A comprehensive bash script collection for easy deployment and management of OpenVPN servers with robust security features.
- Automated Server Setup: Complete OpenVPN server deployment with a single script
- Certificate Management: Easy generation and management of client certificates
- Smart Detection: Automatically detects existing installations and setup state
- Flexible Configuration: Customizable subnet, port, and client settings
- Protocol Switching: Easily switch between UDP and TCP protocols
- Guided Process: Interactive prompts guide you through the setup process
- OVPN File Generation: Generate ready-to-use .ovpn configuration files for clients
- Diagnostics: Built-in tools for troubleshooting connection issues
- Ubuntu 18.04+ or Debian 10+ server
- Root or sudo privileges
- Basic knowledge of networking concepts
-
Log in to your VPS via SSH:
ssh root@your_vps_ip_address
-
Update the system and install git:
apt update && apt upgrade -y apt install git -y -
Secure your server (recommended):
# Create a new user with sudo privileges adduser yourusername usermod -aG sudo yourusername # Configure SSH (optional but recommended) nano /etc/ssh/sshd_config # Set: PermitRootLogin no # Set: PasswordAuthentication no (if using SSH keys) systemctl restart sshd
-
Clone this repository:
git clone https://github.com/sparrow-code/OpenVpn-Server.git cd OpenVpn-Server -
Make the scripts executable:
chmod +x *.sh chmod +x utils/*.sh chmod +x functions/*.sh
-
Run the main setup script:
sudo ./setupVpn.sh
-
Follow the interactive prompts to complete the setup:
- Select a port for OpenVPN (default: 1194)
- Choose between UDP (faster, default) or TCP (more reliable)
- Enter the first client name
- Verify your external IP address
- Confirm your selections
After installing OpenVPN, simply use the comprehensive management interface:
sudo ./vpn_manager.shThis central interface provides access to all OpenVPN management functions:
- Server Status: Monitor service status and connected clients
- Client Management: Create, revoke, and manage client certificates
- Server Configuration: Change ports, protocols, and settings
- Diagnostics & Troubleshooting: Identify and fix connection issues
- Protocol Switching: Easily switch between TCP and UDP
- Configuration Generation: Create .ovpn files for clients
After generating client configurations, transfer the .ovpn file securely to your client device:
# From your local machine (not the VPS)
scp username@your_vps_ip:~/ovpns/clientname.ovpn .| Task | Solution |
|---|---|
| View server status | Run vpn_manager.sh → Select "View OpenVPN Status" |
| Create a new client | Run vpn_manager.sh → Select "Create New Client" |
| Switch protocol | Run vpn_manager.sh → Select "Diagnostics & Troubleshooting" → "Switch between TCP/UDP Protocol" |
| Troubleshoot issues | Run vpn_manager.sh → Select "Diagnostics & Troubleshooting" |
OpenVpn-Server/
├── setupVpn.sh # Main setup script
├── get_vpn.sh # OVPN configuration generator
├── vpn_manager.sh # Server management interface
├── vpn_diagnostics.sh # Diagnostics script
├── vpn_troubleshoot.sh # Troubleshooting utilities
├── README.md # Documentation
├── functions/ # Module functions
│ ├── certificate_management.sh
│ ├── configure_server.sh
│ ├── create_additional_clients.sh
│ ├── detect_setup_state.sh
│ ├── install_packages.sh
│ ├── prepare_client.sh
│ ├── setup_certificates.sh
│ ├── setup_easyrsa.sh
│ ├── setup_network.sh
│ └── utils.sh
└── utils/ # Utility scripts
├── switch_btw_protocol.sh
├── switch_protocol.sh
├── switch_to_tcp.sh
├── switch_to_udp.sh
├── uninstall_openvpn_complete.sh
├── vpn_diagnostics.sh
├── vpn_killswitch.sh
└── vpn_troubleshoot.sh
During setup, you'll be prompted for:
- Server IP Address: Your server's public IP address
- VPN Port: Port for OpenVPN (default: 1194)
- VPN Subnet: Internal VPN subnet (default: 10.8.0.0/24)
- Client Name: Name for the initial client certificate
You can easily switch between UDP and TCP protocols using the consolidated protocol switching script:
# Switch to TCP
sudo ./utils/switch_btw_protocol.sh tcp
# Switch to UDP
sudo ./utils/switch_btw_protocol.sh udpThe built-in diagnostics tool helps identify common issues:
sudo ./vpn_diagnostics.shThis checks:
- Service status
- IP forwarding
- Firewall rules
- DNS resolution
- VPN tunnel setup
- Internet access through VPN
The setup automatically configures necessary firewall rules, including:
- Port forwarding
- NAT configuration
- IP masquerading
- Connection Refused: Check that the server port is open in your firewall
- TLS Handshake Failed: Verify certificate paths and permissions
- Routing Problems: Check IP forwarding settings
- DNS Issues: Verify DNS settings in the OpenVPN configuration
Run the diagnostics script to automatically identify and fix common issues:
sudo ./vpn_diagnostics.sh- The default configuration provides strong security with AES-256-CBC encryption
- Keep your certificate files secure; anyone with your client certificates can connect to your VPN
- Consider implementing additional firewall rules for production environments
- Regularly update your server and OpenVPN installation
- Consider implementing certificate revocation for compromised clients
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- The OpenVPN team for their excellent VPN software
- The Easy-RSA project for certificate management tools
- All contributors who have helped improve this project