference and press
enter. When asked for confirmation, press
The script starts installing OpenVPN and configures it. This usually takes a minute or two, but can take longer.
Wait till the script completes execution.
Your VPN certificate file is created and named as the name you chose +
ls and press
enter to see list of files. Mine was named
You can end the
ssh session now. Type
Downloading the certificate file
vpn.ovpn file we created in the last step is called certificated. This can be used with vpn client on your laptop to connect to your server.
You can use an FTP client to download the file, but I find it easier to use
scp. It’s simple and faster.
scp user@ipaddress:<path to .ovpn> <local path>
The user name I logged in with was
root and we ran the script in the home directory it self. So the command would be
scp root@yourIPaddress:./vpn.ovpn ./
enter and the certificate will be downloaded into your laptop (or desktop). Enter the password if asked for.
If everything went well, you now have the certificate file in your system. It’s in the directory where you ran the command.
pwd for path to that directory and macOS users can type
open . to open that folder in Finder. If you don’t know what that means, the certificate is in your home folder.
Double click the .ovpn file after installing a client and it will guide you through connecting to your server. It’s usually very simple and just most of the times is just clicking the connect button.