In this tutorial, we guide you through the steps that you can follow to set up your own OpenVPN server in less than fifteen minutes for less than $5 a month with DigitalOcean. In this article, we will give you 10$ credit with Digital Ocean so you can start your own VPN for free.
Best VPN with Open VPN Protocol
Disclaimer: this article was prepared with a target audience of novice computer users and all the setup steps were adapted in the way, so the inexperienced user can repeat them without significant difficulties. All the steps provided outline a bare minimum for setting up a working OpenVPN server with little to no knowledge in Linux system administration. In the countries with strict censorship, this may be the only option available for users to achieve some anonymity level, as popular VPN providers may be blocked there. We encourage users to seek a professional help with further server security hardening or fallback or use commercially available VPN solutions on the market.
NOTE:Â “If you are looking for privacy and digital safety, nowadays there is really no need to host your own private server. This is especially true if you are a non-tech person and you feel intimidated by what you will read in this step-by-step guide.
The best VPN connections automatically set OpenVPN protocol on your device and comeÂ with several added security features that you cannot have with DigitalOcean. At the end of the day, a VPN subscription is cheaper than set up your own OpenVPN server with DigitalOcean. You can read further details here to understand why a VPN is theÂ best choice for the majority of users.”
But before then, we bring you to speed on what is OpenVPN and why the protocol is the best. We also enlighten you on the best-Paid VPN, its features and characteristics.
OpenVPN is a software application that was written by James Yonan and published under GNU General Public License (GPL). The open software uses Virtual Private Network (VPN) techniques to secure point to point connections in routed configurations.
Why is OpenVPN Highly Recommended?
As you will appreciate later in this guide, OpenVPN is simple to install and configure. In most cases and especially when using DigitalOcean, OpenVPN can be deployed and configured in less than 15 minutes. Another great feature is that you can easily store OpenVPN in a single config/certificate file.
OpenVPN is available on every platform and is compatible with a broad range of devices including Servers, PCâs, Mac, Android, iPhone, and Routers to protect your private network traffic as it transits the internet.
OpenVPN uses highly robust OpenSSL encryption library extensively with up to 1024 bit encryption as well as the TLSv1 protocol and contains many control and security features. It protects your private traffic and can navigate firewalls. You can configure any port for service.
Other high-security features are peer authentication using shared keys and certificates as well as HMAC authentication. OpenVPN is safe and robust to use as it runs in the user space and can run without root privileges.
OpenVPN is an open source solution as such; it enjoys the backing of a massive open source community. It has a flexible framework that allows for fast and simple repairs.
OpenVPN is open source, and therefore the source code is available and thus free for modification.
After this brief overview ofÂ OpenVPN,Â we come to the most important part of this guide that youâve been anxiously waiting for:
How to Setup an OpenVPN Server with DigitalOcean
Step 1: Setup A New Droplet At DigitalOcean with 10$ offered.
- First of all, you will need to sign up for DigitalOcean account here:
https://www.digitalocean.com/Â (by using this link you will have your account credited of $10).
- After you sign up, you can log in to the droplet management console using the link below and create a new droplet (a server which will run your VPN):
- From the droplet creation page, you can choose which OS it will be running on. We recommend using Ubuntu 16.04 distro:
- Next, choose the size of the droplet â we find a small droplet size to suffice our purpose:
- Then, you can choose the preferred location for your droplet. Please note that the closer the server to you geographically, the faster the connection.
- Next, you can leave all the other fields with no changes and optionally give a name to your droplet:
- After all the fields have been filled, just click the Â«CreateÂ» button and wait a few seconds for server creation. When a server is created you will see it in the list of your droplets:
- You will also get an email with all the droplet connection details in your inbox:
- Make a note of droplet IP address, username, and password. You will need it later.
