Setup your VPN server and clients easily via OpenVPN, Step by Step Guide

The simple way to set up our own VPN server, consume the VPN on different devices,  we will setup the self hosted VPN together, one click to deploy OpenVPN server, as low as $5 per month.

Introduction

A VPN is an encrypt and secure tunnel that sends all the requests to the remote server,  then all requests will be routed from remote server to public network(the internet).

VPN explained
VPN explained

To sum up, here are top two reasons:

  • Secure and encrypt the data to the public network.
  • Enable to visit the websites which are blocked in your region.

There are VPN service providers that provide the services, so we can consume it just install their apps on the variety of devices, buy the subscription plan, then we are good to go.

Well, for me, they are little high price, and I am not using VPN that often to put the money worth it. And consider the security, I`d rather like to use my private line, so I was thinking a more highly cost-effective way: set up my own the VPN server, as low as $5 per month.

We will install the OpenVPN server & client, an open source free VPN setup framework.

If you don’t have the technical background, no problem, this tutorial will guide you through it, and we will be in the easiest way to setup the VPN server, it would work on all platforms, MacOS, Windows, Andriod, IOS.

Note: In this article, VPS = Remote Server = Cloud Server = Droplet

Overview

Let`s take a glance at what we are going to do,  a brief overview of the steps.

  1. Setup SSH key. We will use the SSH to connect the cloud(remote) server.
  2. Create the (Droplet) cloud server on DigitalOcean.
  3. Connect to the VPS in Step 2 by using SSH, install OpenVPN on the cloud server.
  4. Generate the VPN client’s configuration file, download them in local via sFTP.
  5. Install the OpenVPN app on our devices (Mac, Windows, IOS or Andriod)
  6. Import configuration file from Step 4, connect!

Prerequisites

A computer that has the network access., it could be Mac, Windows, others.

Valid credit card. Mandatory, the payment method for the cloud service provider.

Step One: Set up SSH key

SSH means Secure Shell, it allows us to connect remote network services securely, and it`s the way how we communicate with our cloud server.

Don’t be panic. there are guides how to set up both on Mac and Windows. we will generate one key pair.

  • The public key (on the cloud server side.)
  • The private key (on the local side, never share it with anyone.)

During the creation of the cloud server, we will put the SSH public key in it, after the installation,  we will run SSH command to connect the server, at this time, public key needs to pair with the private key, enter the password, then handshake, and we also need the SSH to download files from cloud server, it`s so-called “sFTP”, the more secure way than FTP.

For Mac users

Generate the SSH key on Mac is easier than Windows. Please follow this tutorial, after you have done it, please back to here.

For Windows users

Please refer this guide.  when you finished this Step “Create an SSH Key Pair”, then please back to here.

Step Two: Create a cloud server on DigitalOcean

In this step, we will set up a cloud server to be used as the VPN server. In DigitalOcean, it also can be called Droplet = Cloud Server.

I would recommend the Cloud server provider – DigitalOcean, it`s easy to use, user-friendly interface and great performance, additionally, by clicking the link from kasonz.com, you will get $10 credit in the account. it means for $5 plan, it`s free for first two months. (Billing FAQ from DigitalOcean)

Register,  create a Droplet(Cloud Server) on DigitalOcean.

1, Click the link – DigitalOcean,  we will see the home page, let`s directly create an account. After the creation, it will ask us to ‘Confirm your email by clicking the verification link we just sent to your inbox.’

Create account
Create account

After the activation, logged in, we will see the control panel. we need to add the Payment method, it`s mandatory step to create the cloud server.

Click  Profile image -> Setting -> Billing, add the credit card info,  Card will be charged hourly for resources used. (Billing FAQ from DigitalOcean) After doing that, the $10 credit will be loaded into the account.

Credit info

Create a Droplet (Cloud server)

Create Droplets
Create Droplets

Let`s select the CentOS 7 Version to start (the versions may differ, it wouldn’t be problem, just pick one, CentOS 6 or CentOS 7+ )

Create CentOS 7

Select a plan, let`s select $5 per month plan.

Choose a data center region. We can choose a datacenter which we think it could be fast, base on our location, in the tutorial, I will choose San Francisco 1.

Next, we can ignore the “Select additional option”

Add your SSH keys. This is the important step, on “Step One Set up SSH Key”, we got the SSH key pairs, we will paste the public key into here. Find your SSH Public key – id_rsa.pub (the file name may differ), open it in the text editor, copy all the text.

Back to DigitalOcean page, click New SSH Key, paste the text in the area, give it a name,  click Add SSH key button, make sure the checkbox of the newly created SSH Key is selected.

Paste public key text
Check Box is selected
Check Box is selected

Name the cloud server, create it.

Named the cloud server, create it.
Named the cloud server, create it.

After few seconds, the cloud server will be ready,  let`s take a note of the cloud server IP address.

Droplet IP address

Step Three: Cloud server side configuration

Connect to Cloud Server(Droplet)

In this step, we will use the SSH key connect to the cloud server and install OpenVPN server-side app.

For Windows users how to use SSH connect the server, please refer this guide.

Open the Terminal, enter following command. The IP address (red), replace it with yours, press Enter 

ssh root@107.170.205.591

Then it will say ‘Are you sure you want to continue connecting (yes/no)?‘ Enter yes, press Enter to continue.

