Set up a Linux VPN Server Using OpenVPN: Connecting to Devices and Managing VPN
A Virtual Private Network (VPN) secures users by creating a point-to-point connection that masks their internet traffic. Although paid VPN services are widely available, you may want to set up your own Linux VPN server with OpenVPN, a popular open-source option.
This tutorial will show you how to set up, manage, and test a Linux VPN server using OpenVPN. We will also explain how to connect devices running various operating systems to the Linux VPN server.
Why Should You Use a Linux VPN Server
Using a VPN for Linux desktops and virtual private servers is one of the best ways to remain secure over the internet. Here are the key benefits of a Linux VPN server:
- Security – A VPN’s data encryption provides stronger server protection than firewalls. For example, the VPN will securely encrypt sensitive data like transactions.
- Remote access – Many organizations only allow remote access through VPN to maintain security.
- Anonymity – a VPN masks a user’s real IP address and perceived location from the internet service provider (ISP) and other parties. This ensures anonymity when browsing the internet.
- Unblock content – some VPNs let you bypass region-locked content. For instance, you may be able to access another Netflix locale’s library.
- Bypass ISP throttling – certain ISPs throttle internet speed and bandwidth. A VPN may be able to stop ISP throttling.
How to Install OpenVPN on a Linux VPN Server
Next, we will demonstrate how to set up OpenVPN software on Linux VPS and how to connect it to Windows, Android, and other OSs. To learn more about the OpenVPN protocol, check out their documentation.
Prerequisites:
- An account with root access or sudo privileges.
- Configure the firewall to allow TCP traffic over port 943 and UDP traffic over port 1194.
After meeting the above prerequisites, proceed with the VPN server installation.
Pro Tip
Consider Hostinger’s KVM VPS plans for setting up a different VPN server. They are compatible with various VPN solutions in the market, providing flexibility and options for your needs.
1. Set Up a Linux VPN Server With OpenVPN Access Server
Ubuntu and Debian
- Open the command line interface.
- Update the indexes using the following Linux command:
sudo apt update
- A net-tools package is needed to install OpenVPN successfully. If you don’t have it installed yet, enter the following command:
sudo apt -y install ca-certificates wget net-tools gnupg
- Download the client from the OpenVPN website. Copy the package link and download it using the wget command. A sample wget command for Ubuntu would look like this:
wget -qO - https://as-repository.openvpn.net/as-repo-public.gpg | apt-key add -
- Proceed with the command below:
echo "deb http://as-repository.openvpn.net/as/debian focal main">/etc/apt/sources.list.d/openvpn-as-repo.list
- Lastly, install the OpenVPN Access Server with the following command:
sudo apt update && apt -y install openvpn-as
CentOS
OpenVPN installation for CentOS is much simpler because it only consists of two commands:
yum -y install https://as-repository.openvpn.net/as-repo-centos7.rpm yum -y install openvpn-as
Once the installation is complete, you will see the Admin UI and the Client UI details. Remember the password since you will use it to log in.
Follow these steps to complete the setup process:
- Open the admin URL to log in and finish the installation process. Normally, the admin URL is the VPS IP address with 943 port and /admin subdomain at the end. It will look similar to https://185.185.185.185:943/admin.
- On the login page, enter openvpn as the username. Then, enter the password that was shown before. Click Sign in.
Pro Tip
If you see the Your connection is not private error, an SSL certificate may not be installed on the VPS server. Click Continue to the site to proceed to the web interface.
- Once logged in, you will see a Terms and Conditions page. Read it and press the Agree button to proceed. The next page will provide the OpenVPN configuration details and the server status.
- The next important step before starting the VPN server is to enable TUN/TAP Adapter on your VPS. With Hostinger, users can easily do so via hPanel.
- Wait for the process to finish and log in to the OpenVPN admin panel again. VPN service will be ON.
- The default OpenVPN settings are decent and allow macOS, Linux, Windows, Android, and iOS to connect to the Linux VPN server. However, if you want to modify any settings, click Apply and Update Running Server to enable the changes.
Important! Keep in mind that the free version of OpenVPN allows up to two concurrent connections only.
Next, we will set up an OpenVPN tunnel.
2. Set Up OpenVPN Server Tunneling
A VPN tunnel is an encrypted connection between your device and the VPN. Follow these steps to enable it:
- To enable IP forwarding in your kernel, use the command below. It will enable traffic forwarding over IPv4.
echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.d/99-sysctl.conf
- To apply the changes, enter:
sudo sysctl -p
- OpenVPN does not support simultaneous tunnels over IPv6 and IPv4. Disable IPv6 using:
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1
To disable IPv6 manually, set the below parameters on boot:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
To do it, open the 99-sysctl.conf file located in /etc/sysctl.d/. Use the cd command to access the folder and a preferred text editor to edit the file. Save the changes.
- Activate the new settings using this command:
sysctl -p
- Open the /etc/hosts file and comment on the IPv6 resolution line as shown below. This will disable IPv6.
#::1 localhost ip6-localhost ip6-loopback
- Log in to the Admin server URL and open VPN Settings.
- In the Routing section, set the Should VPN clients have access to private subnets (non-public networks on the server side)? option to No. Then, set the Should client Internet traffic be routed through the VPN? option to Yes.
- To avoid any DNS leak, alter the DNS resolver settings. Enable the Have clients use the same DNS servers option.
