A VPN is a versatile tool that's capable of bolstering your security, accessing geo-restricted sites, and ensuring that nobody is snooping on your online activity. There are hundreds of VPN providers on the market, but it's also possible to set up a VPN server a Linux system, too!
We show you how to set up a VPN server on Linux in a handy step-by-step guide below.
Essentially, a VPN creates a secure tunnel connecting your device to the internet, and any data that passes through this tunnel is encrypted, rendering it unreadable to third-parties – like cybercriminals, ISPs, and even your local government. Additionally, a VPN provides you with a temporary IP address in a location of your choice, allowing you to access content that might not be available in your current whereabouts, or escape oppressive internet censorship.
You might want to create your own Linux VPN server if you're particularly security-conscious. Subscribing to a premium VPN service is all well and good, but you're beholden to their encryption and security measures.
Folks working from home might also benefit from establishing a VPN server that can be accessed remotely, too. What's more, a private Linux VPN server can even help combat ISP throttling if you frequently stream, download, or play online games.
Before we begin
Setting up a VPN server on Linux is not for the faint of heart! You're going to need some serious technical know-how (as well as familiarity with Linux distros) in order to get your server up and running.
Setting up a Linux VPN server – what do you need?
Before we dive into our step-by-step guide, make sure you have the following vital pieces of kit:
- A client computer – this is the easy one, as you can use your own desktop PC or laptop to connect to your VPN.
- A private server – you will, of course, need somewhere to install your VPN so you can use it, but it doesn't matter if this server is physical or virtual!
- A compatible VPN protocol – we'd recommend using OpenVPN, seeing as it's incredibly secure and reliable, as well as a popular open-source SSL solution, but Linux users can also go with Algo, Streisand, StrongSwan, and WireGuard, amongst others.
Now that you have all your tools gathered, you're almost ready to get your VPN server up and running – there are just a few additional things to bear in mind.
- Do NOT have OpenVPN pre-installed.
- Be sure that you have sudo privileges or root access.
- Allow TCP traffic over port 943, as well as UDP traffic over port 1194.
How to set up your own Linux VPN server
Now comes the technical stuff! Ensure that you've assembled the correct tools and have prepared your system as outlined above, and then follow along with our guide to have your Linux VPN server setup in no time.
The server computer
- The first thing you'll want to do is install OpenVPN along with the cURL programs.
[sudo apt install openvpn curl]
- Download the VPN installation script, next. And you'll also need to make it executable.
[curl -O https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.shchmod +x openvpn-install.sh]
- As a superuser, run the script – this will install and configure OpenVPN.
- Once that's done, you'll be prompted with a few questions. Work your way through them one by one and don't be afraid to stick to the defaults! Remember to name your configuration and come up with a strong password, though.
- With that done, you'll have a configuration file – ending in
.ovpn– that's necessary in the next set of steps.
The client computer
- You're going to need to install OpenVPN on your client computer, as well as the OpenVPN extension for the network manager.
[sudo pacman -S openvpn networkmanager-openvpn]
- Then, install:
- The names of these two packages that need installing next may vary from distro to distro. For Ubuntu Gnome users, install:
[sudo apt install openvpn networkmanager-openvpn-gnome]
- From your server, download the following VPN configuration file, where it'll land in your Downloads folder as usual.
[scp remoteuser@remote-ip-address:/home/remoteuser/*.ovpn ~/Downloads/]
Connecting to the VPN
- Firstly, copy the .ovpn configuration file that you downloaded over to the OpenVPN client folder.
[sudo cp Downloads/*.ovpn /etc/openvpn/client/client.conf]
- It's a good idea to run a test on the connection. Do so by inputting the following:
[sudo openvpn /etc/openvpn/client/client.conf]
- Take a look at your results and sift for errors. If there aren't any, you have a functioning VPN! You can test it again by opening up your web browser and visiting a page, or by verifying your public IP address online – it should match your server address.
- For ease of access, it's handy to be able to connect to your shiny new VPN with a click, rather than inputting a command line each time. To do this, you'll need to add your VPN configuration to the Network Manager.
- It's simple to do so – just open your Network Manager's settings and select Add New Connection. From here, input the configuration file downloaded from the server and select the option to import the connection.
- Then, you'll be able to see the connection in your connection list. Enable it, and you should see that your Network Manager icon has changed. Once again, open up a web browser to test your VPN!
How to test that your Linux VPN server is working
So, you've done the hard work and got your server running – you'll now want to make sure that it's functional, secure, and not giving away any of your personal information. Fortunately, there's an easy way to check that your server is working as it should, and that's with a leak test!
An IP leak occurs when your real IP address – the one your ISP assigned you – leaks, even though you're connected to a VPN server. This shouldn't happen, obviously, and it can be a huge problem, seeing as your real IP address can be used to pinpoint your connection.
At ProPrivacy.com, we have our very own leak test tool that you can use to determine whether your VPN server is suffering from an IP leak, as well as IPv4, IPv6, DNS and WebRTC leaks. It only takes a few moments, and it's well worth doing – don't take a risk with your security!
Are there other ways to get access to a Linux VPN server?
Simply put, yes! You can subscribe to a paid, premium VPN service if you're a Linux user, or seek out a free VPN. Both of these options come with pros and cons, and we've taken a closer look at each below.
- Most premium VPNs offer a dazzling array of privacy tools.
- Reliably unblock geo-restricted services.
- 24/7 customer service is typically available.
- A monthly subscription can get expensive quickly.
- You place your privacy in the hands of the VPN service.
- You don't have to hand over a penny!
- Installation is usually straightforward and quick.
- No subscription fee means the service has to make money some other way – either by offering a free service as a sample of a paid service or by logging your data to sell to third-parties, so beware!
- Users will likely encounter bandwidth limits and monthly data caps.
- Reduced server selection.
- Not all free VPNs are safe – some contain malware.
Private VPN server
But, you're probably here because you're more interested in setting up a private VPN server of your very own! And there are plenty of reasons to do so:
- A private server allows you to be in complete control of your traffic.
- You can use your server to stream remotely, as well as remotely access files and applications.
- There's no risk of data-logging.
- Intrusions are far easier to spot and combat.
- More traceability back to yourself.
- Not as private as a commercial VPN as you may not have thousands of other users on the same server.
OpenVPN On VPN Providers Linux Apps
If you choose to purchase a VPN rather than setting up your own server then it is important that you are aware that not all services will provide OpenVPN encryption on their apps. Check out our best Linux VPN page for a list of the services that provide the gold standard of encryption or head over to our how to install OpenVPN on Linux page for the steps you need to take in order to get OpenVPN up and running on your Linux machine.