Installation¶

Download¶

curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
chmod +x openvpn-install.sh

Interactive Installation¶

sudo ./openvpn-install.sh interactive

The script will prompt for:

Endpoint — public IP address or domain name (auto-detected)
Port — OpenVPN port (default: 1194)
Protocol — udp (default) or tcp
IPv4/IPv6 — client IP stack support
Subnets — VPN subnets for IPv4 (10.8.0.0/24) and IPv6
DNS — DNS provider (Cloudflare by default)
Encryption — data cipher, certificate type, HMAC
TLS — TLS version and control channel mode
Authentication — PKI or fingerprint (OpenVPN 2.6+)
Client — name of the first client

CLI Installation¶

For automation, use the install command with options:

# Install with defaults
sudo ./openvpn-install.sh install

# Install with custom options
sudo ./openvpn-install.sh install \
  --port 443 \
  --protocol tcp \
  --dns cloudflare \
  --cipher AES-256-GCM \
  --cert-type ecdsa \
  --cert-curve prime256v1 \
  --tls-sig crypt-v2 \
  --client mydevice

See the full list of options in CLI Reference.

What Gets Installed¶

During installation the script:

Installs OpenVPN and Easy-RSA 3.2.6 packages
Creates PKI infrastructure (CA, server certificate)
Generates the server configuration
Configures the firewall (firewalld / nftables / iptables)
Enables IP forwarding (/etc/sysctl.d/99-openvpn.conf)
Creates and starts a systemd service
Generates a .ovpn file for the first client

File Structure After Installation¶

/etc/openvpn/server/
├── server.conf                 # Server configuration
├── ca.crt / ca.key             # CA certificate and key
├── <servername>.crt / .key     # Server certificate
├── crl.pem                     # Certificate revocation list
├── client-template.txt         # Client configuration template
└── easy-rsa/                   # PKI infrastructure
    ├── easyrsa
    ├── vars
    └── pki/
        ├── issued/             # Client certificates
        └── private/            # Client private keys

/var/run/openvpn/
├── management.sock             # Management socket (OpenVPN 2.6+)
└── server.status               # Server status file

/var/log/openvpn/
└── server.log                  # Server logs

/etc/sysctl.d/
└── 99-openvpn.conf             # IP forwarding settings

~/<client-name>.ovpn            # Client configuration

Updating the Script¶

curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
chmod +x openvpn-install.sh

Important

Updating the script does not modify the existing server configuration. Only the management and client generation logic is updated.