Reading our previous article on OpenVPN may be practical to many of the readers. You need to configure a non-root user with sudo privileges and ideally another server to certificate authority (CA). How to Create Own Certificate Authority (CA) With EasyRSA is a separate guide which is mandatory to read before proceeding with this guide. Also, try to follow our guide on Initial Cloud Server Setup For The New Users for both server instances.
Steps to Install OpenVPN on Cloud Server
End of the guide on how to create own CA, we ended with few commands :
./easyrsa build-ca nopass
./easyrsa gen-req server-full nopass
./easyrsa sign-req server-full server
./easyrsa gen-req client1 nopass
./easyrsa sign-req client client1
Although the steps initially may make confused, it is not difficult to understand for the 2nd effort onwards. The actual steps to install OpenVPN is :
sudo apt update
sudo get upgrade
sudo apt install OpenVPN
There is a script to automated OpenVPN installation, which is good enough than the manual setup, yet we will continue talking about manual setup :
curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
chmod +x debian10-vpn.sh
mkdir -p ~/client-configs/keys
chmod -R 700 ~/client-configs
Keys generated against client1 in the above steps should be there. You need to configure the OpenVPN installation :
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
sudo gzip -d /etc/openvpn/server.conf.gz
sudo nano /etc/openvpn/server.conf
Here are some of the settings you should have. Choose DNS as 126.96.36.199 or Google DNS for trouble free, fast DNS server (IP addresses 188.8.131.52 and 184.108.40.206 as DNS servers). 220.127.116.11 is a public DNS resolver that makes DNS queries faster :
tls-auth ta.key 0 # This file is secret
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 18.104.22.168"
push "dhcp-option DNS 22.214.171.124"
You can use commands like the below for server management :
sudo systemctl stop openvpn@server
sudo systemctl start openvpn@server
sudo systemctl restart openvpn@server
sudo systemctl status openvpn@server
On the server your will find a client configuration file called
~/linuxDesktop.ovpn. You have to copy this file to your desktop. Install the OpenVPN client application and use that file.