How to Create Your Own VPN in Linux With OpenVPN

A photograph showing a laptop on a wood table.

Virtual private networks (VPNs) allow you to hide your online data transmissions and enhance your security while browsing the Internet from public places. Many online service providers offer both free and paid VPN options for you to use. However, even the best paid plans can be unreliable or slow at times.

Here we’ll discuss how you can use OpenVPN to create a secure connection on a Linux machine.

Keep in mind that we’ll be creating a routing configuration and not a bridging one, which should be fine for most use cases. Windows users can follow along by reading the OpenVPN documentation, beginning with the section on setting up a Certificate Authority. Commands used in Windows will be similar to those shown below.

Note: In this tutorial, we are using Ubuntu, but the installation steps will work for other distros too.

Preparing the Server for OpenVPN

  1. Install the necessary dependencies:
sudo apt install wget curl
  1. Download the OpenVPN installation script from Github. This is a third-party script that automates a large portion of the setup process for server nodes:
wget https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh -O ./openvpn-install.sh
A terminal showing the download process for the OpenVPN installer script.
  1. Enable the “execute” permission bits for your install script:
sudo chmod ug+x ./openvpn-install.sh

Installing OpenVPN on the Server

  1. Run the installer script with superuser privileges:
sudo ./openvpn-install.sh
  1. This will bring up a basic prompt where it asks you for the IP address of the interface that you want to use with OpenVPN. Since I am exposing the Ethernet interface, I will press Enter on the default value.
A terminal showing the interface selection prompt from the installer script.
  1. Type “Y”, then press Enter to enable IPv6 support.
A terminal showing the prompt for IPv6 support.

Note: There are instances where a VPS does not come with an IPv6 address right out of the box. For these, you need to type “N”, then Enter to skip the IPv6 setup.

  1. Press Enter to use the default OpenVPN port for your server.
A terminal showing the prompt for the default port.
  1. Press Enter again to allow OpenVPN to broadcast over UDP.
A terminal showing the prompt for the default transport protocol.
  1. Once done, the script will ask you for your server’s DNS resolver. The easiest and most reliable option is between either Cloudflare or Google DNS. In my case, I will enter “9” to use Google’s DNS service for my OpenVPN server.
A terminal showing the prompt for the default DNS resolver.
  1. Type “N”, then press Enter for both packet compression and custom cipher set for your VPN.
A terminal showing the prompt asking for extra features in the OpenVPN server.
  1. Press Enter to start the installation and setup process.
A terminal that showing the confirmation prompt for the installer.
  1. Once the script is done installing, it will ask for the name of your first client machine.
A terminal showing a prompt for the first VPN client in the network.
  1. It will also ask if you want to include a custom password for your client. Type “1”, then press Enter to disable it.
A terminal showing a prompt for a password-protected setup.
  1. This should generate a client file (in this case, maketecheasier.ovpn) in the root directory.

Tip: Learn how you can participate in a new way of internet routing by installing Yggdrasil on Linux.

Connecting to Your OpenVPN Server From Linux

With your server up and running, you can now start setting up your local client to connect to the server via OpenVPN. To do this, you need to install OpenVPN and use either your system’s built-in settings page or OpenVPN’s.

  1. Download the .ovpn file from your remote server’s home directory. You can do this either by using an FTP client or running the scp command:
scp user@your.server.ip.address:/home/$USER/maketecheasier.ovpn /home/$USER/
  1. Go to your distribution’s application launcher menu and search for “Settings.”
A screenshot showing the Settings program in Ubuntu.
  1. Click the “Network” category on the application’s left sidebar.
A screenshot showing a highlight of the Network category on the GNOME settings application.
  1. Click the “+” icon beside the “VPN” category.
A screenshot showing the button for adding a new VPN connection.
  1. Click the “Import from file…” option.
A screenshot showing the process of importing an OpenVPN file in Ubuntu.
  1. Select the .ovpn file from your system’s file picker then click “Open.”
  1. Double-check if the details of your OpenVPN server are correct, then press “Add.”
A screenshot showing the details of the OpenVPN server.

That’s it. You can easily connect to your OpenVPN server from the taskbar now.

