Douglas Crawford

Douglas Crawford

October 24, 2014

Part 1 – the basics

In addition to using third party VPN providers, we have shown you how to turn your own PC into an OpenVPN server using free Hamachi and Privoxy software. Another popular VPN option is to rent a VPS, and run that as a VPN server.

A Virtual Private Server (VPS) is more or less exactly what it sounds like – you rent some of the resources on a physical server run by a VPS company, which provides a closed environment that acts as if it was a complete physical remote server. You can install any operating system on a VPS (as long as the provider allows it), and basically treat the VPS as your own personal remote server.

In Part 1 (basics) of this tutorial we will show you how to install OpenVPN Access Server software onto a VPS running CentOS 6 (a popular Linux distribution offered pre-installed by most VPS providers), and how to connect to it using the OpenVPN Connect client.

In Part 2 (advanced) we will show you how to build OpenVPN certificates so that peers can securely authenticate with each other, and you can connect to the server using the regular OpenVPN client. We will also explain how to change the encryption ciphers used.

Advantages of VPN on a VPS

  • Acts as a proxy server, so great for accessing georestricted services as long the VPS is located in the country you wish to access the services from
  • The VPS provides a private IP address, so the IP address will not be blocked by services such as Hulu, or by most firewalls. This makes it a great anti-censorship option (and will work against IP blocks in China, although will not defend against other censorship measures such as packet sniffing)
  • All traffic between your computer and the VPS goes through an encrypted VPN tunnel. As long as the VPS is located outside an adversary’s area of influence (for example if someone in Iran wishes to evade government censorship and so sets up a VPS server located in Europe) it will provide a high degree of privacy
  • VPN on VPS also protects against hackers when using public WiFi hotspots
  • Can be cheaper than VPN.

Disadvantages

  • Because the VPS provides a static IP address that belongs to you, a global adversary (such as the NSA or police forces with an international reach) can easily trace internet activity back to you
  • Not suitable for copyright piracy – copyright holders will send DMCA notices (and similar) to your VPS provider. Unlike VPN providers who often keep no logs and use shared IPs to shield customers from these, VPS providers almost all take very dim view of piracy, and will likely shut down your account (and very possibly pass on your details to the copyright holder)
  • Not for the technically fainthearted – we hope to make the setup process as painless as possible with these tutorials, but it does require a reasonable degree of technical know-how, and will require getting our hands dirty with a command line.

What you will need

  1. A VPS server with CentOS 6 (32- or 64-bit) installed, and a minimum of 218MB RAM. We may review suitable VPS services in the future, but for this tutorial we have chosen VPSCheap.net – mainly because it offers VPS plans from $1.99 per month
  2. An SSH client – OSX and Linux users have one already, in the form of Terminal. Windows users can download the excellent PuTTY (which we use for this demo).

Installing OpenVPN Access Server on the VPS

1. Open your SSH client and connect to your VPS server using the IP address supplied by your VPS provider.

putty 1Terminal users should enter ssh -l user ip.address and enter your details when you get the response:

ip.address/
/username
/

2. Login as root and enter the password you were given by your VPS provider. Note that in PuTTY the typed password remains hidden, so just type it and hit enter.

putty 23. Before proceeding you should check that tap/tun is enabled. Enter cat /dev/net/tun (in PuTTY you can paste by right-clicking).

If tap/tun is enabled you should receive the response: cat: /dev/net/tun: File descriptor in bad state

putty 3Any other response means that tap/tun is not enabled. We had to login to our VPS account control panel to enable it.

4. Next we need to download the OpenVPN Server Access package. Enter:

wget http://swupdate.openvpn.org/as/openvpn-as-2.1.4-CentOS6.i386.rpm (CentOS 6 32-bit) or

wget http://swupdate.openvpn.org/as/openvpn-as-2.1.4-CentOS6.x86_64.rpm(CentOS 6 64-bit)

Note that these links may change as the OpenVPN software gets updated. Please see the official OpenVPN CentOS downloads page for the latest links.

You should see the response pictured below.

putty 45. We now need to install the package using the ‘rpm’ command. Check the line that says ‘Saving to’ (see arrow in screenshot above) to verify package name, and enter:

rpm -i package name

e.g. rpm -i openvpnas-1.8.5-1.centos6 x86_64.rpm

putty 5The output should look as shown above. Make a note of the Admin UI address and Client UI addresses – you will need them in a minute!

6. Setup a password. Enter passwd openvpn, and whatever password you want at the prompt (and again to confirm it).

putty 6Oops – our password is not very strong, but it will do for now!

7. Paste the Admin UI address into your web browser (from step 5 above), and enter Username: ‘openvpn’ and whatever password you selected into the Admin Login (you may need to ‘Agree to end User License Agreement’ the first time you login).

openvpn 18. You should now see the OpenVPN Access Server configuration page.

Openvpn installedCongratulations, you have installed OpenVPN Server Access on your VPS!

Connecting to your VPS using OpenVPN Connect

We now need to setup OpenVPN at your end. OpenVPN Connect is a VPN client that creates a simple OpenVPN connection between your PC and the VPS server, without the need for certificate authentication.

By default, the connection is protected by 128-bit Blowfish Cipher-Block Chaining (BF-CBC) encryption. The Blowfish cipher was created by Bruce Schneier, who has since recommended switching to stronger standards such as AES. However, for most purposes it is fine (and in part two of this tutorial we show you how to change encryption ciphers.)

1. Paste the Client UI address into your web browser (from step 5 above), ensure that ‘Connect’ is selected from the dropdown menu, and enter your Username (‘openvpn’) and password.

openvpn client login2. You will be prompted to download the OpenVPN Connect client…

openvpn client login 2The correct client for your OS should download automatically. If this does not happen for any reason, reload the page and you will be offered a choice of OpenVPN connect clients (including for iOS and Android.)

openvpn connect clients3. Install and run OpenVPN Connect as normal, then click the OpenVPN Connect icon in the notification bar and select ‘Connect to your Client UI address’

OpenVPN Connect 14. Enter your username (openvpn) and password.

openvpn connect 25. Click ‘Yes’ at the warning (you need do this only once).

openvpn connect 36. And yay! You are now connected to your VPS via OpenVPN.

openvpn connect 4The OpenVPN connect icon turns green so you can see whether you are connected at a glance

We popped along to ipleak.net to test everything was working properly, and our IP address appears to be that of our VPS. Yay!

ip checkFor causal users and most situations this simple OpenVPN connection should be more than enough.

Once you are finished here, check out Part 2 of this tutorial, in which we learn how to add other users, and improve security by changing the encryption cipher and building our own OpenVPN certificates.

Douglas Crawford
April 25th, 2018

I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. You can now follow me on Twitter - @douglasjcrawf.

108 responses to “How to roll your own OpenVPN server on a VPS using CentOS 6

  1. hi,
    this is a good tutorial,
    but can you help me ? i try follow this tutorial and when i get the url then i try with browser for admin but the result is unable to connect in my browser.
    can you tell me what’s the problem ?
    thank you

    1. Hi jon,

      Hmm. If you are seeing “Access Server web UIs are available here:” then you should be able to the admin page. Have you tried using a different browser (or even a different device)?

  2. Hi, sorry to ask about this here. If you don’t want to set your own private vpn server you can buy a VPS in a country where you want to appear you are living. (In my case I am looking for an UK one) I want to avoid identification of my IP address as a VPN/Proxy address. Can anyone give me advice about a an effective paying VPS service? Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *