How to setup a OpenVPN server with DigitalOcean

In this tutorial, we guide you through the steps that you can follow to set up your own OpenVPN server in less than fifteen minutes for less than $5 a month with DigitalOcean. In this article, we will give you 10$ credit with Digital Ocean so you can start your own VPN for free.

Disclaimer: this article was prepared with a target audience of novice computer users and all the setup steps were adapted in the way, so the inexperienced user can repeat them without significant difficulties. All the steps provided outline a bare minimum for setting up a working OpenVPN server with little to no knowledge in Linux system administration. In the countries with strict censorship, this may be the only option available for users to achieve some anonymity level, as popular VPN providers may be blocked there. We encourage users to seek a professional help with further server security hardening or fallback or use commercially available VPN solutions on the market.

NOTE: “If you are looking for privacy and digital safety, nowadays there is really no need to host your own private server. This is especially true if you are a non-tech person and you feel intimidated by what you will read in this step-by-step guide.

The best VPN connections automatically set OpenVPN protocol on your device and come with several added security features that you cannot have with DigitalOcean. At the end of the day, a VPN subscription is cheaper than setup your own OpenVPN server with DigitalOcean. You can read further details here to understand why a VPN is the best choice for the majority of users.”

But before then, we bring you to speed on what is OpenVPN and why the protocol is the best. We also enlighten you on the best-Paid VPN, its features and characteristics.

OpenVPN is a software application that was written by James Yonan and published under GNU General Public License (GPL). The open software uses Virtual Private Network (VPN) techniques to secure point to point connections in routed configurations.

Why is OpenVPN Highly Recommended?

Simplicity
As you will appreciate later in this guide, OpenVPN is simple to install and configure. In most cases and especially when using DigitalOcean, OpenVPN can be deployed and configured in less than 15 minutes. Another great feature is that you can easily store OpenVPN in a single config/certificate file.

Compatibility
OpenVPN is available on every platform and is compatible with a broad range of devices including Servers, PC’s, Mac, Android, iPhone, and Routers to protect your private network traffic as it transits the internet.

Security
OpenVPN uses highly robust OpenSSL encryption library extensively with up to 1024 bit encryption as well as the TLSv1 protocol and contains many control and security features. It protects your private traffic and can navigate firewalls. You can configure any port for service.

Other high-security features are peer authentication using shared keys and certificates as well as HMAC authentication. OpenVPN is safe and robust to use as it runs in the user space and can run without root privileges.

Reliability
OpenVPN is an open source solution as such; it enjoys the backing of a massive open source community. It has a flexible frame that allows for fast and simple repairs.

OpenVPN is open source, and therefore the source code is available and thus free for modification.

After this brief overview of OpenVPN, we come to the most important part of this guide that you’ve been anxiously waiting for:

How To Setup OpenVPN Server With DigitalOcean In Less Than 15 Minutes

DigitalOcean Logo

Preparation Steps

Step 1: Setup A New Droplet At DigitalOcean with 10$ offered.

  1. First of all, you will need to sign up for DigitalOcean account here:
    https://www.digitalocean.com/ (by using this link you will have your account credited of $10).
  2. After you sign up, you can log in to the droplet management console using the link below and create a new droplet (a server which will run your VPN):
    https://cloud.digitalocean.com/
    DigitalOcean Droplet Console Manager
  3. From the droplet creation page, you can choose which OS it will be running on. We recommend using Ubuntu 16.04 distro:
    DigitalOcean Create Droplet Choose Image
  4. Next, choose the size of the droplet – we find a small droplet size to suffice our purpose:
    Digital Ocean Droplet size option
  5. Then, you can choose the preferred location for your droplet. Please note that the closer the server to you geographically, the faster the connection.
    Digital Ocean Choose Region
  6. Next, you can leave all the other fields with no changes and optionally give a name to your droplet:
    Digital Ocean Naming Droplet
  7. After all fields have been filled, just click the «Create» button and wait a few seconds for server creation. When a server is created you will see it in the list of your droplets:
    DigitalOcean Droplet List
  8. You will also get an email with all the droplet connection details in your inbox:
    DigitalOcean Droplet details email
  9. Make a note of droplet IP address, username, and password. You will need it later.