Step 2: Install Required Software
Now letâs install the required software for VPN configuration and usage. You will only need two additional applications for that:
- PuTTY Client â PuTTY Client is a program that helps you access your newly built server in DigitalOcean
- OpenVPN client â OpenVPN client application is used for connecting your VPN. You can download and install them here:
For PuTTY client, you need to choose the MSI (Windows Installer) file, which is suitable for your PC architecture.
For OpenVPN client, you can simply use Windows installer.
First, letâs connect to the newly created droplet via PuTTY.
Open the PuTTY program from your Start menu and type in the droplet IP address ( that you got in your email) in the Host Name field and click the Open button.
You will get the Security Alert pop-up during the initial login attempt, just click OK and continue:
Enter Â«rootÂ» at a username prompt and the server will ask you to input your current root password (you will find it in the email you received after creating the droplet) and reset it to the new value at initial login:
Type in the current root user password you received in your email and then type in a new password you want to set for root account twice, to confirm it.
Note that this will be your VPN server, which holds valuable private information about the resources browsed through the VPN.
So, make sure to think of a very strong password to protect your privacy! Make sure the password is at least 8 characters long, one that contains both upper case and lower case alpha-numeric characters, and at least one special symbol.
Let’s Proceed With Docker And OpenVPN Installation
Type in the commands below in the terminal (right mouse button in PuTTY will paste the contents of your text buffer in the terminal) and then hit enter:
sudo apt-get update; sudo apt-get -y upgrade
sudo apt-get install -y linux-image-extra-
sudo apt-key adv – -keyserver hkp://pgp.mit.edu:80 – -recv-keys 58118E89F3A912897C070ADBF76221572C52609D
echo “deb https://apt.dockerproject.org/repo ubuntu-xenial main” | sudo tee /etc/apt/sources.list.d/docker.list
sudo apt-get update; sudo apt-get install -y docker-engine
The above steps will install Docker on your droplet.
Letâs Proceed With OpenVPN Server Installation And Setup
We are going to use kylemanna/docker-openvpn docker file, as the most straightforward in setup:
docker run -v $OVPN_DATA:/etc/openvpn – -rm kylemanna/openvpn ovpn_genconfig -u udp://184.108.40.206
docker run -v $OVPN_DATA:/etc/openvpn – -rm -it kylemanna/openvpn ovpn_initpki
Be sure to use the IP address of your server which you got in your email in the above command (highlighted in red).
You will get an output thatâs similar to the one below, once the first command is completed:
Then the next command will prompt you to set a passphrase for your keystore. Please set any passphrase you like and make a note of it as you will need it later.
You need to type in the passphrase twice for verification:
Then on the next prompt just hit Enter without providing any input:
Afterward, the server will start generating a private key and this process will take a few minutes, so be patient! Finally, you’ll get prompted for the keystore passphrase one last time:
And you will see something like this:
Next, type in the 2 below commands:
docker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp – -cap-add=NET_ADMIN kylemanna/openvpn
docker run -v $OVPN_DATA:/etc/openvpn – -rm -it kylemanna/openvpn easyrsa build-client-full MYVPN nopass
And type in your passphrase when prompted:
You should get output similar to this:
Now letâs generate a configuration file for our client to use:
docker run -v $OVPN_DATA:/etc/openvpn – -rm kylemanna/openvpn ovpn_getclient MYVPN > MYVPN.ovpn
Alright! All the setup is done and you are now a few steps away from using your VPN.
Next, you will need to get the config file from the server.
To do that you will use PSFTP program, which was installed along with PuTTY. To do that start PSFTP from your Start menu and type in the below commands:
NOTE: Use your own droplet server IP from the email you got and root server password you set upon initial login in puTTY.
Now the file is downloaded to your PC in C:\Program Files\PuTTY directory:
All you need to do now is to copy it over to OpenVPN config directory in C:\Program Files\OpenVPN\config:
That’s it! You are now ready to use your VPN server. Just start the OpenVPN GUI client â it will show up in your system tray area:
Right-click on it and choose Â«ConnectÂ» and you will get a pop up like this which will disappear after you get connected:
Congratulations! You now have your VPN connected!
