Quick Start¶

Common deployment scenarios for the OpenVPN server.

Scenario 1: Default Installation¶

sudo ./openvpn-install.sh install --client laptop

Result:

OpenVPN on port 1194/UDP
AES-128-GCM encryption
Cloudflare DNS
ECDSA certificate (prime256v1)
~/laptop.ovpn file ready to use

Scenario 2: Corporate VPN via TCP/443¶

To bypass restrictive corporate/hotel/airport networks:

sudo ./openvpn-install.sh install \
  --port 443 \
  --protocol tcp \
  --dns cloudflare \
  --cipher AES-256-GCM \
  --client office-laptop

Scenario 3: Maximum Security¶

sudo ./openvpn-install.sh install \
  --cipher AES-256-GCM \
  --cert-type ecdsa \
  --cert-curve secp384r1 \
  --hmac SHA384 \
  --tls-version-min 1.3 \
  --tls-sig crypt-v2 \
  --client secure-device

Scenario 4: Dual-Stack IPv4 + IPv6¶

sudo ./openvpn-install.sh install \
  --client-ipv4 \
  --client-ipv6 \
  --subnet-ipv4 10.8.0.0 \
  --subnet-ipv6 fd42:42:42:42:: \
  --client dual-stack-device

Scenario 5: Self-Hosted DNS (Unbound)¶

sudo ./openvpn-install.sh install \
  --dns unbound \
  --client private-client

Connecting the Client¶

After installation, transfer the .ovpn file to the client device:

# Copy the file to the client
scp ~/laptop.ovpn user@client-machine:~/

# On the client machine (Linux)
sudo openvpn --config ~/laptop.ovpn

Verifying the connection

After connecting, verify the VPN is working:

# Check VPN interface
ip a show tun0

# Check routes
ip route | grep tun0

# Check public IP
curl ifconfig.me