Step 2: Install Required Software

Now let’s install the required software for VPN configuration and usage. You will only need two additional applications for that:

For PuTTY client, you need to choose the MSI (Windows Installer) file, which is suitable for your PC architecture.

https://openvpn.net/index.php/open-source/downloads.html

putty Download page

putty windows installer

For OpenVPN client, you can simply use Windows installer.

VPN Setup

First, let’s connect to the newly created droplet via PuTTY.

Open the PuTTY program from your Start menu and type in the droplet IP address ( that you got in your email) in the Host Name field and click the Open button.

puTTY insert droplet IP address

You will get the Security Alert pop-up during initial login attempt, just click OK and continue:

puTTY security alert

Enter «root» at a username prompt and the server will ask you to input your current root password (you will find it in the email you received after creating the droplet) and reset it to the new value at initial login:

puTTY reset password

Type in the current root user password you received in your email and then type in a new password you want to set for root account twice, to confirm it.

Note that this will be your VPN server, which holds valuable private information about the resources browsed through the VPN.

So, make sure to think of a very strong password to protect your privacy! Make sure the password is at least 8 characters long, one that contains both upper case and lower case alpha-numeric characters, and at least one special symbol.

Let’s Proceed With Docker And OpenVPN Installation

Type in the commands below in the terminal (right mouse button in PuTTY will paste the contents of your text buffer in the terminal) and then hit enter:

sudo apt-get update; sudo apt-
sudo apt-get install -y linux-image-extra-`uname -r`

sudo apt-key adv – -keyserver hkp://pgp.mit.edu:80 – -recv-keys 58118E89F3A912897C070ADBF76221572C52609D


echo “deb https://apt.dockerproject.org/repo ubuntu-xenial main” | sudo tee /etc/apt/sources.list.d/docker.list

sudo apt-get update; sudo apt-get install -y docker-engine

The above steps will install Docker on your droplet.

Let’s Proceed With OpenVPN Server Installation And Setup

We are going to use kylemanna/docker-openvpn docker file, as the most straightforward in setup:

OVPN_DATA=”ovpn-data”
docker run -v $OVPN_DATA:/etc/openvpn – -rm kylemanna/openvpn ovpn_genconfig -u udp://104.131.181.124
docker run -v $OVPN_DATA:/etc/openvpn – -rm -it kylemanna/openvpn ovpn_initpki

Be sure to use the IP address of your server which you got in your email in the above command (highlighted in red).

You will get an output that’s similar to the one below, once the first command is completed:


Then the next command will prompt you to set a passphrase for your keystore. Please set any passphrase you like and make a note of it as you will need it later.

You need to type in the passphrase twice for verification:

Then on the next prompt just hit Enter without providing any input:

Afterward, the server will start generating a private key and this process will take a few minutes, so be patient! Finally, you’ll get prompted for the keystore passphrase one last time:


And you will see something like this:

Next, type in the 2 below commands:

docker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp – -cap-add=NET_ADMIN kylemanna/openvpn
docker run -v $OVPN_DATA:/etc/openvpn – -rm -it kylemanna/openvpn easyrsa build-client-full MYVPN nopass

And type in your passphrase when prompted:

You should get output similar to this:

Now let’s generate a configuration file for our client to use:

docker run -v $OVPN_DATA:/etc/openvpn – -rm kylemanna/openvpn ovpn_getclient MYVPN > MYVPN.ovpn

Alright! All the setup is done and you are now a few steps away from using your VPN.

Next you will need to get the config file from the server.

To do that you will use PSFTP program, which was installed along with PuTTY. To do that start PSFTP from your Start menu and type in the below commands:

open 104.131.181.124
root
<password>
get MYVPN.ovpn

NOTE: Use your own droplet server IP from the email you got and root server password you set upon initial login in puTTY.