To verify that you can go to what is my ipÂ webpage and compare the IP address shown there with the IP address of your droplet. If you did everything correctly, they should match.
How To Have OpenVPN Without Going Through Manual Installation
Even though simple, the installation process we just explained to install an OpenVPN server withÂ DigitalOcean may be scary for many users, in particular, if you don’t have great experience in the field.
You shouldn’t despair.
Today on the market there is plenty of VPN connections that support OpenVPN and are a valid alternative to manual installation on DigitalOcean.
Moreover, we actually recommend you to considerÂ certain important facts before making your decision.
For instance, when you subscribe to a VPN connection that supports OpenVPN, you don’t need to go through the installation we just explained. The only thing you need to do is to install the VPN software and this one will take care of your OpenVPN configuration.
It is just a matter of a couple of minutes and you are ready to go. And you will be totally protected.
Cost-wise, we can affirm that at the end of the day a good VPN provider is cheaper than having an OpenVPN server installed with DigitalOcean.
For instance, ExpressVPN is a leader in the market and you can subscribe a plan starting from about $8.00 per month. HideMyAss, another major VPN connectionÂ can be subscribed for $6.55 a month.
DigitalOcean will cost you $5.00 a month which is slightly cheaper. But it will never offer you the flexibility of a VPN connection.
Just to give you an example. For DigitalOcean you pay $5.00 to have the server in one location. If you want to add another location the price will become $10.00.
For less than $10.00, ExpressVPN will have at your disposal 1000+ servers across 87 Nations. And HideMyAss has more than 940 servers in over 350 locations across the globe.
With just a few bucks more every month you will get an endless choice of servers all around the world.
The possibility to connect to so many servers around the world will open to you the complete potential of the Web. At the same time, your traffic will be always protected by the OpenVPN protocol and the best encryption algorithm available today.
Besides that, depending on your task, you can even choose between several VPN protocols besides OpenVPN.
Through a VPN you can even geo-spoof your IP address and pretend to be connecting from wherever you like around the world. Therefore a VPN consent you to access services like BBC, Netflix, and Spotify from wherever you are around the world.
These are just a tiny part of the benefits you can enjoy while using a VPN compared to DigitalOcean.
For this reason, before you make your decision to use DigitalOcean, have a look at the characteristic of some of the best VPN on the market we selected for you.
We are pretty confident you will agree that a VPN connection is the best solution to implement OpenVPN on your device.
March 29, 2017 at 7:18 pm
It’s a great instruction. Thank you so much.
March 29, 2017 at 9:20 pm
Thank you very much Eman,
we are glad you have find the article useful.
Thanks for letting us know.
April 15, 2017 at 3:32 pm
awesome tutorial, now my connection is more stable and fast than commercial VPNs, one question though, how do we restart the service if I accidentally powered the server off?
April 18, 2017 at 6:57 am
I’m glad you’ve found the tutorial useful.
The command to start the service back if the droplet was powered off is:
docker container start boring_davinci
Let us know if that works for you
April 18, 2017 at 8:15 am
Hi, I get the following
Error response from daemon: No such container: boring_davinci
Error: failed to start containers: boring_davinci
April 19, 2017 at 4:20 am
In order to find the root cause of this issue, can you do below command and send the output to us:
docker ps -l
April 19, 2017 at 5:48 am
The output is
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
30e494eddad8 kylemanna/openvpn “ovpn_run” 22 hours ago Exited (0) 10 minutes ago frosty_engelbart
April 19, 2017 at 6:24 am
AMJ, can you please try this startup command : docker container start frosty_engelbart
Thanks to let me know if this is working now.
April 19, 2017 at 6:37 am
Thanks! it works!
April 19, 2017 at 6:46 am
Great, if you need more help feel free to contact us.
