This document is a WORK IN PROGRESS.
This is just a quick personal cheat sheet: treat its contents with caution!
OpenVPN (Open Virtual Private Network) is software that enables the creation of secure point to point (or site to site) connections.
Table of contents¶
A correct kernel config is needed:
After configuring the kernel don't forget to do a kernel make and rebuild!
openvpn-install script will let you setup your
own OpenVPN server in just a few seconds, with a state-of-the-art security configuration.
openvpn-install script is
based on the work of the
Angristan's script try to have a enhanced security, but is compatible with recent
distributions only. So, if using an old server or client, the
Nyr's script is better suited.
- This script only support the following architectures and distros (and distros versions): https://github.com/Angristan/OpenVPN-install#compatibility.
- This script requires SystemD.
- This script is regularly tested against AMD64 only.
First, get the script, make it executable and run it:
Then, follow the assistant and answer a few questions to setup the VPN server.
At the end, you will be asked for a client name: enter it (a passwordless client is OK). The associated configuration file will be located in your home directory:
openvpn-installfor the first time, you can run the script again, and you will get the choice to:
- Add a client
- Remove a client
- Uninstall OpenVPN
Optionally, you can disable OpenVPN logs:
The client should retrieve the
.ovpn file, e.g. with
Run OpenVPN client side, in order to route all internet traffic through the OpenVPN server:
Run OpenVPN client side, in order to only route the traffic of some applications through the OpenVPN server: see
After setting up your VPN connection for the first time, you might want to check for DNS leaks. In order to do this, Go to https://www.browserleaks.com or https://www.ipleak.net (both perform IPv4 and IPv6 check) with your browser. Only your server IP address should show up (test without and without the VPN), not your client IP address. The DNS servers should be the ones you selected during the setup, not your client IP address nor your ISP's DNS servers' addresses.
If this cheat sheet has been useful to you, then please consider leaving a star here.