- Save the new settings and click Update Running Server.
- Restart the OpenVPN server from the Status tab. Click Stop and then Start.
How to Connect Linux VPN Server to Other Devices
Now that the server is running, users can connect devices to it. We’ll cover the most popular operating system options: Windows, macOS, Linux, Android, and iOS.
How to Install and Connect the OpenVPN Client for Windows
- Open the OpenVPN client URL: https://185.185.185.185:943/.
- Choose the Windows version of the client and run the installation.
- Once the installation is complete, a prompt will appear. Enter your OpenVPN username and password.
- Run OpenVPN from the Windows taskbar to disconnect, reconnect and view the connection status.
How to Install and Connect the OpenVPN Client for macOS
- Connect to the OpenVPN client UI and download the OpenVPN software for macOS.
- Complete the macOS installation procedure.
- A new OpenVPN icon on the macOS taskbar will appear. Right-click on this icon to see the different options.
- Click the Connect to option. A pop-up will prompt for your OpenVPN username and password. Enter the credentials.
- Click Connect to establish the Linux VPN server connection.
How to Install and Connect the OpenVPN Client for Linux
The client installation for Linux is slightly different from Windows and macOS. Follow these steps:
- Download and install the OpenVPN client software for CentOS using this command:
sudo yum install openvpn
For Debian or Ubuntu, use this command instead:
sudo apt-get install openvpn
- Open the OpenVPN client UI and download the appropriate profile for your OS. Alternatively, use the wget or curl command and enter the software download link.
- Copy the downloaded profile to /etc/openvpn and rename it to client.conf.
- Start the OpenVPN Tunnel service by entering the following command:
sudo service openvpn start
- A prompt asking for your OpenVPN username and password will appear. Enter the correct credentials.
- Use ipconfig or ip addr to view the network connections. Once the VPN interface is available, you will see tun0 added to the existing network adapters list.
How to Install and Connect the OpenVPN Client for Android
- Open Google Play and install the OpenVPN Connect application.
- Import a profile by entering the VPN server client URL. Then, enter the following details manually:
- Port – 934 of your Linux VPN server.
- Username – the username set on your server. It is openvpn by default.
- Password – the password that the terminal displayed after successfully installing OpenVPN Access Server.
Alternatively, import the OVPN file from the client UI.
How to Install and Connect the OpenVPN Client for iOS
After installing OpenVPN Connect from the App Store, open the app. Then, fill in all the required profile information or upload the profile file. For more details, refer to the Android section, as the steps for installing OpenVPN Connect on iOS are nearly identical.
Once the app is set up, you can start using OpenVPN on iPhone or iPad devices.
How to Manage Linux VPN Server
Now that the VPN Access Server is running, it’s worth checking its configuration settings.
How to Manage Linux VPN Server Compression Settings
If you are connected to the VPN but cannot browse the Internet, check the OpenVPN logs at /var/log/openvpnas.log on the Access Server VPS.
If you find entries similar to the ones below, you are likely experiencing compression issues:
2022-03-23 18:24:05+0800 [-] OVPN 11 OUT: 'Mon Mar 23 08:59:05 2016 guest/123.45.67.89:55385 Bad compression stub decompression header byte: 251'
Resolve this error by disabling compression:
- Open the Admin console and click Advanced VPN.
- Go to Default Compression Settings and turn off Support compression on client VPN connections.
- Apply the changes and click on the Update Running Server option.
How to Add Users to a Linux VPN Server Running OpenVPN
The free OpenVPN client supports two concurrent users. Even though you can create multiple users, only two can be connected simultaneously. You must purchase an OpenVPN paid plan to add more concurrent users.
Use the Admin UI to add and manage users:
- Navigate to User Management → User Permissions.
- Enter the new username as shown below:
- For a new user, configure additional settings by clicking More Settings. You will be able to modify a user’s password, permissions, and other settings.
- Save the new settings and click Update Running Server.
How to Set Up Auto-Login Profiles for a Linux VPN Server With OpenVPN
With OpenVPN, you can configure auto-login profiles. Auto-login profiles will automatically route all non-local traffic via the VPN.
To set up auto-login, open the Admin UI and select User Permissions. Then, check the Allow Auto-login option.
Alternatively, use User or Server-locked profiles to manually enable or disable the VPN.
How to Test a Linux VPN Server Running OpenVPN
Connect to the VPN client and check your IP to see if the OpenVPN server works as expected.
DNS leak test lets you check your OpenVPN server’s IPv4 address. On the website, choose the Extended test. The test will output the client devices’ DNS resolver IPs.
Next, make sure the traffic doesn’t use IPv6 using Test your IPv6. The tool should display the server IP and a message stating that no IPv6 address was detected.
Conclusion
Setting up a VPN server can be beneficial, especially if you want to encrypt internet traffic and browse safely.
In this tutorial, we’ve gone through the process of installing OpenVPN on a Linux virtual private server. We’ve also shown the OpenVPN server configuration procedure and client installations on various operating systems, including Windows, Linux, Android, iOS, and macOS.
We hope that you found this tutorial helpful. In case you have any questions, let us know in the comments section below.
Discover More About How to Protect Your Linux
How to Setup Iptables on Linux
How to Configure Fail2Ban on CentOS
How to Install ClamAV on CentOS