Creating your own VPN server is a cheap and now easy way to ensure your privacy.
What is a VPN?
Well, a VPN stands for Virtual Private Network, and it basically encrypts all the data between you and a server. This means that all internet traffic appears to be coming from the server’s IP address, and that hackers can’t intercept your connection, as it’s securely encrypted. OpenVPN is among the most popular and secure VPN servers out there. The problem? It’s nearly impossible to configure properly. So, that’s why I improved upon a script to give you the easiest way possible!
Glad you asked!
Step 0: [thirstylink ids=”4364”]Get a VPS[/thirstylink]
First, download the script, and run it with:
curl -O https://raw.githubusercontent.com/NerdOfLinux/Scripts/master/OpenVPN.sh sudo bash OpenVPN.sh
If it doesn’t find the server config file, it will assume OpenVPN is not installed, and begin the process of configuring it.
Follow these instructions:
First I need to know the IPv4 address of the network interface you want OpenVPN listening to. IP address:
If this is correct, then just press enter, if not, correct it, and then press enter :)
What port do you want for OpenVPN? Port: 1194
this is the default, but change it to 443 if you want to bypass firewalls.
Do you want tcp or udp? Type: udp
UDP performs a bit better, but if you want to have your VPN work from behind 99% of firewalls, choose TCP, assuming you selected 443 for the port.
What DNS do you want to use with the VPN? 1) Current system resolvers 2) OpenDNS 3) Level 3 4) NTT 5) Hurricane Electric 6) Google DNS [1-6]: 1
I use OpenDNS, but you can choose any of the options, and it should work.
Finally, tell me your name for the client cert Please, use one word only, no special characters Client name: client
Replace client with whatever you want the profile name to be.
What rsa key size would you want (2048 in the minimum recommended)? Size: 2048
I’m paranoid, so I choose 4096, but 2048 is more than enough at the time of writing.
Which cipher would you like? 1) AES 2) CAMELLIA(may cause problems) 3) Custom(not recommended) Cipher: 1
Only change this if you believe the NSA can crack AES.
Which AES size would you like? 1) 128 2) 192 3) 256 Encryption: 1
Up to you, but I like 256 bit.
How often would you like to renegotiate the keys?(if you're unsure, just press enter) reneg-secs: 3600
Just leave this how it is, unless you’re paranoid, and want to change keys even faster
What SHA size do you want(256,384,512)? SHA: 256
512 is the most secure, but 256 should be fine, not to mention that it’s a bit faster.
Okay, that was all I needed. We are ready to setup your OpenVPN server now Press any key to continue...
Press any key, and it will more or less do everything for you! Once it’s done, you’ll have a .ovpn profile ready to go in your root’s home directory. Email this to your client, and you’re good. If you don’t have a GUI, you can send files with:
mpack -s "OVPN cert" client.ovpn email_address_here
Why not use the original script?
That’s up to you, but my version uses a more updated version of EasyRSA, gives you the option to choose cipher, cipher size, hash size, RSA key size, renegotiation time, and a bit more. There are a ton of other scripts out there too, but be sure to look at the source code before trusting them, you never know where a keylogger installer could be hiding.