Self-Hosting a VPN Server with OpenVPN or WireGuard

Introduction

Setting up your own VPN server allows for secure remote access and encrypted communication. OpenVPN and WireGuard are two popular VPN solutions, each offering unique benefits. This guide will walk you through setting up either OpenVPN or WireGuard on your server.

7## Step 1: Choose a VPN Solution

OpenVPN:

Time-tested and widely supported

Uses SSL/TLS for encryption

Requires more system resources

WireGuard:

Lightweight and high-performance

Uses modern cryptographic protocols

Simpler configuration compared to OpenVPN

Step 2: Install OpenVPN

  1. Update your package list and install OpenVPN:

    sudo apt update && sudo apt install openvpn -y

  2. Generate server keys and certificates using EasyRSA:

    cd /etc/openvpn sudo make-cadir easy-rsa

    cd easy-rsa

    ./easyrsa init-pki

    ./easyrsa build-ca

    ./easyrsa gen-req server nopass

    ./easyrsa sign-req server server

  3. Configure the OpenVPN server by editing:

    sudo nano /etc/openvpn/server.conf

  4. Start and enable OpenVPN:

    sudo systemctl start openvpn@server

    sudo systemctl enable openvpn@server

Step 3: Install WireGuard

  1. Install WireGuard:

    sudo apt update && sudo apt install wireguard -y

  2. Generate server keys:

    wg genkey | tee privatekey | wg pubkey > publickey

  3. Configure WireGuard:

    sudo nano /etc/wireguard/wg0.conf

    Example configuration:

    [Interface]

    PrivateKey =

    Address = 10.0.0.1/24

    ListenPort = 51820

    [Peer]

    PublicKey =

    AllowedIPs = 10.0.0.2/32

  4. Enable and start WireGuard:

    sudo systemctl enable wg-quick@wg0

    sudo systemctl start wg-quick@wg0

Step 4: Configure Firewall and Routing

  1. Allow VPN traffic through the firewall:

    sudo ufw allow 1194/udp # For OpenVPN

    sudo ufw allow 51820/udp # For WireGuard

  2. Enable IP forwarding:

    sudo nano /etc/sysctl.conf

  3. Uncomment or add:

    net.ipv4.ip_forward=1

  4. Apply changes:

    sudo sysctl -p

Step 5: Connect Clients

  1. For OpenVPN, distribute the client configuration file:

    /etc/openvpn/client.ovpn

  2. For WireGuard, install WireGuard on the client and add the configuration to wg0.conf:

    [Interface]

    PrivateKey =

    Address = 10.0.0.2/24

    [Peer]

    PublicKey =

    Endpoint = :51820

    AllowedIPs = 0.0.0.0/0

  3. Start the VPN connection on the client:

    wg-quick up wg0 # WireGuard

    openvpn --config client.ovpn # OpenVPN

Conclusion

By self-hosting a VPN server with OpenVPN or WireGuard, you ensure secure remote access and encrypted communication. WireGuard is ideal for performance, while OpenVPN is great for compatibility. Choose the best solution for your needs.