Connecting to Your OpenVPN Server From Windows

  1. To connect a Windows machine to your OpenVPN server, download the client from the developer’s website.
  1. Run the client installer then click “Next” to start the installation process.
  1. Tick the “I accept the terms in the License Agreement” checkbox, then click “Next.”
A screenshot showing the License Agreement for the OpenVPN Windows client.
  1. Click “Install”, then “Yes” to the Windows UAC prompt.
A screenshot showing the installation process for the OpenVPN Windows client.
  1. Once installed, click “Agree” on the OpenVPN Connect Data Collection prompt.
A screenshot showing the Data Collection Policy agreement screen for OpenVPN.
  1. Click the “Upload File” tab, then click “Browse.”
A screenshot showing the Browse button for the OpenVPN client.
  1. Select your .ovpn file then click “Open.”
A screenshot showing the file picker box for the ovpn file.
  1. Verify the details of your OpenVPN server, then click “Connect.”
A screenshot showing the details of the OpenVPN server.

Connecting to Your OpenVPN Server From Mac

  1. Download and install the OpenVPN client for Mac.
  2. Depending on your Mac type, select the appropriate option.
A screenshot showing the two different binaries for OpenVPN in Mac.
  1. Accept the License Agreement for the client software, then click “Continue.”
A screenshot showing the License Agreement prompt for the OpenVPN client.
  1. Click “Install” to start the installation process.
A screenshot showing the installation process for the OpenVPN client in Mac.
  1. Open the Launchpad then select the “OpenVPN Connect” icon.
A screenshot showing the OpenVPN client in the Launchpad.
  1. Click “Agree” on the OpenVPN Data Collection prompt.
A screenshot showing the Data Collection policy of the OpenVPN Client.
  1. Click the “Upload File” tab.
A screenshot highlighting the Upload File tab for the OpenVPN client.
  1. After that, click “Browse” and select your .ovpn file from the file picker prompt.
A screenshot highlighting the "Browse" button for the OpenVPN client.
  1. Verify the details of your OpenVPN server then click “Connect.”
A screenshot showing the OpenVPN server's details.

Do you know: you can also use Tunnelblick on your Mac as an alternative Openvpn client?

Adding a New Client to the OpenVPN Server

While OpenVPN works seamlessly between a server and a single client, there are instances where you want to share your VPN tunnel with multiple machines at once. This can be useful if you want to ensure that your outbound connections will always come from a single IP address.

  1. Run the installer script again:
sudo ./openvpn-install.sh
  1. Type “1”, then press Enter.
A terminal showing the post-installation prompt for the installer script.
  1. Provide a name for your new client. In my case, I named it as “maketecheasier-2.”
A terminal showing the prompt for the new VPN client.
  1. Type “1”, then press Enter to disable any password checks for your client.
A terminal prompt showing the password protection scheme for the new client.

This will generate a new maketecheasier-2.ovpn file. You can distribute this .ovpn file to the client that you want to connect to the network.

Remove Clients from OpenVPN

Aside from setting up an OpenVPN cluster, the installation script can also remove existing clients from your private network.

  1. Run the installer script:
sudo ./openvpn-install.sh
  1. Type “2”, then press Enter.
  2. Select the index number of the client that you want to remove from the server’s allowed clients list. In my case, I will type “2”, then press Enter.
A terminal showing the client config removal process on the VPN server.

Good to know: Tailscale is a VPN utility that allows you to create your own personal network. Learn how to start an intranet by installing Tailscale on Linux.

Remove OpenVPN from your Server

  1. Run the installer script:
sudo ./openvpn-install.sh
  1. Type “3”, then press Enter.

The script will then remove OpenVPN from your server.

Frequently Asked Questions

Is it possible to port forward a machine using OpenVPN?

No, OpenVPN does not allow an external machine to make an incoming connection to any system inside an OpenVPN cluster. One way to get around this issue is to either port forward your machine directly from your home network or use a dynamic DNS solution.

Do I lose my external IP address when I use OpenVPN?

No. You do not lose your machine’s original IP address when you use OpenVPN. The VPN only serves as a gateway between your local machine and the internet.

Is it possible to use multiple OpenVPN configurations in a single system?

Yes. To do this, you need to make sure that your second configuration file uses a different name than your original OpenVPN client file. For example, running sudo cp ./maketecheasier-new.ovpn /etc/openvpn/client-2.conf will ensure that your new file will not overwrite the original one.

Next, you also need to disable the original client unit file: sudo systemctl disable --now openvpn@client.service and enable the new one: sudo systemctl enable --now openvpn@client-2.service.

Image credit: Anthony Choren via Unsplash (Background) and Wikimedia Commons (Logo). All alterations and screenshots by Ramces Red.

Is this post useful?
Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Ramces Red
Ramces Red - Staff Writer

Ramces is a technology writer that lived with computers all his life. A prolific reader and a student of Anthropology, he is an eccentric character that writes articles about Linux and anything *nix.