There is an Open Source script on Github that allows you to quickly and easily raise an OpenVPN server on your VPS.
The script is called openvpn-install, and here is the link to Github: nyr/openvpn-install
And this script has a bunch of forks that you can explore.
You can view the source code here.
Let's get started.
If you have already tried to raise OpenVPN manually, but you did not succeed, then you must first completely demolish it.
Deleting openvpn:
deleting the folder:
turning off ufw:
Further.
We work under the root or superuser user.
First, let's update the system:
and install the necessary packages:
Download the script to the root home folder:
Go there:
Running the script:
And you will be taken to the so-called Installer. Where you will need to answer questions or enter something. To proceed to the next stage of installation, press Enter.
First of all, it will prompt you to enter an external IP address, but most likely the script will determine it itself:
IP address: 111.222.111.222
Next step, select the protocol. I press 1 and select UDP.
Next, select the port. I'll put, for example, 14000.
After that, it will prompt you to select DNS servers. The choice will be from Google, OpenDNS or current ones that are on VPS and some others. I choose OpenDNS, click 3.
After that, it will prompt you to enter the client's name. I'll enter "pp-runion".
Then you will start downloading and installing packages, generating keys, certificates, and configuration files.
when it's finished, it will put the config. to the home folder of the user that the script was run on behalf of.
That is, now the config is located at:
Actually, this is where the OpenVPN configuration ends with the script.
You can now take a new config and use it.
Simple, right?
I wonder what he generated for you there, let's look at the pp-runion.ovpn config:
Everything seems to be fine, but it's better to specify auth SHA512 explicitly.
So we'll add
Like this:
Please note that the script has already pushed a feature to prevent DNS leaks under the Windows client:
If you have Linux or macOS , please comment out this line.
Now let's look at the server config server. conf:
Here we also add auth SHA512 (otherwise it will not work if it is specified on the client, but not on the server), make verb 0.
You also need to do the following.
You need to comment out the line
And add log:
Somewhere above I wrote why it is needed.
It turned out like this:
We take the client config file and put it on your device. I wrote about this above.
When running the script again from under root:
The script prompts you to create a new client, delete an existing one (it can no longer connect), or delete OpenVPN.
OpenVPN clients for different operating systems.
Since OpenVPN is not built-in by default in any popular OS, you need to install third-party software-the OpenVPN client.
Windows.
Under Windows, there is an official client called OpenVPN GUI.
You can download it on the OpenVPN off-site
Download and install it. A shortcut appears on the map. on the desktop, after launching - the tray icon.
Next, place yours .ovpn file in the config folder, in the installed OpenVPN folder.
In general, if you install the OpenVPN GUI by default in the Program Files folder, then the address is:
C:\Program Files\OpenVPN\config
In this folder, we throw the .ovpn configs.
Then you can start a VPN from the system tray. It's simple enough.
Linux.
On Linux, in the repositories of your distribution, the package will most likely be called "openvpn" (it can also be openvpn-client), and is installed as follows:
If you have Debian - like distributions (Debian, Ubuntu, Mint).
If you have a different distribution line, you can figure out how to install it yourself.
It works like this. You have it .ovpn file, then you enter the command in the terminal:
whereovpn>, actually, the path to the .ovpn file.
Or you can feed the network-manager file.
MacOS.
Under macOS, the only OpenVPN client I know of is Tunnelblick.
You can download it here.
It is easy to install and requires superuser rights.
By default, it will open files with the .ovpn extension.
There will be an icon in the tray, where we will connect.
You can configure it to connect to OpenVPN immediately when the system boots up.
When the connection is disconnected from the VPN, the Internet disappears. In this case, you need to manually disconnect from the VPN.
Android.
The official OpenVPN Connect client for Android is available for download on Google Play
iOS.
For iOS, we download the client from the AppStore.
Clients provided by the VPN provider.
Some providers provide their own OpenVPN client for different operating systems and platforms. Whether to use them or not is up to you. But this is potentially not very secure.
The script is called openvpn-install, and here is the link to Github: nyr/openvpn-install
And this script has a bunch of forks that you can explore.
You can view the source code here.
Let's get started.
If you have already tried to raise OpenVPN manually, but you did not succeed, then you must first completely demolish it.
Deleting openvpn:
Code:
apt-get remove --purge openvpndeleting the folder:
Code:
rm -rf /etc/openvpn/turning off ufw:
Code:
ufw disableFurther.
We work under the root or superuser user.
