OpenVPN is an open-source protocol that creates a secure tunnel between your device and the VPN server. OpenVPN sends encrypted data over the internet. It is one of the most reliable and widely used protocols for VPN connection.
Why OpenVPN?
- OpenVPN is available for all platforms.
- OpenVPN uses SSL/TLS for key exchange. OpenSSL library’s encryption, authentication, and SSL certificate make VPN connection more secure.
- OpenVPN supports industry-standard 256-bit AES encryption.
- Any new vulnerabilities are quickly fixed due to the sizeable
- open-source OpenVPN community.
Let’s create our first OpenVPN server at Digital Ocean.
I assume that you already have an account.
Sign in and click the “Generate New Token” button, as shown below.
Next, enter the Token name and select the token expiry term you’d like to set from the drop-down menu. It’s very important to check the Write permission. This allows TryDirect to create a Droplet in your account.
Now, click the “Generate Token” button to create an API token.
Copy and save the Token. You will need to provide this token later.
Next, log in to the TryDirect dashboard using https://try.direct/sign_in. If you don't have a TryDirect account, SIGN UP for a new account using https://try.direct/sign_up
After login, click the 'STACKS' option from the top menu, search for OpenVPN, and click it.
You will see the OpenVPN page with a description. Find the 'DEPLOY TO' button on this page, click it and select 'DIGITAL OCEAN' as shown in the below screenshot.
Next, you will be redirected to “OpenVPN—New Deployment.” Enter your domain name and your Digital Ocean API Token, which you had created earlier. Here the "BASE DOMAIN NAME" and "ADD PERSONAL ACCESS TOKEN" are mandatory. Fill in all the details required on this page.
Then select the data center region where you want to deploy the OpenVPN server.
Next, choose the server from a list and select features per your requirements.
At last, click the “DEPLOY” button.
Your OpenVPN server deployment started. It will take around 15 minutes.
At the same time, you will see a new droplet created on your Digital Ocean account.
Once the OpenVPN setup process is completed, a detailed information menu will pop up.
You will receive a notification email from TryDirect that contains a deployment-configs PDF file, the key PEM file of your server and OpenVPN configuration file with ovpn extension.
How to connect to OpenVPN
Download your “ovpn” file and save the file somewhere on your system. You will need this “ovpn” file later for the OpenVPN connection.
Install the OpenVPN client
Now, you need to install the OpenVPN client for your OS
Windows users
Go to https://openvpn.net/community-downloads/ and Download OpenVPN client.
Next, install the OpenVPN client on your system.
Once the OpenVPN client is installed you may get a ‘no readable profile’ warning alert as shown in the below screenshot.
Click the “OK” button, then right-click the OpenVPN GUI icon from the system tray.
It will open pop-up windows, go to your “.ovpn” file location on your system and select OpenVPN “.ovpn” file.
It will display “File imported successfully” message.
Now, again, right-click on the OpenVPN GUI icon and click on Connect Option.
You are now connected with your OpenVPN server using your OpenVPN client from your Windows system.
To verify your OpenVPN connection, go to the web browser and type “what is my ip”. You will see the IP address on your OpenVPN data center.
Linux users
If you are using Linux distributions, then you need to install the OpenVPN client from repository:
Ubuntu/Debian users, execute the following commands in your terminal:
sudo apt-get update
sudo apt-get install openvpn
sudo openvpn --config xxxx.ovpn (Replace 'xxxx' with the filename you got in e-mail)CentOS users:
sudo yum install epel-release
sudo yum install openvpn
sudo openvpn --config xxxx.ovpn (Replace 'xxxx' with the filename you got in e-mail)After running the above command, you will see an output like:
Output:
Mon Apr 18 11:05:39 2022 /sbin/ip addr add dev tun0 local 192.168.255.6 peer 192.168.255.5
Mon Apr 18 11:05:39 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Apr 18 11:05:39 2022 Initialization Sequence CompletedNote: If you are using an older version of Ubuntu and getting errors like write to TUN/TAP: Invalid argument (code=22) , make sure to update OpenVPN to version 3.
If you want to run the OpenVPN client in the background, execute the following command:
openvpn --config xxxx.ovpn --daemon (Replace 'xxxx' with the filename you got in e-mail)For example:
sudo openvpn --config 1894.ovpn --daemonHow to add new VPN users
First, change the downloaded PEM file permission to 400. Run the following command in terminal:
sudo chmod 400 example.com.pemReplace ‘example.com.pem’ with the PEM file name you got in the e-mail.
Now, run the command along with your server IP address as shown below:
ssh -i example.com.pem root@159.223.234.35(Replace with your OpenVPN server IP)
Next, go to the directory containing docker-compose.yml file on your server.
cd /root/openvpn/Now, execute the commands below.
docker-compose run --rm openvpn easyrsa build-client-full USERNAME nopassFor example:
docker-compose run --rm openvpn easyrsa build-client-full admin nopassThe above command will generate an admin user without a passphrase.
Generate user’s ovpn file.
Syntax:
docker-compose run --rm openvpn ovpn_getclient USERNAME > USERNAME.ovpnExample:
docker-compose run --rm openvpn ovpn_getclient pratik > /root/openvpn/client_conf/pratik.ovpnNow, download New user's ovpn file on your system.
scp -i example.com.pem root@159.223.234.35:/root/openvpn/client_conf/admin.ovpn .Now you can connect with OpenVPN server, as shown before:
sudo openvpn --config admin.ovpnReplace admin.ovpn with your ovpn key.
Alternatively, you can easily connect to the OpenVPN server by using network-manager.
Run the below command to add OpenVPN support to the network-manager.
sudo apt install network-manager-openvpn-gnomeThen, click the network-manager and VPN ‘+’ symbol as shown in the below screenshot.
Next, select the ‘import from file’ option from the selection box opened.
Now, select your ovpn file from your system.
Next, enable the VPN. Now you are connected with the OpenVPN server using your network manager.
Congratulations! You got an understanding of OpenVPN. Now you are informed on the ways to set up the OpenVPN server using the TryDIrect platform and configure the OpenVPN client on your system.