Now the file is downloaded to your PC in C:\Program Files\PuTTY directory:


All you need to do now is to copy it over to OpenVPN config directory in C:\Program Files\OpenVPN\config:


That’s it! You are now ready to use your VPN server. Just start the OpenVPN GUI client — it will show up in your system tray area:

Right-click on it and choose «Connect» and you will get a pop up like this which will disappear after you get connected:

Congratulations! You now have your VPN connected!

To verify that you can go to IP finder tool webpage and compare the IP address shown there with the IP address of your droplet. If you did everything correctly, they should match.

How To Have OpenVPN Without Going Through Manual Installation

Even though simple, the installation process we just explained to install an OpenVPN server with DigitalOcean may be scary for many users, in particular, if you don’t have great experience in the field.

You shouldn’t despair.

Today on the market there is plenty of VPN connections that support OpenVPN and are a valid alternative to manual installation on DigitalOcean.

Moreover, we actually recommend you to consider certain important facts before making your decision.

For instance, when you subscribe to a VPN connection that supports OpenVPN, you don’t need to go through the installation we just explained. The only thing you need to do is to install the VPN software and this one will take care of your OpenVPN configuration.

It is just a matter of a couple of minutes and you are ready to go. And you will be totally protected.

Cost-wise, we can affirm that at the end of the day a good VPN provider is cheaper than having an OpenVPN server installed with DigitalOcean.

For instance, ExpressVPN is a leader in the market and you can subscribe a plan starting from about $8.00 per month. HideMyAss, another major VPN connection can be subscribed for $6.55 a month.

DigitalOcean will cost you $5.00 a month which is slightly cheaper. But it will never offer you the flexibility of a VPN connection.

Just to give you an example. For DigitalOcean you pay $5.00 to have the server in one location. If you want to add another location the price will become $10.00.

For less than $10.00, ExpressVPN will have at your disposal 1000+ servers across 87 Nations. And HideMyAss has more than 940 servers in over 350 locations across the globe.

With just a few bucks more every month you will get an endless choice of servers all around the world.

The possibility to connect to so many servers around the world will open to you the complete potential of the Web. At the same time, your traffic will be always protected by the OpenVPN protocol and the best encryption algorithm available today.

Besides that, depending on your task, you can even choose between several VPN protocols besides OpenVPN.

Through a VPN you can even geo-spoof your IP address and pretend to be connecting from wherever you like around the world. Therefore a VPN consent you to access services like iBBC, Netflix, and Spotify from wherever you are around the world.

These are just a tiny part of the benefits you can enjoy while using a VPN compared to DigitalOcean.

For this reason, before you make your decision to use DigitalOcean, have a look at the characteristic of some of the best VPN on the market we selected for you.

We are pretty confident you will agree that a VPN connection is the best solution to implement OpenVPN on your device.

BEST VPN PROVIDERS SUPPORTING OPEN VPN PROTOCOL

RankVPN NameRatingMonthly PriceWebsite
1.5/5 Read review$8.32Website
2.4.4/5 Read review$6.55Website
3.4.4/5 Read review$6.49Website
4.4.3/5 Read review$5.75Website
5.4.2/5 Read review$4.95Website

 

Artur
Artur is a DevOps engineer with over 10 years of experience who is passionate about personal data privacy and freedom of communications. With a huge experience in the IT field he always paid special attention to the latest developments in online privacy protection and government filtering avoidance techniques. Having a good networks administration background always helped him to pick the best methods for keeping private data secure and advice appropriately to the similar-minded enthusiasts. Artur strongly believes that in a modern world the amount of information we unknowingly share on the Internet is unreasonably high which makes a lot of commercial companies and government bodies exploit the situation in order to pursue their own goals, which are usually not in favor of the person who shared private data, so he aims to help with preventing that.

10 COMMENTS

  1. awesome tutorial, now my connection is more stable and fast than commercial VPNs, one question though, how do we restart the service if I accidentally powered the server off?

Leave a Reply