Hello Dev, thank you for taking the time to read this article on self hosting an OpenVPN server. In this guide we’ll be going through the process of setting up a secure and reliable VPN server on your own server or desktop computer. By the end of this article, you’ll have a functional VPN server that you can use to protect your online activities from prying eyes.
Why Self Host an OpenVPN Server?
When it comes to VPNs, there are plenty of subscription services available. However, these services require you to trust the provider with your data and privacy. Additionally, many of these services have restrictions on bandwidth and the number of devices that can be connected at once. By self hosting your own VPN, you have full control over your data and can tailor the server to your specific needs.
Hosting your own VPN server also provides greater security. You can ensure that your server is updated regularly and has the latest security patches installed, reducing the risk of a vulnerability being exploited by attackers.
Requirements for Self Hosting an OpenVPN Server
Before we get into the setup process, it’s important to ensure that you have the necessary hardware and software requirements. Here’s what you’ll need:
Requirement |
Description |
---|---|
Server or Desktop Computer |
You’ll need a computer to host your VPN server. This can be a physical server or a desktop computer. |
Operating System |
You can set up an OpenVPN server on any operating system, but in this guide we’ll be using Ubuntu 20.04. |
Internet Connection |
You’ll need a stable internet connection with enough bandwidth to support your VPN users. |
Static IP Address |
A static IP address is strongly recommended for your server, as it will make it easier to connect to the VPN. |
OpenVPN Software |
You’ll need to install the OpenVPN software on your server or computer. |
Certificate Authority (CA) |
You’ll need to create a certificate authority to sign client certificates and secure your VPN traffic. |
Setting Up the OpenVPN Server
Now that you have everything you need to get started, let’s go through the process of setting up your OpenVPN server.
Step 1: Installing OpenVPN on Ubuntu 20.04
The first step is to install OpenVPN on your Ubuntu 20.04 server. You can do this by running the following command:
sudo apt update
sudo apt install openvpn
Once the installation is complete, you should have OpenVPN installed on your server.
Step 2: Creating a Certificate Authority
The next step is to create a certificate authority (CA) to secure your VPN traffic. You can do this by following these steps:
- Create a directory to store your CA files:
sudo mkdir /etc/openvpn/easy-rsa/
- Copy the easy-rsa script to this directory:
sudo cp -r /usr/share/easy-rsa/* /etc/openvpn/easy-rsa/
- Change to the easy-rsa directory:
cd /etc/openvpn/easy-rsa/
- Edit the vars file:
sudo nano vars
- Uncomment the line that says “export KEY_NAME” and set the value to “server”.
export KEY_NAME="server"
- Save and close the file.
- Initialize the PKI:
sudo ./easyrsa init-pki
- Build the CA:
sudo ./easyrsa build-ca nopass
Once you’ve completed these steps, you should have a CA that you can use to sign client certificates.
Step 3: Generating Server and Diffie-Hellman Certificates
The next step is to generate server and Diffie-Hellman certificates. You can do this by following these steps:
- Generate a server certificate:
sudo ./easyrsa build-server-full server nopass
- Generate a Diffie-Hellman key:
sudo ./easyrsa gen-dh
Once you’ve completed these steps, you should have the necessary certificates for your OpenVPN server.
Configuring the OpenVPN Server
Now that you have your certificates, it’s time to configure your OpenVPN server.
Step 1: Creating the Server Configuration File
The first step is to create a server configuration file. You can do this by creating a new file called “server.conf” in the /etc/openvpn/ directory:
sudo nano /etc/openvpn/server.conf
Copy and paste the following configuration into the file:
dev tunproto udpport 1194ca /etc/openvpn/easy-rsa/pki/ca.crtcert /etc/openvpn/easy-rsa/pki/issued/server.crtkey /etc/openvpn/easy-rsa/pki/private/server.keydh /etc/openvpn/easy-rsa/pki/dh.pemserver 10.8.0.0 255.255.255.0push "redirect-gateway def1 bypass-dhcp"push "dhcp-option DNS 8.8.8.8"push "dhcp-option DNS 8.8.4.4"user nobodygroup nogrouppersist-keypersist-tunstatus /var/log/openvpn-status.logverb 3
This configuration sets up a UDP server on port 1194, uses the certificates and keys generated earlier, and configures the VPN to use the Google DNS servers.