It will ask the passphrase for the key, which is the password you set during SSH key pair creation.

Enter the password, press Enter. Now we are on the server.

[root@centos-512mb-sfo1-01-VPN ~]#

Install OpenVPN server-side app

There is one-click installation script can save us a lot of efforts, so we don`t need to follow the complex procedures from the official document.

Enter the following command, the installation will begin automatically.

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

Later, it will ask you some questions, let`s use the default option by pressing Enter.

  • Protocol [1-2]: 1
  • Port: 1194
  • DNS [1-6]: 1

Here, it needs to be noted: the client name.

We are generating the client configuration files for clients, the clients mean our devices, I would recommend generating each client file for our each device, so we can easily to manage them.

The name of the client file is not important. We can name it whatever we want, for example.

  • kason-mac for MacOS
  • kason-win for Windows
  • kason-andriod for Andriod phone
  • ……

In the following example, I set the client name to client-mac, so I want to use it on my Mac.(the client name is just for the management purpose, it doesn`t mean it cannot be used on other platforms)

Which protocol do you want for OpenVPN connections?
   1) UDP (recommended)
   2) TCP
Protocol [1-2]: 1

What port do you want OpenVPN listening to?
Port: 1194

Which DNS do you want to use with the VPN?
   1) Current system resolvers
   2) Google
   3) OpenDNS
   4) NTT
   5) Hurricane Electric
   6) Verisign
DNS [1-6]: 1

Finally, tell me your name for the client certificate
Please, use one word only, no special characters
Client name: client-mac //name your client name

Press any keys to continue. The installation and preparation process really begins. it may take few minutes at the first time.

Write out database with 1 new entries
Data Base Updated
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.cnf

An updated CRL has been created.
CRL file: /etc/openvpn/easy-rsa/pki/crl.pem

321
Created symlink from /etc/systemd/system/multi-user.target.wants/openvpn@server.service to /usr/lib/systemd/system/openvpn@.service.

Finished!

Finished, the client configuration file(*.ovpn) is ready under the root folder, later on, we will use SFTP method download them to local, your computer, but before that, let`s generate more client files. Run the same command.

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

Enter 1  to add a new user, press Enter to the next, set the client name, this time I will set the name to client-windows, press Enter to finish it.

The same way to add other users` client files, so we will get:

  • client-mac.ovpn
  • client-windows.ovpn
  • client-andriod.ovpn
  • client-iphone.ovpn

Note again, the client name is not important, just help you to easily remember and distinguish, it`s just the best practice: one client file for one device.

All the files located under the server root folder. until here, we are done with the server side. let`s download the *.ovpn files, and import them the devices.

Step Four: OpenVPN on clients side

Download *.ovpn files to local.

To download the files from the cloud server those we generated in the previous step, we will use SFTP client, a file transporting tool between the local disk and the cloud server disk. FileZilla is one of most popular (S)FTP client application.

Download FileZilla, after installation, let`s create a new site it which is our cloud server.

(You can also follow the guide here to setup FileZilla)

In the site manager, create a new site, fill the information.

Change the IP address to yours.

The key file would be the Private Key (it may ask us to convert the key file to FileZilla format, just click ok to continue.)

Click connect. it will prompt to enter the password. The password is the same one that we use the SSH connection to the cloud server.

After we connected the cloud server, it should automaticity list files from root directory, we will also see the *.ovpn files.

Client files under remote root folder
Client files under remote root folder

Let`s download the *.ovpn files to local, select all of them, drag and drop to the left side panel of FileZilla, the left panel presents our local directory. move them to a local folder, for example, the desktop. Or you can simply open the context menu(right-click menu,  choose Download)

At this time, the *.ovpn files had been saved on our local computer.

Install the OpenVPN Connect app

it depends on which devices you want to use the VPN. Since I have a Windows PC, MacBook, iPhone, and Android tablet, fortunately, OpenVPN supports all major platforms.

OpenVPN client for Windows:

Official download page, if it cannot be opened, you can also download from kasonz.com mirror.

After installation OpenVPN for Windows,  Import the *.ovpn file, click connect.

OpenVPN client for MacOS:

Tunnelblick – Free software for OpenVPN on OS X and MacOS

After the installation, click on any *.ovpn files, it will automatically import to Tunnelblick, then click Connect.

OpenVPN client for Andriod:

Download from Google Play Store, or mirror from UptoDown.

Import the *.ovpn file to the app, click Connect. There is a guide on the App shows how to do this.

OpenVPN client for IOS:

Download from Apple AppStore,  the app is not available in some countries, you may need register a US apple id, download from US AppStore.

Use the iTunes import the file to App. Back to the app, click connect.

Conclusion

I am satisfied with this speed and performance on DigitalOcean, now I`m running the $10/Month Plan, as it`s hosting two websites on it.

On DigitalOcean, Easily resize the landscape(CPU,  Ram, Disk) to higher or lower plan.

Resize the droplet
Resize the droplet

It may happen occasionally that take a longer time to connect the server, but overall it`s still impressive. Watching the 1080p video on YouTube without lag.

Hopefully, this tutorial does help, Thanks. If you like it, please share thistutorial with other people.

If you have any questions & concerns, please leave a comment below.

Share:

Leave a Reply

Your email address will not be published. Required fields are marked *