Setting Up A Private OpenVPN Server

Bob Kfir
Mar 6 · 7 min read

First, Get A Server

Configuring OpenVPN

ssh root@your_vps_ip_here
wget https://raw.githubusercontent.com/NerdOfLinux/Scripts/master/OpenVPN.sh && bash OpenVPN.sh
Welcome to this OpenVPN "road warrior" installer!I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.First, provide the IPv4 address of the network interface you want OpenVPN
listening to.
IP address: x.x.x.x
Which protocol do you want for OpenVPN connections?
   1) UDP (recommended)
   2) TCP
Protocol [1-2]: 1
What port do you want OpenVPN listening to?
Port: 1194
Which DNS do you want to use with the VPN?
   1) Current system resolvers
   2) 1.1.1.1
   3) Google
   4) OpenDNS
   5) Verisign
DNS [1-5]: 1
Finally, tell me your name for the client certificate.
Please, use one word only, no special characters.
Client name: client
What rsa key size would you want (2048 in the minimum recommended)?
Size: 2048
Which cipher would you like?
   1) AES
   2) CAMELLIA(may cause problems)
   3) Custom(not recommended)
Cipher: 1
Which AES size would you like?
   1) 128
   2) 192
   3) 256
Encryption: 1
How often would you like to renegotiate the keys?(if you're unsure, just press enter)
reneg-secs: 3600
What SHA size do you want(256,384,512)?
SHA: 256
Okay, that was all I needed. We are ready to set up your OpenVPN server now.
Press any key to continue...
Generating a 2048 bit RSA private key
.............+++
........+++
writing new private key to '/etc/openvpn/easy-rsa/pki/private/client.key.l0ebkVcgku'
-----
Using configuration from ./openssl-easyrsa.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'client'
Certificate is to be certified until Mar  3 00:56:46 2029 GMT (3650 days)Write out database with 1 new entries
Data Base UpdatedNote: using Easy-RSA configuration from: ./vars
Using configuration from ./openssl-easyrsa.cnfAn updated CRL has been created.
CRL file: /etc/openvpn/easy-rsa/pki/crl.pem390Finished!Your client configuration is available at: /root/client.ovpn
If you want to add more clients, you simply need to run this script again!

Setting Up The Client

for x in $(ls | grep ovpn | sed 's/ /%20/g'); do echo "http://$(dig @resolver1.opendns.com ANY myip.opendns.com +short)/$(echo $x | sed 's/%20/ /g')"; done
busybox httpd -f

Adding Clients

bash OpenVPN.sh
Looks like OpenVPN is already installed.What do you want to do?
   1) Add a new user
   2) Revoke an existing user
   3) Remove OpenVPN
   4) Exit
Select an option [1-4]:
Tell me a name for the client certificate.
Please, use one word only, no special characters.
Client name: 

Maintenance

apt update
apt -y upgrade

Of The Nerds

Thoughtful technology content, because why not?

Bob Kfir

Written by

Bob Kfir

I’m a writer and a programmer. Most of what I write is about technology (often privacy and cybersecurity) and/or writing. You can learn more at www.bobkfir.com

Of The Nerds

Thoughtful technology content, because why not?