Setting Up an OpenVPN Server on DigitalOcean

Posted by Asia VPN on September 09, 2023 · 3 mins read

Setting Up an OpenVPN Server on DigitalOcean

OpenVPN is a powerful open-source solution for creating a private VPN server. In this guide, we've walked through the process of installing and configuring an OpenVPN server on DigitalOcean's cloud service. With an OpenVPN server, you can secure your internet connection and securely access a virtual private network from anywhere.

Step 1: Create a Droplet on DigitalOcean

  1. Visit the DigitalOcean website and log in to your account or create a new one.
  2. Once logged in, click on "Create Droplet" to create a new virtual machine.
  3. In the Droplet creation interface:
    • Choose the Linux operating system you want to use (e.g., Ubuntu 20.04 LTS).
    • Select the Droplet type based on your needs.
    • Choose a Data Center Region near you.
    • Enable the "Private Networking" option if you want to activate private connections between your Droplets.
  4. Below, you can add optimization options for your Droplet, but it's not necessary for this purpose.
  5. Click "Create Droplet" at the bottom of the page to create the new Droplet. DigitalOcean will create the server and email you the login information.

Step 2: Access the Droplet and Update the OS

  1. Use SSH to access your Droplet. Use the public IP address of your Droplet and the SSH key (if used) for authentication: 
    ssh root@your_droplet_ip
  2. Once logged in, update the operating system with the following commands: 
            apt update
        apt upgrade

Step 3: Install OpenVPN

  1. Install the necessary packages for OpenVPN with the following command: 
    apt install openvpn easy-rsa
  2. Copy the sample configuration files for Easy-RSA: 
            make-cadir ~/openvpn-ca
        cd ~/openvpn-ca
  3. Set up environment variables for Easy-RSA: 
    source vars
  4. Initialize the Certificate Authority (CA) and create a series of certificates and security keys: 
            ./clean-all
        ./build-ca
  5. Create private keys and certificates for the OpenVPN server: 
    ./build-key-server server
  6. Copy the sample configuration files for the server: 
    openvpn --genkey --secret keys/ta.key

Step 4: Configure OpenVPN Server

Create a configuration file for the OpenVPN server. You can use the following sample configuration as a starting point (server.conf): 

        proto udp
        dev tun
        ca /etc/openvpn/easy-rsa/keys/ca.crt
        cert /etc/openvpn/easy-rsa/keys/server.crt
        key /etc/openvpn/easy-rsa/keys/server.key
        dh /etc/openvpn/easy-rsa/keys/dh2048.pem
        server 10.8.0.0 255.255.255.0
        ifconfig-pool-persist ipp.txt
        push "redirect-gateway def1 bypass-dhcp"
        push "dhcp-option DNS 8.8.8.8"
        push "dhcp-option DNS 8.8.4.4"
        keepalive 10 120
        tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
        cipher AES-256-CBC
        comp-lzo
        user nobody
        group nogroup
        persist-key
        persist-tun
        status openvpn-status.log
        verb 3

Step 5: Start OpenVPN Service

Start the OpenVPN service using the following command:

        systemctl start openvpn-server@server.service

Enable OpenVPN to start on boot:

        systemctl enable openvpn-server@server.service

Conclusion

By following the steps outlined in this guide, you've successfully set up an OpenVPN server on DigitalOcean. This server allows you to create a secure and private VPN, giving you the ability to protect your internet connection and access a virtual private network from anywhere. You can now further configure your OpenVPN server and connect to it from your devices to enjoy a secure online experience.

← Previous Post Next Post