Update and Upgrade the system
#apt-get update -y && apt-get upgrade -y
Find and note down your IP address, use the ip command as follows;
#ip addr #ip a show eth0
If the public IP address not showed, use the dig command/host command
#dig +short myip.opendns.com @resolver1.opendns.com
OR
#dig TXT +short o-o.myaddr.l.google.com @ns1.google.com | awk -F'"' '{ print $2}'
Download and run openvpn-install.sh script
#wget https://git.io/vpn -O openvpn-install.sh #wget https://vpshelpdesk.com/files/openvpn-install.sh
OR
#wget https://git.io/vpn -O openvpn-install.sh Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.76.133|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 23079 (23K) [text/plain] Saving to: ‘openvpn-install.sh’ openvpn-install.sh 100%[============================================================================>] 22.54K --.-KB/s in 0.001s 2020-10-26 14:33:15 (25.0 MB/s) - ‘openvpn-install.sh’ saved [23079/23079] root@iZj6cij2s4ft9b2k2h81nmZ:/home#
Setup permissions using the chmod command:
#chmod +x openvpn-install.sh
One can view the script using a text editor such as nano/vim:
#nano openvpn-install.sh
Run openvpn-install.sh to install OpenVPN server
#./openvpn-install.sh
Follow the instruction
Welcome to this OpenVPN road warrior installer! This server is behind NAT. What is the public IPv4 address or hostname? Public IPv4 address / hostname [222.222.222.1]: Which protocol should OpenVPN use? 1) UDP (recommended) 2) TCP Protocol [1]: What port should OpenVPN listen to? Port [1194]: Select a DNS server for the clients: 1) Current system resolvers 2) Google 3) 1.1.1.1 4) OpenDNS 5) Quad9 6) AdGuard DNS server [1]: Enter a name for the first client: Name [client]: client1 OpenVPN installation is ready to begin. Press any key to continue... .................. .................. Finished! The client configuration is available in: /root/client1.ovpn New clients can be added by running this script again. root@iZj6cij2s4ft9b2k2h81nmZ:~#
Check if the OpenVPN server has been installed successfully, the tun0 available with #ip addr or #ifconfig
root@iZj6cij2s4ft9b2k2h81nmZ:~# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:16:3e:06:54:02 brd ff:ff:ff:ff:ff:ff inet 172.01.1.12/20 brd 172.01.143.255 scope global dynamic eth0 valid_lft 315358011sec preferred_lft 315358011sec inet6 fe80::216:3eff:fe06:5402/64 scope link valid_lft forever preferred_lft forever 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100 link/none inet 10.8.0.1/24 brd 10.8.0.255 scope global tun0 valid_lft forever preferred_lft forever
Start/stop/restart OpenVPN server with systemctl command:
#systemctl stop [email protected] #systemctl start [email protected] #systemctl restart [email protected] #systemctl status [email protected]
To add more client run the openvpn-install.sh again
root@iZj6cij2s4ft9b2k2h81nmZ:~# ./openvpn-install.sh OpenVPN is already installed. Select an option: 1) Add a new client 2) Revoke an existing client 3) Remove OpenVPN 4) Exit Option: 1 Provide a name for the client: Name: client2 Using SSL: openssl OpenSSL 1.1.1 11 Sep 2018 Generating a RSA private key .........................................................................................................................................................................+++++ .............................................+++++ writing new private key to '/etc/openvpn/server/easy-rsa/pki/easy-rsa-1952.6girut/tmp.4cIY4C' ----- Using configuration from /etc/openvpn/server/easy-rsa/pki/easy-rsa-1952.6girut/tmp.07hFfF Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'client2' Certificate is to be certified until Oct 24 06:48:16 2030 GMT (3650 days) Write out database with 1 new entries Data Base Updated client2 added. Configuration available in: /root/client2.ovpn root@iZj6cij2s4ft9b2k2h81nmZ:~#
To connect the OpenVPN server with OpenVPN Client download the client configuration (client.ovpn, client2.ovpn, etc), use WinSPC to download