OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the fundamental premise that complexity is the enemy of security, OpenVPN offers a cost-effective, lightweight alternative to other VPN technologies that is well-adapted for the SME and enterprise markets.
OpenVPN provides flexible VPN solutions to secure your data communications, whether it's for Internet privacy, remote access for employees, securing IoT, or for networking Cloud data centers. Our VPN Server software solution can be deployed on-premises using standard servers or virtual appliances, or on the cloud.
Using Ubuntu 20.04, I installed OpenVPN on an inexpensive $3.50/mo Vultr server with 512 MB RAM, 1 vCore and 10 GB SSD. It works well with multiple connections. I found this comment on DigitalOcean to be fairly accurate:
“Openvpn does not use a ton of memory itself, somewhere around 70mb. Each user connected to this may then use 1-2mb more. Your results may vary but you should be able to get quite a few users on a 512MB droplet acting as a VPN server before you encounter problems.”
1. Download the installer and run the script
Log in to your server and download the installer script using the curl command-line tool, then make it executable using the chmod command as follows.
$ curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
$ chmod +x openvpn-install.sh
Next, run the executable installer script as shown.
$ ./openvpn-install.sh
You need to run the script as root. The first time you run it, you'll have to follow the assistant and answer a few questions to setup your VPN server. You can press enter to each of the questions to accept the default settings (although I chose to use Google as the DNS resolver). You will also be asked to enter a name for your first client along with an optional password. When finished, you will see output similar to below:
The configuration file has been written to /home/root/yourclient.ovpn (or /root/yourclient.ovpn).
Download the .ovpn file and import it in your OpenVPN client.
2. Confirm and check OpenVPN status
To confirm that the OpenVPN service is up and running, check its status using the following systemctl command:
$ sudo systemctl status openvpn
Confirm that the OpenVPN daemon is listening on the port you instructed the script to use, using the ss command as shown.
$ sudo ss -tupln | grep openvpn
output:
root@Ubuntu20:~# sudo ss -tupln | grep openvpn
udp UNCONN 0 0 *:1194 *:* users:(("openvpn",pid=2560,fd=7))
3. Start the OpenVPN service
Enable the service to automatically start at system boot and check its status to confirm that it’s up and running.
$ sudo systemctl start openvpn
$ sudo systemctl enable openvpn
$ sudo systemctl status openvpn
When OpenVPN is installed, you can run the script again to do the following:
$ ./openvpn-install.sh
Output:
- 1) Add a new user
- 2) Revoke existing user
- 3) Remove OpenVPN
- 4) Exit
Select an option [1-4]:
4. Configuring the client
In your server's home directory, download the .ovpn file(s) referenced in Step 1 above. These are the client configuration files.
You can download the .ovpn
file using scp (the example below downloads the file to your local Downloads
directory if using Windows):
$ scp [email protected]:/root/yourclient.ovpn Downloads
Once downloaded, connect using your favorite OpenVPN client:
- Windows: https://openvpn.net/community-downloads/
- Android: https://play.google.com/store/apps/details?id=de.blinkt.openvpn
- iOS: https://itunes.apple.com/us/app/openvpn-connect/id590379981
Finally, import the file you downloaded from the server into the client and connect.
Note: If you have added multiple client profiles and want to delete one, you can go to C:\Users\"Your user name"\openvpn\config
to do so. https://forums.openvpn.net/viewtopic.php?f=1&t=28819
REFERENCES
https://github.com/angristan/openvpn-install
https://www.tecmint.com/install-openvpn-in-ubuntu/
https://openvpn.net/community-downloads/
https://openvpn.net/vpn-server-resources/openvpn-access-server-system-requirements/
https://community.openvpn.net/openvpn/wiki/OverviewOfOpenvpn
https://play.google.com/store/apps/details?id=de.blinkt.openvpn
https://forum.netgate.com/topic/118733/openvpn-port-use-1194-udp-or-443-tcp/10
https://proprivacy.com/vpn/guides/how-to-hide-openvpn-traffic-an-introduction
https://www.digitalocean.com/community/questions/maximum-users-openvpn-in-512mb-ram
https://www.cyberciti.biz/faq/ubuntu-18-04-lts-set-up-openvpn-server-in-5-minutes/
OpenVPN and the SSL VPNRevolution (Good read)
https://www.sans.org/reading-room/whitepapers/vpns/openvpn-ssl-vpn-revolution-1459
Hosting
This web app has been tested on Vultr and DigitalOcean. This app can also be installed using other hosts such as Amazon AWS, Google Cloud, Microsoft Azure and others.
Minimal Server Requirements
You can install OpenVPN with as little as 256/512GB of RAM for personal or small business needs. OpenVPN advises
“…you should start out with 1GB of memory. You can go lower, but you may or may not run into memory utilization issues later, so we prefer to keep a safety margin. On top of that, our recommendation is that if your users are only accessing resources on your private network, and do not transfer their entire Internet traffic through the server, that you should add about 500 megabytes of memory per 100 connected devices.” – https://openvpn.net/vpn-server-resources/openvpn-access-server-system-requirements/
Installation & Maintenance
If you would like to get this app installed, maintained or need training, Contact Me to get current rates.