Step 2: Enabling IP Forwarding
The next step is to enable IP forwarding on your server. You can do this by editing the /etc/sysctl.conf file:
sudo nano /etc/sysctl.conf
Add the following line to the file:
net.ipv4.ip_forward=1
Save and close the file.
Step 3: Configuring Firewall Rules
The final step is to configure firewall rules to allow VPN traffic through. You can do this by adding the following rules to your firewall:
sudo ufw allow OpenSSHsudo ufw allow 1194/udpsudo ufw disablesudo ufw enablesudo systemctl enable ufwsudo systemctl start ufw
These commands allow SSH and VPN traffic through your firewall, enable the firewall, and start the firewall service.
Creating Client Certificates
Now that your server is configured, it’s time to create client certificates so that you can connect to your VPN. You can do this by following these steps:
- Copy the client example configuration to a new file:
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/pki/client.ovpn
- Edit the client configuration file:
sudo nano /etc/openvpn/easy-rsa/pki/client.ovpn
- Change the remote IP address to your server’s IP address:
remote <server_ip_address> 1194 udp
- Save and close the file.
- Generate a client certificate:
sudo ./easyrsa build-client-full <client_name> nopass
- Retrieve the client configuration file:
sudo cat /etc/openvpn/easy-rsa/pki/client.ovpn
- Copy the contents of this file to your local machine.
This will generate a client certificate that you can use to connect to your VPN.
Connecting to Your VPN
Now that you have your client certificate, it’s time to connect to your VPN. You can do this by following these steps:
- Download and install the OpenVPN client on your local machine.
- Import the client configuration file that you generated earlier.
- Connect to your VPN using the OpenVPN client.
Once you’re connected, all of your internet traffic will be encrypted and routed through your VPN server.
Frequently Asked Questions
What are the benefits of self hosting an OpenVPN server?
Self hosting an OpenVPN server gives you full control over your data and privacy. You can tailor the server to your specific needs and ensure that it is updated regularly with the latest security patches. Additionally, you can avoid the bandwidth and device restrictions that many subscription VPN services have.
What are the hardware and software requirements for self hosting an OpenVPN server?
You’ll need a server or desktop computer with an operating system installed (Ubuntu 20.04 is recommended), a stable internet connection, a static IP address, the OpenVPN software, and a certificate authority.
How do I create a certificate authority?
You can create a certificate authority by following the steps outlined in this article. Essentially, you’ll need to create a directory to store your CA files, copy the easy-rsa script to this directory, initialize the PKI, and build the CA.
How do I generate server and Diffie-Hellman certificates?
You can generate server and Diffie-Hellman certificates by following the steps outlined in this article. Essentially, you’ll need to generate a server certificate and a Diffie-Hellman key using the easy-rsa script.
How do I configure my OpenVPN server?
You can configure your OpenVPN server by creating a server configuration file, enabling IP forwarding, and configuring firewall rules. The steps for doing this are outlined in this article.
How do I create client certificates?
You can create client certificates by following the steps outlined in this article. Essentially, you’ll need to copy the client example configuration to a new file, edit the client configuration file, generate a client certificate, and retrieve the client configuration file.
How do I connect to my VPN?
You can connect to your VPN by downloading and installing the OpenVPN client, importing the client configuration file, and connecting using the OpenVPN client. The steps for doing this are outlined in this article.
Conclusion
Setting up a self hosted OpenVPN server may seem daunting at first, but with the right hardware and software requirements and a little bit of know-how, it can be a secure and reliable way to protect your online activities. By following the steps outlined in this article, you’ll be able to set up an OpenVPN server that you can use to keep your internet traffic safe and secure.