January 3, 2018 at 11:28 am
Hi. After entering the command: sudo apt-key adv â -keyserver hkp://pgp.mit.edu:80 â -recv-keys 58118E89F3A912897C070ADBF76221572C52609D
sudo apt-key adv â-keyserver hkp://pgp.mit.edu:80 â-recv-keys 58118E89F3A912897C070ADBF76221572C52609D
Executing: /tmp/tmp.Iei3AmVpFi/gpg.1.sh â-keyserver
usage: gpg [options] [filename]
what am I doing wrong?
January 4, 2018 at 3:28 pm
this is an issue of a bad formatting in the article which replaced all double-dash text with the long dash symbol and a short “-” symbol. If we correct the characters used in the command to be exactly as below it should work fine:
sudo apt-key adv –keyserver hkp://pgp.mit.edu:80 –recv-keys 58118E89F3A912897C070ADBF76221572C52609D
We will be modifying the article to reflect this.
January 6, 2018 at 8:07 pm
thank you, Jeff, you’re right
January 29, 2018 at 4:26 pm
Executing: /tmp/apt-key-gpghome.rskbW0kpq2/gpg.1.sh âkeyserver hkp://pgp.mit.edu:80 ârecv-keys 58118E89F3A912897C070ADBF76221572C52609D
usage: gpg [options] [filename]
upon execution of the modified command as defined in the comments, can you provide any further help?
February 16, 2018 at 6:54 am
Seems there is still an issue with the formatting that is causing this. The thing you need to make sure to check for is that you have double “-” sign in front of “keyserver” and “recv-keys” instructions in that line and not single long dash and single minus sign. Please try to copy and paste the command from below:
sudo apt-key adv –keyserver hkp://pgp.mit.edu:80 –recv-keys 58118E89F3A912897C070ADBF76221572C52609D
If that doesn’t work, please type in the part “sudo apt-key adv –keyserver hkp://pgp.mit.edu:80 –recv-keys” manually from keyboard and copy and paste key ID “58118E89F3A912897C070ADBF76221572C52609D”.
February 14, 2018 at 4:59 pm
This tutorial simply does not work on Digital Ocean. It does not get a response from pgp.mit.edu — it says there is no response from the server.
On top of this, you have to manually type out each command line because it messes up the formatting when you copy and paste.
Waste of time!
February 16, 2018 at 6:58 am
You are right, looks the double-dash sign in front of the apt-key command formatting is messed up, which causes this error. The thing you need to make sure is to have two minus signs instead of one M-dash and one minus sign in the typed in command in the terminal. This way it will work fine. You can copy and paste key ID from the article with no issue to avoid typing errors.
Ravishankar R Tiwari
March 21, 2018 at 5:22 pm
it is behaving funny, as soon as i change my password in putty it shuts down and i have tried this again and again, please help, i am using windows 10
March 31, 2018 at 4:25 pm
got an error, any idea?
[email protected]:~# sudo apt-get update; sudo apt-
Hit:2 http://security.ubuntu.com/ubuntu xenial-security InRelease
Hit:1 http://nyc2.mirrors.digitalocean.com/ubuntu xenial InRelease
Hit:3 http://nyc2.mirrors.digitalocean.com/ubuntu xenial-updates InRelease
Hit:4 http://nyc2.mirrors.digitalocean.com/ubuntu xenial-backports InRelease
Reading package lists… Done
sudo: apt-: command not found
April 3, 2018 at 4:33 pm
We’ve noticed there was an incomplete command posted in the article. Sorry about that. We’ve updated the article with full command to execute:
sudo apt-get update; sudo apt-get -y upgrade
Please try this one and let us know. Thanks for pointing this issue out.
April 20, 2018 at 8:38 am
April 24, 2018 at 3:02 am
How do I create multiple certs (with unique CN), I read on the link below that only one connection per cert (with unique CN) is allowed or you would repeatedly lose connectivity with an inactivity timeout?
How would I set this up so that I can access the vpn on multiple machines? I am fairly new to this stuff so any help would be great.
April 27, 2018 at 10:43 am
Is it possible to also install a wordpress install for my site using the existing ubuntu droplet on top of this personal own vpn?