openvpnOpenVPN is a free and open source software application which can be used to securely link two or more private networks using an encrypted tunnel over the Internet.  OpenVPN is bound to the OpenSSL library, and derives much of its crypto capabilities from it.

Today we will share with you a script that you can use to install and configure OpenVPN on an Ubuntu VPS. The script is pretty much self explanatory.


#!/usr/bin/env bash

# Functions
ok() { 
    echo -e '\e[32m'$1'\e[m'; 

die() { 
    echo -e '\e[1;31m'$1'\e[m'; exit 1; 

# Sanity check
if [[ $(id -g) != "0" ]] ; then
    die "❯❯❯ Script must be run as root."

if [[  ! -e /dev/net/tun ]] ; then 
    die "❯❯❯ TUN/TAP device is not available."

dpkg -l openvpn > /dev/null 2>&1
if [[ $? -eq 0 ]]; then
    die "❯❯❯ OpenVPN is already installed."

# Install openvpn
ok "❯❯❯ apt-get update"
apt-get update -q > /dev/null 2>&1
ok "❯❯❯ apt-get install openvpn curl openssl"
apt-get install -qy openvpn curl > /dev/null 2>&1

# IP Address
SERVER_IP=$(curl -s
if [[ -z "${SERVER_IP}" ]]; then
    SERVER_IP=$(ip a | awk -F"[ /]+" '/global/ && !/127.0/ {print $3; exit}')

# Generate CA Config
ok "❯❯❯ Generating CA Config"
openssl dhparam -out /etc/openvpn/dh.pem 2048 > /dev/null 2>&1
openssl genrsa -out /etc/openvpn/ca-key.pem 2048 > /dev/null 2>&1
chmod 600 /etc/openvpn/ca-key.pem
openssl req -new -key /etc/openvpn/ca-key.pem -out /etc/openvpn/ca-csr.pem -subj /CN=OpenVPN-CA/ > /dev/null 2>&1
openssl x509 -req -in /etc/openvpn/ca-csr.pem -out /etc/openvpn/ca.pem -signkey /etc/openvpn/ca-key.pem -days 365 > /dev/null 2>&1
echo 01 > /etc/openvpn/

# Generate Server Config
ok "❯❯❯ Generating Server Config"
openssl genrsa -out /etc/openvpn/server-key.pem 2048 > /dev/null 2>&1
chmod 600 /etc/openvpn/server-key.pem
openssl req -new -key /etc/openvpn/server-key.pem -out /etc/openvpn/server-csr.pem -subj /CN=OpenVPN/ > /dev/null 2>&1
openssl x509 -req -in /etc/openvpn/server-csr.pem -out /etc/openvpn/server-cert.pem -CA /etc/openvpn/ca.pem -CAkey /etc/openvpn/ca-key.pem -days 365 > /dev/null 2>&1

cat > /etc/openvpn/udp1194.conf <<EOF
verb 3
key server-key.pem
ca ca.pem
cert server-cert.pem
dh dh.pem
keepalive 10 120
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS"
push "dhcp-option DNS"

user nobody
group nogroup

proto udp
port 1194
dev tun1194
status openvpn-status-1194.log

# Generate Client Config
ok "❯❯❯ Generating Client Config"
openssl genrsa -out /etc/openvpn/client-key.pem 2048 > /dev/null 2>&1
chmod 600 /etc/openvpn/client-key.pem
openssl req -new -key /etc/openvpn/client-key.pem -out /etc/openvpn/client-csr.pem -subj /CN=OpenVPN-Client/ > /dev/null 2>&1
openssl x509 -req -in /etc/openvpn/client-csr.pem -out /etc/openvpn/client-cert.pem -CA /etc/openvpn/ca.pem -CAkey /etc/openvpn/ca-key.pem -days 36525 > /dev/null 2>&1

cat > /etc/openvpn/client.ovpn <<EOF
dev tun
redirect-gateway def1 bypass-dhcp
remote $SERVER_IP 1194 udp
comp-lzo yes

$(cat /etc/openvpn/client-key.pem)
$(cat /etc/openvpn/client-cert.pem)
$(cat /etc/openvpn/ca.pem)

# Iptables
if [[ ! -f /proc/user_beancounters ]]; then
    N_INT=$(ip a |awk -v sip="$SERVER_IP" '$0 ~ sip { print $7}')
    iptables -t nat -A POSTROUTING -s -o $N_INT -j MASQUERADE
    iptables -t nat -A POSTROUTING -s -j SNAT --to-source $SERVER_IP

iptables-save > /etc/iptables.conf

cat > /etc/network/if-up.d/iptables <<EOF
iptables-restore < /etc/iptables.conf

chmod +x /etc/network/if-up.d/iptables

# Enable net.ipv4.ip_forward
sed -i 's|#net.ipv4.ip_forward=1|net.ipv4.ip_forward=1|' /etc/sysctl.conf
echo 1 > /proc/sys/net/ipv4/ip_forward

# Restart Service
ok "❯❯❯ service openvpn restart"
service openvpn restart > /dev/null 2>&1
ok "❯❯❯ Your client config is available at /etc/openvpn/client.ovpn"
ok "❯❯❯ All done!"

What does the script do?

The script will automatically install OpenVPN and all the necessary dependencies, configure, and add a new user.

How to use it ?

1. Download the script


2. Make it executable

chmod +x

3. Run



Of course, if you are one of our Linux VPS Hosting customers, you don’t have to do any of this, simply ask our admins, sit back and relax. Our admins will install OpenVPN for you immediately.

PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.