Setting up an OpenVPN server for private VPN use is quick and easy with RamNode. This guide will walk you through running a simple installer to install OpenVPN server, connect it to your private Cloud network, and connect your first client. The entire setup should take less than five minutes!
Launch an Instance
The first thing you need to do of course is to launch an instance for OpenVPN. For a decent amount of users, you’ll need up to 2Gb of RAM (a 1Gb or 2 Gb instance is fine), and Ubuntu 24 or newer as the base operating system. See this KB article for information on launching an instance from your Cloud panel:
https://clientarea.ramnode.com/knowledgebase/4182/How-to-Create-a-Cloud-VPS-or-Instance.html
You’ll want to make a note of your public IPv4 address. Most users prefer to connect to the VPN via a hostname instead of an IP, so if desired, create a hostname for your VPN and assign it your public IPv4 address. For example:
vpn.yourdomain.com
Install OpenVPN Server
While you can of course install OpenVPN manually, generate your certificates, and manually create your client keys, such setup can be confusing for new users and take several hours to complete. For the purpose of a quick and easy setup, we’ll use an installation script available via Github:
https://github.com/angristan/openvpn-install
SSH into your instance as the root user, download the installer, and run it:
git clone https://github.com/angristan/openvpn-install.git cd openvpn-install openvpn-install.sh /usr/local/bin/openvpn-admin chmod 700 /usr/local/bin/openvpn-admin
The openvpn-admin script is used to install the OpenVPN server, and to manage it going forward.
Run the Installer
Run the command:
openvpn-admin
You’ll be prompted to provide some information. Usually the defaults are fine, but we’ll go through some of the options here.
IP Address
Use the server’s public IPv4 IP address.
Public IPv4 address or hostname
This is used for client connections. Use either the public IPv4 IP address, or the hostname you created earlier.
Do you want to enable IPv6 support (NAT)?
Select [y] if you want to enable IPv6 support (recommended)
What port do you want OpenVPN to listen to?
Use default port 1194 unless you need OpenVPN to run on a different port
What protocol do you want OpenVPN to use?
Use UDP, unless you need TCP.
What DNS resolvers do you want to use with the VPN?’
Choose which DNS resolvers you want to use. The most common ones are Google and OpenDNS.
Do you want to use compression?
Select [n]
Customize encryption settings?
Select [n] unless you are an advanced user and want to configure the encryption settings yourself. Otherwise, the defaults are fine.
At this point you’ll press any key to continue, and the OpenVPN server will be set up for you. At the end you’ll be prompted to create your first user. Go ahead and hit Ctrl+c to exit the script at this point, as we are not ready to create a new user yet.
Connect the VPN to Private Network
If your VPN is going to be used to connect to your Cloud’s private network, there are additional steps that need to be done.
In an editor, open up /etc/openvpn/server.conf and add the following line:
push “route 10.24.0.0/16 255.255.0.0”
This should reflect the private IPv4 network of the instance itself, which is visible via the ip a command. This is the same private IP that is listed for the instance in your Cloud control panel. Make sure you are using the network (10.x.0.0) and NOT the IP itself.
After making this change, save the file and restart OpenVPN:
systemctl restart openvpn
Now in the client template, we need to tell the client to route that network through the VPN. Open up /etc/openvpn/client-template.txt and add the following line:
route 10.24.0.0 255.255.0.0
Save the file and exit.
Now run the following commands to allow clients on the VPN to access external networks:
iptables -t nat -A POSTROUTING -s 10.24.0.0/24 -o ens3 -j MASQUERADE iptables-save
Again, make sure you are using the private IP network of your instance, and the primary Ethernet device (which is usually ens3, but in some regions could be ens1, eth1, or eth0)
Create OpenVPN Clients
Now you are ready to create your client configuration files. These files are used by the OpenVPN client (or native VPN client if you are on Linux) to connect to the VPN.
Run the openvpn-admin command again:
openvpn-admin
Select option (1) to “Add a new User”
Client name
Enter the username of the client
Do you want to protect the configuration file with a password?
It is recommended, for security, that each user have a password. Select whether or not you want this user to connect with a password. You’ll be asked to enter the password in the next question.
When the setup is completed, you’ll be presented with output telling you where to find the client configuration file, which will usually be in the /root folder. Copy and paste the full contents of this file into a text file to provide to the end user.
Note: Each user needs its own configuration file!
Connecting to the VPN
In the previous step, you created a client configuration file. Now it’s time to connect to the VPN.
Windows and Mac
Download the appropriate VPN client installer from here:
Once installed, you can import the client configuration file and immediately connect.
Linux Desktop
Many distributions include native support for connecting to an OpenVPN server. For example, on Ubuntu Desktop you can go into your VPN settings from the upper-right-hand network menu, Add a new VPN, then import the .ovpn file you created.
Linux Command Line
In cases where you might need to connect a remote server to the VPN , you can use the openvpn client to connect. First install OpenVPN itself:
apt install openvpn
Or on Redhat flavors:
yum install openvpn
Then use the client to connect:
openvpn /path/to/configuration.ovpn
At this point your OpenVPN server is up and running, and you’re able to get clients connected.