Sign in Subscribe
Web Hosting Articles

A Guide to Setting Up a Virtual Private Network (VPN) Server on Your Dedicated Server

A Guide to Setting Up a Virtual Private Network (VPN) Server on Your Dedicated Server

Setting up a Virtual Private Network (VPN) server on a dedicated server allows you to securely access your network resources or browse the internet privately from anywhere in the world. Below is a step-by-step guide to help you set up a VPN server on your dedicated server:

Prerequisites:

  1. Dedicated Server: You should have access to a dedicated server. Make sure it has a static public IP address.
  2. Operating System: This guide assumes you're using a Linux-based operating system. If you're using Windows, the steps will be different.
  3. Root Access: You need root or administrative access to the server.

Step 1: Connect to Your Server

Use an SSH client like PuTTY (Windows) or the terminal (Linux/Mac) to connect to your server.

bashCopy codessh root@your_server_ip

Step 2: Update the System

Update the system to ensure you have the latest software and security updates.

bashCopy codeapt update
apt upgrade

Step 3: Install OpenVPN

OpenVPN is a popular open-source VPN server.

bashCopy codeapt install openvpn

Step 4: Configure OpenVPN

Generate the necessary certificates and keys.

bashCopy codecp -r /usr/share/easy-rsa /etc/openvpn
cd /etc/openvpn/easy-rsa/3

Edit the vars file:

bashCopy codenano vars

Find the lines starting with export KEY_ and modify them to your preference (optional).

bashCopy codeexport KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="MyOrg"
export KEY_EMAIL="admin@myorg.com"

Save and exit the editor.

Step 5: Initialize PKI (Public Key Infrastructure)

bashCopy code./easyrsa init-pki
./easyrsa build-ca
./easyrsa gen-dh
./easyrsa gen-crl
./easyrsa gen-req server nopass
./easyrsa sign-req server server

Step 6: Generate Keys and Certificates for Clients

bashCopy code./easyrsa gen-req client1 nopass
./easyrsa sign-req client client1

Repeat the above two commands for each client, replacing client1 with unique client names.

Step 7: Create Server Configuration File

bashCopy codecp /usr/share/doc/openvpn/examples/sample-config-files/server.conf /etc/openvpn/
nano /etc/openvpn/server.conf

Edit the configuration file. Make sure to uncomment and modify lines as follows:

  • Set port and proto to your preference.
  • Set cert and key paths to the server's certificates.
  • Set dh and crl-verify paths.

Step 8: Enable IP Forwarding

bashCopy codeecho 1 > /proc/sys/net/ipv4/ip_forward

Step 9: Configure Network Address Translation (NAT)

bashCopy codeiptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Step 10: Start and Enable OpenVPN

bashCopy codesystemctl start openvpn@server
systemctl enable openvpn@server

Step 11: Generate Client Configuration Files

bashCopy codecd /etc/openvpn/easy-rsa/3
cp pki/private/client1.key pki/issued/client1.crt pki/ca.crt /etc/openvpn/

Step 12: Secure Your Configuration

bashCopy codechmod 600 /etc/openvpn/*.key

Step 13: Transfer Client Configurations

Transfer the client1.key, client1.crt, ca.crt, and a sample client configuration file (e.g., client.ovpn) to your client devices.

Step 14: Connect to the VPN

Use a VPN client to connect to your server using the provided configuration files.

Congratulations! You've successfully set up a VPN server on your dedicated server. Remember to follow security best practices and regularly update your system and VPN server software.

Read next