Set up a Linux VPN Server Using OpenVPN: Connecting to Devices and Managing VPN

A Virtual Private Network (VPN) secures users by creating a point-to-point connection that masks their internet traffic. Although paid VPN services are widely available, you may want to set up your own Linux VPN server with OpenVPN, a popular open-source option.

This tutorial will show you how to set up, manage, and test a Linux VPN server using OpenVPN. We will also explain how to connect devices running various operating systems to the Linux VPN server.

Why Should You Use a Linux VPN Server?

Using a VPN for Linux desktops and virtual private servers is one of the best ways to remain secure over the internet. Here are the key benefits of a Linux VPN server:

  • Security – A VPN’s data encryption provides stronger server protection than firewalls. For example, the VPN will securely encrypt sensitive data like transactions.
  • Remote access – Many organizations only allow remote access through VPN to maintain security.
  • Anonymity – a VPN masks a user’s real IP address and perceived location from the internet service provider (ISP) and other parties. This ensures anonymity when browsing the internet.
  • Unblock content – some VPNs let you bypass region-locked content. For instance, you may be able to access another Netflix locale’s library.
  • Bypass ISP throttling – certain ISPs throttle internet speed and bandwidth. A VPN may be able to stop ISP throttling.

How to Install OpenVPN on a Linux VPN Server

Next, we will demonstrate how to set up OpenVPN software on Linux VPS and how to connect it to Windows, Android, and other OSs. To learn more about the OpenVPN protocol, check out their documentation.

Prerequisites:

  • An account with root access or sudo privileges.
  • Configure the firewall to allow TCP traffic over port 943 and UDP traffic over port 1194.

After meeting the above prerequisites, proceed with the VPN server installation.

1. Set Up a Linux VPN Server With OpenVPN Access Server

Ubuntu and Debian

  1. Open the command line interface.
  2. Update the indexes using the following Linux command:
sudo apt update
  1. A net-tools package is needed to install OpenVPN successfully. If you don’t have it installed yet, enter the following command:
sudo apt -y install ca-certificates wget net-tools gnupg
  1. Download the client from the OpenVPN website. Copy the package link and download it using the wget command. A sample wget command for Ubuntu would look like this:
wget -qO - https://as-repository.openvpn.net/as-repo-public.gpg | apt-key add -
  1. Proceed with the command below:
echo "deb http://as-repository.openvpn.net/as/debian focal main">/etc/apt/sources.list.d/openvpn-as-repo.list
  1. Lastly, install the OpenVPN Access Server with the following command:
sudo apt update && apt -y install openvpn-as

CentOS

OpenVPN installation for CentOS is much simpler because it only consists of two commands:

yum -y install https://as-repository.openvpn.net/as-repo-centos7.rpm
yum -y install openvpn-as

Once the installation is complete, you will see the Admin UI and the Client UI details. Remember the password since you will use it to log in.

The terminal window displays a successful OpenVPN Access server installation. Login URLs for admin and client, along with password and username, is shown

Follow these steps to complete the setup process:

  1. Open the admin URL to log in and finish the installation process. Normally, the admin URL is the VPS IP address with 943 port and /admin subdomain at the end. It will look similar to https://185.185.185.185:943/admin.
  2. On the login page, enter openvpn as the username. Then, enter the password that was shown before. Click Sign in.
The main OpenVPN login page

Pro Tip

If you see the Your connection is not private error, an SSL certificate may not be installed on the VPS server. Click Continue to the site to proceed to the web interface.

  1. Once logged in, you will see a Terms and Conditions page. Read it and press the Agree button to proceed. The next page will provide the OpenVPN configuration details and the server status.
The Status Overview page on OpenVPN Access Server dashboard
  1. The next important step before starting the VPN server is to enable TUN/TAP Adapter on your VPS. With Hostinger, users can easily do so via hPanel.
The VPS settings section on hPanel. The option to turn on TUN/TAP Adapter is highlighted
  1. Wait for the process to finish and log in to the OpenVPN admin panel again. VPN service will be ON.
The status overview page on OpenVPN dashboard, it showcases that VPN services are currently ON
  1. The default OpenVPN settings are decent and allow macOS, Linux, Windows, Android, and iOS to connect to the Linux VPN server. However, if you want to modify any settings, click Apply and Update Running Server to enable the changes.
A window from the OpenVPN dashboard whenever a user changes settings. Update running server button is highlighted

Important! Keep in mind that the free version of OpenVPN allows up to two concurrent connections only.

