OpenVPN
TBD
FAQ
How to add additional clients?
In order to add another client configuration to your OpenVPN server, you first need to connect your server via SSH. You can find the connection information and the credentials on your server's detail page. We also sent you all details via email.
1. Generate new client configuration
Please cross-check that you're in the /root directory. If not, please change to it using the following command:
cd /root
Then you can run the installation script again and select the option to add a new client:
./openvpn-install.sh
You'll get an output that looks like following:
root@openvpn-vps-start-se-sto1-1:~# ./openvpn-install.sh
Welcome to OpenVPN-install!
The git repository is available at: https://github.com/angristan/openvpn-install
It looks like OpenVPN is already installed.
What do you want to do?
1) Add a new user
2) Revoke existing user
3) Remove OpenVPN
4) Exit
Select an option [1-4]: 1
Type 1 followed by Enter to select the option to add a new user.
The wizard will then ask you for a name for the client. Please enter a name of your choice and confirm with Enter.
Tell me a name for the client.
The name must consist of alphanumeric character. It may also include an underscore or a dash.
Client name: new-openvpn-user
Next, you have the option to choose between a passwordless client or a client with a password.
Do you want to protect the configuration file with a password?
(e.g. encrypt the private key with a password)
1) Add a passwordless client
2) Use a password for the client
Select an option [1-2]: 2
For security purposes, we'd recommend that you protect your client's certificate with an additional password. Otherwise, when your client's certificate gets compromised, an attacker could connect to your VPN without any additional authentication. Enter either 1 for a passwordless client or 2 for a password-protected client and hit Enter to continue.
If you chose to protect your client's certificate with a password, you'll be asked to enter a password for the client's certificate. Please enter a password of your choice and confirm with Enter.
⚠️ You will be asked for the client password below ⚠️
* Using SSL: openssl OpenSSL 1.1.1f 31 Mar 2020
* Using Easy-RSA configuration: /etc/openvpn/easy-rsa/vars
* The preferred location for 'vars' is within the PKI folder.
To silence this message move your 'vars' file to your PKI
or declare your 'vars' file with option: --vars=<FILE>
Generating an EC private key
writing new private key to '/etc/openvpn/easy-rsa/pki/0311418e/temp.ffa061c1'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
When typing the password, you will not see what you type. This is normal behavior and designed to prevent others from seeing your password while you type it.
2. Download new client configuration
The wizard will then generate a new client configuration that is completely ready to use out of the box. It will be stored under /root with the name of your new client and the .ovpn extension. In our example, the file will be called new-openvpn-user.ovpn.
You can then easily download it and distribute it to the client you want to connect to your VPN. You can use the following command to download the file to your local machine:
scp root@<your-server-ip>:/root/new-openvpn-user.ovpn .
3. Import client configuration
Depending on the OpenVPN client you're using, you can just double-click on the downloaded configuration file. This will import the config into your OpenVPN client and you can connect to your VPN. You will be asked for the client's password you provided while generating the client configuration unless you chose to generate a passwordless client.
To create more users, you can just repeat the steps above and choose a different name for the client each time.
Create client configurations are valid for 2 years by default. Please repeat the steps above to create a new client configuration if your existing one expired.