Easiest way to set-up OpenVPN

openvpn Dec 12, 2018

OpenVPN is a free and open-source software application that implements virtual private network techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange.

Setting up OpenVPN server from scratch is a soul-destroying task.
Below is a small and quick tutorial to install OpenVPN server.

Prerequisites
1. Server (obviously)
2.  *nix based operating system ( Debian, Ubuntu, CentOS )
3. Internet Access ( 😜 )

Installation Steps
Download the installation script from here or just copy-paste the below line
wget https://git.io/vpn -O openvpn-install.sh
Run the script with root privilege
bash openvpn-install.sh

The script will let you setup your own VPN server in no more than a minute, even if you haven't used OpenVPN before. It has been designed to be as unobtrusive and universal as possible.

Follow the on screen steps to complete the installation.
Copy the generated .ovpn file to the client device and install it to connect the client device to the VPN server.
Following are the client applications I prefer to use on my endpoints to connect to my OpenVPN server.
1. Windows Desktop: OpenVPN GUI
2. macOS: Tunnelblick
3. Android: OpenVPN Connect
4. iOS: OpenVPN Connect
5. Linux: Open the Terminal and enter the below command
apt-get install openvpn -y && openvpn –config client.ovpn

To add more users, remove some of them or even completely uninstall OpenVPN, just re-run the script.

This installation will automatically add all the firewall rules to forward the traffic but if you are using UFW as a frontend of iptables follow the below extra steps to configure UFW.
Modify the rules of ufw
nano /etc/ufw/before.rules
Add the following content at the start of the file

# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0] 
# Allow traffic from OpenVPN client to eth0 (change to your interface )
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES

Save ,exit and reload ufw.
service ufw restart

Also, modify default forward policy
nano /etc/default/ufw
set DEFAULT_FORWARD_POLICY="ACCEPT"

Thats All !
Enjoy your own VPN server.

Here is a referal link to get $100 DigitalOcean credit to get started with your own low-cost, low-maintenance VPN server.

Eshan

Cyber Security Professional • Offensive Infrastructure • Anime Addict • Love to Travel • Co-creater of rescure.fruxlabs.com •