OpenVPN — The easy way

The previous post about VPN allowed a super simple setup, but was still limited to TCP. Here’s how to secure your internet with OpenVPN.

SSH into your server

Open up your terminal and ssh into your server.

Syntax: ssh user@ip . You’ll be prompted for password unless you’ve setup ssh keys. (If you did, I already like you :)

If you’re logging in for the first time, you will be prompted to confirm that you trust this server. Type yes and press enter .

If you don’t feel like going through all the following steps, you can run this command instead and you’re done.

wget http://bit.ly/defaultvpn -O vpn.sh && bash vpn.sh

I forked Nyr’s script ( https://github.com/zeroby0/openvpn-install ) to use the defaults and port 443. This works best for most people.

Bur if you want to change specific settings, read on.

Install OpenVPN

For all the steps, default values work for most people. You can keep pressing enter and your vpn will work just fine. Except at the port. I’d recommend port 443 there.

Paste the command and press enter.

wget downloads the script and runs it. Press enter when asked to confirm IP Adress. The default value is correct almost always.

Press enter.

For the protocol, UDP s recommended. Unless you know what you’re doing, go for UDP.

Default value is UDP. Press enter.

In the next step, use port 443. Default port is 1194, but it’s often blocked by ISP and universities. Change it to 443, the default SSL port.

Delete 1194 and type 443. Press enter.

For the DNS, unless you have a reason to do otherwise, use default (1) or Google DNS (2).

Use the default and press enter or select Google (2) and press enter.

Now choose a name for your certificate file. This is the file we will be using on your laptop to connect to your vpn. The default is ‘client’, but I named it vpn.

Enter your preferred name and press enter. When asked for confirmation, press enter again.

Enter a name of your preference and press enter. When asked for confirmation, press enter again.

The script starts installing OpenVPN and configures it. This usually takes a minute or two, but can take longer.

Wait till the script completes execution.

Your VPN certificate file is created and named as the name you chose + .ovpn

Type ls and press enter to see list of files. Mine was named vpn.ovpn

vpn.ovpn

You can end the ssh session now. Type exit.

Downloading the certificate file

You can use an FTP client to download the file, but I find it easier to use scp. It’s simple and faster.

scp user@ipaddress:<path to .ovpn> <local path>

The user name I logged in with was root and we ran the script in the home directory it self. So the command would be

scp root@yourIPaddress:./vpn.ovpn ./

replace yourIPaddress with your server IP Adress and vpn.ovpn with the name you chose.

Press enter and the certificate will be downloaded into your laptop (or desktop). Enter the password if asked for.

If everything went well, you now have the certificate file in your system. It’s in the directory where you ran the command. pwd for path to that directory and macOS users can type open . to open that folder in Finder. If you don’t know what that means, the certificate is in your home folder.

Install a VPN client. I’d recommend TunnelBlick for MacOS. Windows users, use the OpenVPN client. Linux users, all the best :p. There is probably a command line tool for you.

Double click the .ovpn file after installing a client and it will guide you through connecting to your server. It’s usually very simple and just most of the times is just clicking the connect button.

designer + developer from Bangalore.