How to install OpenVPN Server on Debian 9

Debian Tutorial – This tutorial is going to show you how to install OpenVPN on Debian 9 Stretch. OpenVPN is a great solution that provide a secure connection over the internet. The VPN (Virtual Private Network) can protect you from the bad guy when you connected to public WiFi or else.

On this example, I have a droplet (virtual server) at DigitalOcean. You may also power up a small droplet like mine with $5 per month. Make a note the public IP address of the droplet. We will use the IP address of the droplet on this tutorial. For example, your public IP is : 139.59.105.22

Steps to install OpenVPN on Debian 9

Step 1. Get the Public IP address

In DigitalOcean dashboard, you can see current IP address of the droplet easily.

Step 2. Update and Upgrade Debian

Make sure your system is up to date.

apt update
apt upgrade

Step 3. Install and configure UFW (Uncomplicated Firewall)

We need to install and configure the UFW on Debian 9. Its pretty easy.

Install UFW

apt install ufw

Configure ufw to enable some important ports

ufw allow 22
ufw allow 443
ufw allow 80

ufw enable
ufw status

Output

root@debian-openvpn:~# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? 


root@debian-openvpn:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
22 (v6)                    ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)             

root@debian-openvpn:~#

At this point ufw is up and running and access to port 80, 442 and 22 is enabled.

Step 4. Download install script

 wget https://git.io/vpn -O openvpn-install.sh

Step 5. Run the install script

bash openvpn-install.sh

You will be asked to enter your IP address, port etc. Please make sure you change the IP address with your Public IP address.

Welcome to this quick OpenVPN "road warrior" installer

I need to ask you a few questions before starting the setup
You can leave the default options and just press enter if you are ok with them

First I need to know the IPv4 address of the network interface you want OpenVPN
listening to.
IP address: 139.59.105.22

Which protocol do you want for OpenVPN connections?
   1) UDP (recommended)
   2) TCP
Protocol [1-2]: 1

What port do you want OpenVPN listening to?
Port: 1194

Which DNS do you want to use with the VPN?
   1) Current system resolvers
   2) Google
   3) OpenDNS
   4) NTT
   5) Hurricane Electric
   6) Verisign
DNS [1-6]: 1

Finally, tell me your name for the client certificate
Please, use one word only, no special characters
Client name: debian-openvpn

Okay, that was all I needed. We are ready to setup your OpenVPN server now
Press any key to continue...

The installation process will take place. It took some times so be patient. At this point, our OpenVPN Server is ready. You can now check firewall rule

cat /etc/rc.local

Output

root@debian-openvpn:~# cat /etc/rc.local
#!/bin/sh -e
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 139.59.105.37
exit 0

How to start, stop and check status of the OpenVPN Server Service

#start service
systemctl start openvpn@server

#stop service
systemctl stop openvpn@server

#check status
systemctl status openvpn@server

Download the configuration file

Now we can download the ovpn configuration file. This file will be used to connect to the server. We can use scp command to do this

scp root@139.59.105.22:~/debian-openvpn.ovpn /home/dhani/Desktop

Change the details above with your own.