OpenVPN is a powerful open-source solution for creating a private VPN server. In this guide, we’ve walked through the process of installing and configuring an OpenVPN server on DigitalOcean’s cloud service. With an OpenVPN server, you can secure your internet connection and securely access a virtual private network from anywhere.
Step 1: Create a Droplet on DigitalOcean
- Visit the DigitalOcean website and log in to your account or create a new one.
- Once logged in, click on “Create Droplet” to create a new virtual machine.
- In the Droplet creation interface:
- Choose the Linux operating system you want to use (e.g., Ubuntu 20.04 LTS).
- Select the Droplet type based on your needs.
- Choose a Data Center Region near you.
- Enable the “Private Networking” option if you want to activate private connections between your Droplets.
- Below, you can add optimization options for your Droplet, but it’s not necessary for this purpose.
- Click “Create Droplet” at the bottom of the page to create the new Droplet. DigitalOcean will create the server and email you the login information.
Step 2: Access the Droplet and Update the OS
- Use SSH to access your Droplet. Use the public IP address of your Droplet and the SSH key (if used) for authentication:ssh root@your_droplet_ip
- Once logged in, update the operating system with the following commands: apt update apt upgrade
Step 3: Install OpenVPN
- Install the necessary packages for OpenVPN with the following command:apt install openvpn easy-rsa
- Copy the sample configuration files for Easy-RSA: make-cadir ~/openvpn-ca cd ~/openvpn-ca
- Set up environment variables for Easy-RSA:source vars
- Initialize the Certificate Authority (CA) and create a series of certificates and security keys: ./clean-all ./build-ca
- Create private keys and certificates for the OpenVPN server:./build-key-server server
- Copy the sample configuration files for the server:openvpn –genkey –secret keys/ta.key
Step 4: Configure OpenVPN Server
Create a configuration file for the OpenVPN server. You can use the following sample configuration as a starting point (server.conf):
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
Step 5: Start OpenVPN Service
Start the OpenVPN service using the following command:
systemctl start openvpn-server@server.service
Enable OpenVPN to start on boot:
systemctl enable openvpn-server@server.service
Conclusion
By following the steps outlined in this guide, you’ve successfully set up an OpenVPN server on DigitalOcean. This server allows you to create a secure and private VPN, giving you the ability to protect your internet connection and access a virtual private network from anywhere. You can now further configure your OpenVPN server and connect to it from your devices to enjoy a secure online experience.