Next, we will set up an OpenVPN tunnel.

2. Set Up OpenVPN Server Tunneling

A VPN tunnel is an encrypted connection between your device and the VPN. Follow these steps to enable it:

  1. To enable IP forwarding in your kernel, use the command below. It will enable traffic forwarding over IPv4.
echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.d/99-sysctl.conf
  1. To apply the changes, enter:
sudo sysctl -p
  1. OpenVPN does not support simultaneous tunnels over IPv6 and IPv4. Disable IPv6 using:
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1

To disable IPv6 manually, set the below parameters on boot:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

To do it, open the 99-sysctl.conf file located in /etc/sysctl.d/. Use the cd command to access the folder and a preferred text editor to edit the file. Save the changes.

  1. Activate the new settings using this command:
sysctl -p
  1. Open the /etc/hosts file and comment on the IPv6 resolution line as shown below. This will disable IPv6.
#::1 localhost ip6-localhost ip6-loopback
  1. Log in to the Admin server URL and open VPN Settings.
OpenVPN dashboard side bar with VPN Settings button selected
  1. In the Routing section, set the Should VPN clients have access to private subnets (non-public networks on the server side)? option to No. Then, set the Should client Internet traffic be routed through the VPN? option to Yes.
The routing section on the OpenVPN dashboard
  1. To avoid any DNS leak, alter the DNS resolver settings. Enable the Have clients use the same DNS servers option.
The DNS settings section on the OpenVPN dashboard
  1. Save the new settings and click Update Running Server.
  2. Restart the OpenVPN server from the Status tab. Click Stop and then Start.

How to Connect Linux VPN Server to Other Devices

Now that the server is running, users can connect devices to it. We’ll cover the most popular operating system options: Windows, macOS, Linux, Android, and iOS.

How to Install and Connect the OpenVPN Client for Windows

  1. Open the OpenVPN client URL: https://185.185.185.185:943/.
  2. Choose the Windows version of the client and run the installation.
The main OpenVPN client dashboard view for a Windows machine
  1. Once the installation is complete, a prompt will appear. Enter your OpenVPN username and password.
  2. Run OpenVPN from the Windows taskbar to disconnect, reconnect and view the connection status.

How to Install and Connect the OpenVPN Client for macOS

  1. Connect to the OpenVPN client UI and download the OpenVPN software for macOS.
The main OpenVPN client dashboard view for a macOS machine
  1. Complete the macOS installation procedure.
  2. A new OpenVPN icon on the macOS taskbar will appear. Right-click on this icon to see the different options.
  3. Click the Connect to option. A pop-up will prompt for your OpenVPN username and password. Enter the credentials.
  4. Click Connect to establish the Linux VPN server connection.

How to Install and Connect the OpenVPN Client for Linux

The client installation for Linux is slightly different from Windows and macOS. Follow these steps:

  1. Download and install the OpenVPN client software for CentOS using this command:
sudo yum install openvpn

For Debian or Ubuntu, use this command instead:

sudo apt-get install openvpn
  1. Open the OpenVPN client UI and download the appropriate profile for your OS. Alternatively, use the wget or curl command and enter the software download link.
  2. Copy the downloaded profile to /etc/openvpn and rename it to client.conf.
  3. Start the OpenVPN Tunnel service by entering the following command:
sudo service openvpn start
  1. A prompt asking for your OpenVPN username and password will appear. Enter the correct credentials.
  2. Use ipconfig or ip addr to view the network connections. Once the VPN interface is available, you will see tun0 added to the existing network adapters list.

