Posted inHow To Technology

How to Run a Private VPN Server Using Only Open-Source Software

No Comments

In the digital age, privacy and security are paramount. Using a private VPN server gives users control over their online security. Running a VPN server using only open-source software can be a cost-effective solution, allowing you to maintain privacy while avoiding reliance on third-party VPN services. This guide will demonstrate how to set up a private VPN server using open-source software, focusing on the steps involved in installation, configuration, and securing the server.

Contents show

Prerequisites

Before diving into the setup, ensure you meet the following prerequisites:

  • A computer or virtual private server (VPS) running a Linux-based operating system (Ubuntu recommended)
  • Root or sudo privileges to install software
  • An internet connection with a static IP address (optional, but recommended for stability)
  • A domain name or dynamic DNS service to make the VPN server easily accessible (optional)

Step 1: Installing OpenVPN

OpenVPN is a widely used open-source VPN solution. We’ll begin by installing OpenVPN on your server.

sudo apt update
sudo apt install openvpn easy-rsa

After installation, we need to configure Easy-RSA, which helps in creating your public and private keys for secure communication.

make-cadir /openvpn-ca
cd /openvpn-ca
source vars
./clean-all
./build-ca

Step 2: Configuring the OpenVPN Server

Now that the necessary packages are installed and initial configuration is done, we’ll move on to configuring the OpenVPN server.

First, copy the example server configuration file to your OpenVPN directory:

cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn
gzip -d /etc/openvpn/server.conf.gz

Next, you’ll need to edit the server configuration file to suit your needs. Open the configuration file using your preferred text editor:

sudo nano /etc/openvpn/server.conf

Make sure to configure the following:

  • local – Set this to your server’s static IP address or leave it empty to allow OpenVPN to listen on all interfaces.
  • port – The default OpenVPN port is 1194. You can change this if necessary.
  • proto – For UDP, use proto udp, which is faster than TCP in most cases.
  • dev – Set this to dev tun, which is the typical VPN tunnel interface.

Step 3: Generating Server and Client Keys

Generate the server’s SSL/TLS keys and certificates using Easy-RSA. This will allow secure communication between the server and clients.

cd /openvpn-ca
source vars
./build-key-server server
./build-dh
openvpn --genkey --secret keys/ta.key

Once the server key and certificate are created, you can generate client keys in a similar manner. First, generate the client certificate and key:

./build-key client1

Remember to replace client1 with the actual client’s name. After that, you’ll need to transfer the necessary keys and certificates to the client’s machine.

Step 4: Configuring IP Forwarding and Firewall

For the VPN to function correctly, the server needs to forward network traffic and accept VPN connections through the firewall. Enable IP forwarding by editing the system configuration file:

sudo nano /etc/sysctl.conf

Uncomment the following line to enable IP forwarding:

net.ipv4.ip_forward=1

To apply the changes, run the following command:

sudo sysctl -p

Next, configure your firewall to allow VPN traffic:

sudo ufw allow 1194/udp
sudo ufw enable

Step 5: Starting the OpenVPN Server

With the configuration complete, it’s time to start the OpenVPN server. Run the following command to start the OpenVPN service:

sudo systemctl start openvpn@server

To ensure the VPN server starts automatically on boot, use this command:

sudo systemctl enable openvpn@server

Step 6: Configuring the VPN Client

On the client machine, install OpenVPN and copy the configuration files, including the client certificate and key, to the appropriate directory. After installation, configure the client to connect to the VPN server.

Install OpenVPN on the client machine using:

sudo apt install openvpn

Create a client configuration file using the following template:

client
dev tun
proto udp
remote  1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
tls-auth ta.key 1
cipher AES-256-CBC
comp-lzo
verb 3

Replace with the server’s public IP address or domain name. Transfer the configuration file and certificates from the server to the client machine.

Step 7: Testing the VPN Connection

Finally, after configuring the server and client, test the VPN connection. On the client machine, connect using the following command:

sudo openvpn --config client1.ovpn

If everything is configured correctly, the OpenVPN client will establish a secure connection to the server, and traffic will be routed through the VPN tunnel.

We earn commissions using affiliate links.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *