Building a Personal VPN with OpenVPN on Your Server

 

In the digital age, privacy and security have become more critical than ever. With data breaches, identity theft, and surveillance becoming common concerns, many individuals and organizations are turning to Virtual Private Networks (VPNs) to protect their online activity. A personal VPN provides an extra layer of security by encrypting your internet connection and masking your IP address.

One of the most effective ways to set up a VPN is by using OpenVPN, a robust and open-source solution that can be installed on your server to create a personalized VPN. This guide will walk you through the steps of building a personal VPN with OpenVPN on your server, explaining everything from installation to configuration.

What Is OpenVPN?

Before diving into the installation process, it’s essential to understand what OpenVPN is and why it is a good choice for building a personal VPN.

OpenVPN is an open-source software that allows you to securely connect to the internet or a private network over a public network, such as the internet. It supports a range of encryption algorithms, making it a highly flexible and secure choice for creating VPNs. One of the key advantages of OpenVPN is its ability to bypass firewalls and other restrictions by using SSL/TLS encryption for key exchange.

Unlike proprietary VPN services, OpenVPN gives you full control over your privacy and security. By hosting it on your own server, you ensure that no third party is monitoring your internet activity. You can set up your OpenVPN server on a variety of platforms, including Linux, Windows, and macOS, which makes it an excellent choice for various use cases.

Why Build a Personal VPN?

Building your personal VPN using OpenVPN has several benefits:

1. Privacy: You maintain complete control over your data and privacy. Unlike third-party VPN services, no one else has access to your connection logs.
2. Security: OpenVPN provides robust encryption, ensuring that your internet traffic is secure and protected from hackers and other malicious actors.
3. Cost-Effective: Setting up your personal VPN is often cheaper than paying for a commercial VPN service. Once you have a server set up, the maintenance costs are minimal.
4. Bypass Geo-Restrictions: A personal VPN allows you to access content that may be restricted in your country or region, such as streaming services and websites.
5. Remote Access: You can access your home or office network securely from anywhere, enabling you to work remotely without compromising on security.

Prerequisites for Building a Personal VPN

Before starting, ensure you have the following:

1. A Server: You will need a server to host your VPN. This can be a Virtual Private Server (VPS) from a provider such as DigitalOcean, AWS, or Linode. Alternatively, you can use a home server or even a Raspberry Pi.
2. Operating System: The server will require a Linux-based operating system (Ubuntu, CentOS, Debian, etc.) for the best OpenVPN performance.
3. Root or Sudo Access: You will need administrative privileges to install and configure software on your server.
4. Domain Name (Optional): While not required, a domain name can make accessing your server easier. You can purchase one through services like GoDaddy or Namecheap.

Step-by-Step Guide to Setting Up OpenVPN

Step 1: Setting Up Your Server

To get started, you need a server running a Linux distribution. For this guide, we’ll use Ubuntu 20.04 as the example operating system, but the steps can be adapted to other Linux distros.

1. Choose a Hosting Provider: Select a VPS provider and set up a new server. Ensure the server is running Ubuntu 20.04 (or another Linux distribution). A minimum of 1 GB of RAM and 20 GB of storage should suffice for personal use.

2. Access Your Server: Use SSH to connect to your server. You’ll need the IP address and login credentials provided by your hosting provider.

   bash
   ssh username@your_server_ip
   

Step 2: Installing OpenVPN

Once you’ve connected to your server, the next step is installing OpenVPN.

1. Update the System: Start by updating your server’s package list and upgrading existing packages.

   bash
   sudo apt update && sudo apt upgrade -y
   

2. Install OpenVPN: Now, install OpenVPN using the following command:

   bash
   sudo apt install openvpn easy-rsa -y
   

   This will install OpenVPN along with Easy-RSA, a script that simplifies the process of generating the necessary encryption keys.

Step 3: Setting Up Easy-RSA

Easy-RSA helps you create the Public Key Infrastructure (PKI) for your OpenVPN server. The PKI includes keys and certificates for the server and clients.

1. Create a Directory for Easy-RSA:

   bash
   make-cadir ~/openvpn-ca
   cd ~/openvpn-ca
   

2. Configure Easy-RSA Variables: Copy the vars file and edit it to set your custom values for your VPN.

   bash
   cp vars.example vars
   nano vars
   

   Inside the vars file, change the following fields to reflect your organization or preferences:

   bash
   export KEY_COUNTRY="US"
   export KEY_PROVINCE="California"
   export KEY_CITY="San Francisco"
   export KEY_ORG="MyVPN"
   export KEY_EMAIL="you@example.com"
   export KEY_OU="MyVPN-CA"
   

3. Source the Variables:

   bash
   source vars
   

4. Build the Certificate Authority (CA):

   bash
   ./clean-all
   ./build-ca
   

Step 4: Generating the Server and Client Certificates

Now that you have your CA set up, you need to create the server and client certificates.

1. Generate the Server Certificate:

   bash
   ./build-key-server server
   

   Follow the prompts and ensure you don’t set a passphrase for simplicity.

2. Generate Diffie-Hellman Parameters:

   bash
   ./build-dh
   

3. Generate a HMAC Signature (to strengthen the server):

   bash
   openvpn --genkey --secret keys/ta.key
   

Step 5: Configuring OpenVPN

Once the keys and certificates are created, it’s time to configure OpenVPN.

1. Copy the Server Certificate and Keys:

   Copy the server keys and certificates to the OpenVPN directory:

   bash
   cd ~/openvpn-ca/keys
   sudo cp server.crt server.key ca.crt ta.key dh2048.pem /etc/openvpn
   

2. Create the OpenVPN Server Configuration File:

   You can either create a custom configuration file or use the example provided. For simplicity, we’ll use the default configuration and modify it as needed.

   bash
   sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn
   sudo gunzip /etc/openvpn/server.conf.gz
   sudo nano /etc/openvpn/server.conf
   

   Edit the following lines:

   bash
   ca ca.crt
   cert server.crt
   key server.key
   dh dh2048.pem
   tls-auth ta.key 0
   

   Make sure the server.conf file contains the following settings to ensure proper functionality:

   • server 10.8.0.0 255.255.255.0: Defines the IP range for the VPN clients.
   • push "redirect-gateway def1 bypass-dhcp": Routes all internet traffic through the VPN.
   • push "dhcp-option DNS 8.8.8.8": Specifies DNS servers for VPN clients.

Step 6: Starting the OpenVPN Server

Start the OpenVPN service and enable it to run on boot.

1. Start OpenVPN:

   bash
   sudo systemctl start openvpn@server
   

2. Enable OpenVPN to Start on Boot:

   bash
   sudo systemctl enable openvpn@server
   

Step 7: Configuring the Client

Once the server is set up, it’s time to configure the client.

1. Generate Client Certificates:

   On your server, create client certificates:

   bash
   cd ~/openvpn-ca
   source vars
   ./build-key client1
   

2. Transfer Certificates to the Client:

   Copy the necessary files (client1.crt, client1.key, ca.crt, ta.key) to your client machine.

3. Client Configuration:

   Create a configuration file for your client (client.ovpn). It should include the following:

   bash
   client
   dev tun
   proto udp
   remote YOUR_SERVER_IP 1194
   resolv-retry infinite
   nobind
   persist-key
   persist-tun
   ca ca.crt
   cert client1.crt
   key client1.key
   tls-auth ta.key 1
   cipher AES-256-CBC
   verb 3
   

   Replace YOUR_SERVER_IP with the IP address of your server.

4. Install OpenVPN on the Client: Install OpenVPN client software on your local machine (Windows, macOS, or Linux) and import the configuration file.

5. Connect to the VPN: Open the OpenVPN client, load the configuration file, and connect to your VPN server.

Step 8: Testing and Troubleshooting

Once connected, you can test the VPN by visiting websites like WhatIsMyIP.com to confirm that your IP address has changed.

If you encounter any issues, check the OpenVPN logs on both the client and server sides:

• Server Logs: /var/log/syslog
• Client Logs: OpenVPN client interface

Conclusion

Congratulations! You’ve successfully set up your personal VPN using OpenVPN. With this setup, your internet connection is secure, your privacy is protected, and you have full control over the VPN environment. Whether you’re looking to browse safely on public networks or access content from different regions, a personal VPN is a powerful tool for online security.

Maintaining and troubleshooting your OpenVPN server may require some technical know-how, but once it’s up and running, it offers peace of mind in an increasingly insecure digital world.