How to Install and Connect the OpenVPN Client for Android

  1. Open Google Play and install the OpenVPN Connect application.
  2. Import a profile by entering the VPN server client URL. Then, enter the following details manually:
    • Port – 934 of your Linux VPN server.
    • Username – the username set on your server. It is openvpn by default.
    • Password – the password that the terminal displayed after successfully installing OpenVPN Access Server.

Alternatively, import the OVPN file from the client UI.

The main OpenVPN client dashboard view with profile download option highlighted

How to Install and Connect the OpenVPN Client for iOS

After installing OpenVPN Connect from the App Store, open the app. Then, fill in all the required profile information or upload the profile file. For more details, refer to the Android section, as the steps for installing OpenVPN Connect on iOS are nearly identical.

Once the app is set up, you can start using OpenVPN on iPhone or iPad devices.

How to Manage Linux VPN Server

Now that the VPN Access Server is running, it’s worth checking its configuration settings.

How to Manage Linux VPN Server Compression Settings

If you are connected to the VPN but cannot browse the Internet, check the OpenVPN logs at /var/log/openvpnas.log on the Access Server VPS.

If you find entries similar to the ones below, you are likely experiencing compression issues:

2022-03-23 18:24:05+0800 [-] OVPN 11 OUT: 'Mon Mar 23 08:59:05 2016 guest/123.45.67.89:55385 Bad compression stub decompression header byte: 251'

Resolve this error by disabling compression:

  1. Open the Admin console and click Advanced VPN.
  2. Go to Default Compression Settings and turn off Support compression on client VPN connections.
The default compression settings on a OpenVPN dashboard
  1. Apply the changes and click on the Update Running Server option.

How to Add Users to a Linux VPN Server Running OpenVPN

The free OpenVPN client supports two concurrent users. Even though you can create multiple users, only two can be connected simultaneously. You must purchase an OpenVPN paid plan to add more concurrent users.

Use the Admin UI to add and manage users:

  1. Navigate to User Management → User Permissions.
The OpenVPN side bar with User Permissions button selected
  1. Enter the new username as shown below:
The User Permissions section on the OpenVPN dashboard
  1. For a new user, configure additional settings by clicking More Settings. You will be able to modify a user’s password, permissions, and other settings.
  2. Save the new settings and click Update Running Server.

How to Set Up Auto-Login Profiles for a Linux VPN Server With OpenVPN

With OpenVPN, you can configure auto-login profiles. Auto-login profiles will automatically route all non-local traffic via the VPN.

To set up auto-login, open the Admin UI and select User Permissions. Then, check the Allow Auto-login option.

The User Permissions section on the OpenVPN dashboard

Alternatively, use User or Server-locked profiles to manually enable or disable the VPN.

How to Test a Linux VPN Server Running OpenVPN

Connect to the VPN client and check your IP to see if the OpenVPN server works as expected.

DNS leak test lets you check your OpenVPN server’s IPv4 address. On the website, choose the Extended test. The test will output the client devices’ DNS resolver IPs.

Next, make sure the traffic doesn’t use IPv6 using Test your IPv6. The tool should display the server IP and a message stating that no IPv6 address was detected.

Conclusion

Setting up a VPN server can be beneficial, especially if you want to encrypt internet traffic and browse safely.

In this tutorial, we’ve gone through the process of installing OpenVPN on a Linux virtual private server. We’ve also shown the OpenVPN server configuration procedure and client installations on various operating systems, including Windows, Linux, Android, iOS, and macOS.

We hope that you found this tutorial helpful. In case you have any questions, let us know in the comments section below.

Author
The author

Edward S.

Edward is a content editor with years of experience in IT writing, marketing, and Linux system administration. His goal is to encourage readers to establish an impactful online presence. He also really loves dogs, guitars, and everything related to space.

Author
The Co-author

Ignas R.

Ignas takes great satisfaction in helping people tackle even the most complex technical issues. His current goal is to write easy-to-follow articles so that these issues will not happen at all. During his free time, Ignas likes to play video games and fix up things around his house.