First, let's update the system:
Code:
apt-get update && apt-get dist-upgrade -yand install the necessary packages:
Code:
apt-get install -y sudo nano curl perl python wget git iptables openvpn openssl ca-certificatesDownload the script to the root home folder:
Code:
git clone https://github.com/Nyr/openvpn-install.git ~/nyr-openvpnGo there:
Code:
cd ~/nyr-openvpn/Running the script:
Code:
bash openvpn-install.shAnd you will be taken to the so-called Installer. Where you will need to answer questions or enter something. To proceed to the next stage of installation, press Enter.
First of all, it will prompt you to enter an external IP address, but most likely the script will determine it itself:
IP address: 111.222.111.222
Next step, select the protocol. I press 1 and select UDP.
Next, select the port. I'll put, for example, 14000.
After that, it will prompt you to select DNS servers. The choice will be from Google, OpenDNS or current ones that are on VPS and some others. I choose OpenDNS, click 3.
After that, it will prompt you to enter the client's name. I'll enter "pp-runion".
Then you will start downloading and installing packages, generating keys, certificates, and configuration files.
when it's finished, it will put the config. to the home folder of the user that the script was run on behalf of.
That is, now the config is located at:
Code:
/root/Actually, this is where the OpenVPN configuration ends with the script.
You can now take a new config and use it.
Simple, right?
I wonder what he generated for you there, let's look at the pp-runion.ovpn config:
Code:
nano ~/pp-runion.ovpn
>>>: (without keys and certificates)
client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote 111.222.111.222 14000
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
<ca>Everything seems to be fine, but it's better to specify auth SHA512 explicitly.
So we'll add
Code:
auth SHA512Like this:
Code:
client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote 111.222.111.222 14000
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA512
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3Please note that the script has already pushed a feature to prevent DNS leaks under the Windows client:
Code:
setenv opt block-outside-dnsIf you have Linux or macOS , please comment out this line.
Now let's look at the server config server. conf:
Code:
nano /etc/openvpn/server.conf
>>:
port 14000
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pemHere we also add auth SHA512 (otherwise it will not work if it is specified on the client, but not on the server), make verb 0.
You also need to do the following.
You need to comment out the line
Code:
status openvpn-status.logAnd add log:
Code:
log /dev/null 2>&1Somewhere above I wrote why it is needed.
It turned out like this:
Code:
port 14000
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
cipher AES-256-CBC
auth SHA512
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
#status openvpn-status.log
log /dev/null 2>&1
verb 0
crl-verify crl.pemWe take the client config file and put it on your device. I wrote about this above.
When running the script again from under root:
Code:
bash /root/nyr-openvpn/openvpn-install.shThe script prompts you to create a new client, delete an existing one (it can no longer connect), or delete OpenVPN.
OpenVPN clients for different operating systems.
Since OpenVPN is not built-in by default in any popular OS, you need to install third-party software-the OpenVPN client.
Windows.
Under Windows, there is an official client called OpenVPN GUI.
You can download it on the OpenVPN off-site
Download and install it. A shortcut appears on the map. on the desktop, after launching - the tray icon.
Next, place yours .ovpn file in the config folder, in the installed OpenVPN folder.
In general, if you install the OpenVPN GUI by default in the Program Files folder, then the address is:
C:\Program Files\OpenVPN\config
In this folder, we throw the .ovpn configs.
Then you can start a VPN from the system tray. It's simple enough.
Linux.
On Linux, in the repositories of your distribution, the package will most likely be called "openvpn" (it can also be openvpn-client), and is installed as follows:
Code:
sudo apt-get install openvpnIf you have Debian - like distributions (Debian, Ubuntu, Mint).
If you have a different distribution line, you can figure out how to install it yourself.
It works like this. You have it .ovpn file, then you enter the command in the terminal:
Code:
sudo openvpn --configovpn>whereovpn>, actually, the path to the .ovpn file.
Or you can feed the network-manager file.
MacOS.
Under macOS, the only OpenVPN client I know of is Tunnelblick.
You can download it here.
It is easy to install and requires superuser rights.
By default, it will open files with the .ovpn extension.
There will be an icon in the tray, where we will connect.
You can configure it to connect to OpenVPN immediately when the system boots up.
When the connection is disconnected from the VPN, the Internet disappears. In this case, you need to manually disconnect from the VPN.
Android.
The official OpenVPN Connect client for Android is available for download on Google Play
iOS.
For iOS, we download the client from the AppStore.
Clients provided by the VPN provider.
Some providers provide their own OpenVPN client for different operating systems and platforms. Whether to use them or not is up to you. But this is potentially not very secure.
