Overview
Setting up your own VPN (Virtual Private Network) server provides secure, encrypted access to your network from anywhere. This step-by-step guide will walk you through installing and configuring OpenVPN on a Linux server in just minutes using an automated setup script.
Prerequisites
You’ll need the following to get started:
- A VPS (Virtual Private Server) with a public IP address
- Linux distribution (Ubuntu 20.04 LTS recommended, works with Debian-based distros)
- SSH access to your server with root or sudo privileges
- curl installed on your server (usually pre-installed)
Tip (Why Your Own VPN?)
Running your own VPN gives you complete control over encryption, logging policies, and server location — unlike commercial VPN providers where you must trust the operator.
The Setup Process
We’ll use the angristan/openvpn-install script, an automated setup tool that configures OpenVPN server and creates client certificates in seconds. This eliminates manual certificate generation and configuration file editing.
Step 1: Download and Prepare the Script
SSH into your server and download the installation script:
curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.shMake the script executable:
chmod +x openvpn-install.shRun the script with sudo privileges:
sudo ./openvpn-install.shStep 2: Configure the VPN Server
The script will prompt you with several configuration questions. Here’s what each option controls:
IP Address Selection
IP address: XXX.XX.XX.XXXThe script auto-detects your VPS’s public IP address. Verify this is correct — this IP is how clients will connect to your VPN server.
Warning
If you see a private IP (e.g., 192.168.x.x or 10.x.x.x), your VPS may not have a public IP. Contact your provider or check your network configuration.
IPv6 Support
Do you want to enable IPv6 support (NAT)? [y/n]: nRecommendation: Enter n unless you specifically need IPv6. Most users should disable it for simpler firewall rules and wider compatibility with older networks.
Port Selection
Which port do you want OpenVPN to listen to? 1) Default: 1194 2) Custom 3) Random [49152-65535]Port choice [1-3]: 1Options explained:
- Default (1194): Standard OpenVPN port; works in most networks but may be blocked by restrictive firewalls
- Custom: Choose your own port (e.g., 443 for HTTPS-like obfuscation)
- Random: Generate a random high port; better obfuscation from ISPs
Tip
If you’re behind a restrictive corporate firewall, port 443 (HTTPS) often gets better network access than 1194.
Protocol Selection
What protocol do you want OpenVPN to use?UDP is faster. Unless it is not available, you shouldn't use TCP. 1) UDP 2) TCPProtocol [1-2]: 1Recommendation: Choose UDP (option 1) for better speed and lower latency. Use TCP only if your network actively blocks UDP traffic.
DNS Resolver Selection
What DNS resolvers do you want to use with the VPN? 1) Current system resolvers (from /etc/resolv.conf) 2) Self-hosted DNS Resolver (Unbound) 3) Cloudflare (Anycast: worldwide) 4) Quad9 (Anycast: worldwide) 5) Quad9 uncensored (Anycast: worldwide) 6) FDN (France) 7) DNS.WATCH (Germany) 8) OpenDNS (Anycast: worldwide) 9) Google (Anycast: worldwide) 10) Yandex Basic (Russia) 11) AdGuard DNS (Anycast: worldwide) 12) NextDNS (Anycast: worldwide) 13) CustomDNS [1-12]: 3Recommendation: Choose Cloudflare (option 3) for privacy and speed. Options 4-5 (Quad9) are excellent for privacy with malware blocking. Avoid your ISP’s DNS (option 1) — it defeats VPN privacy.
Compression Setting
Do you want to use compression? It is not recommended since the VORACLE attack make use of it.Enable compression? [y/n]: nRecommendation: Enter n. Compression is disabled by default for security — it’s vulnerable to the VORACLE timing attack that can leak data even when encrypted.
Encryption Settings
Customize encryption settings? [y/n]: nRecommendation: Enter n to use the script’s default, production-ready encryption settings. Modern defaults use AES-256-GCM which is both secure and performant.
Press Enter to proceed with installation. The script will now compile and configure your OpenVPN server (this may take 2-5 minutes).
Note
The installation process handles certificate generation, key creation, and server configuration automatically. No manual setup required!
Step 3: Create Your First VPN Client
Once server installation completes, the script prompts you to create a client certificate. This generates the .ovpn file you’ll use to connect.
Client Name
Client Name: swiftionvpnChoose a descriptive name for this client (e.g., “laptop”, “phone”, “home”). You can create additional clients later using the same script.
Password Protection
Do you want to protect the configuration file with a password?(e.g. encrypt the private key with a password) 1) Add a passwordless client 2) Use a password for the clientSelect an option [1-2]: 1Recommendation: Choose option 2 (Use a password) for enhanced security. You’ll enter this password each time you connect to the VPN, protecting your private key if the .ovpn file is lost or stolen.
If you choose password protection, the script will prompt you to set a password — remember this for future connections!
Once complete, your client configuration file is ready in /home/username/clientname.ovpn.
Step 4: Download the Client Configuration
Download the .ovpn file to your local machine using SCP (Secure Copy):
scp username@ipaddress:/home/username/swiftionvpn.ovpn swiftionvpn.ovpnReplace:
username— Your VPS login usernameipaddress— Your VPS public IP addressswiftionvpn.ovpn— The client name you created
The file will be saved to your current directory.
Tip (Securing the Config File)
Treat your .ovpn file like a password. It contains your private key and server connection details. Store it in a secure location, and consider setting folder permissions: chmod 600 swiftionvpn.ovpn
Step 5: Connect to Your VPN
Installing OpenVPN Client
Download and install the OpenVPN client for your operating system:
- Windows: https://openvpn.net/download-open-vpn/
- macOS: https://openvpn.net/download-open-vpn/ or
brew install openvpn - Linux:
sudo apt install openvpn(Debian/Ubuntu) - iOS/Android: Search “OpenVPN Connect” in your app store
Importing the Configuration
- Open OpenVPN client
- Select “Import Profile” or “Add File”
- Choose the
swiftionvpn.ovpnfile you downloaded - The VPN connection will appear in your list
Connecting
Click the connection to establish the tunnel. If you set a password, you’ll be prompted to enter it (or your client name if passwordless).
Note
You’re now connected! All traffic routes through your encrypted VPN tunnel. Verify your new IP address at https://whatismyipaddress.com
You’re now connected! All traffic routes through your encrypted VPN tunnel. Verify your new IP address at https://whatismyipaddress.com
Managing Additional Clients
To add more VPN clients (phone, laptop, etc.), re-run the installation script:
sudo ./openvpn-install.shSelect “Add a new user” and follow the prompts. This creates additional .ovpn files without reconfiguring the server.
Troubleshooting Common Issues
Problem (Connection Refused)
Ensure the VPS firewall allows traffic on your chosen port. Check with: sudo ufw status (if using UFW firewall).
Problem (Slow Connection Speed)
Switch to UDP protocol if using TCP. UDP is significantly faster for most users.
Problem (DNS Leaks)
Your ISP’s DNS may bypass the tunnel. Use a DNS leak tester (https://www.dnsleaktest.com/) to verify. If leaking, restart the OpenVPN client or change DNS providers in server settings.
Security Best Practices
- Firewall: Only expose port 1194 (or your chosen port) to the internet
- Updates: Keep your VPS updated:
sudo apt update && sudo apt upgrade - Monitor connections: Run
sudo ./openvpn-install.shand select “Show active connections” to audit who’s connected - Revoke clients: Re-run the script and select “Revoke a user” if a client is compromised
Conclusion
You now have a fully functional, encrypted VPN server that you control. Enjoy secure, private browsing from anywhere in the world!