Using OpenVPN allows you to secure your connections and create an encrypted tunnel between your computer and your VPS. Here are the steps to install and configure OpenVPN on a OuiHeberg server.


✅ Prerequisites

  • A Linux VPS (Debian or Ubuntu) from OuiHeberg.
  • Root access or a user with sudo rights.
  • An SSH client (example: PuTTY or ssh on Linux/macOS).


1. Connect to your VPS

From your terminal or PuTTY, connect to your VPS:

ssh root@VPS_IP

(Replace VPS_IP with the IP address of your OuiHeberg VPS.)


2. Update the system

Before installing, update your packages:

apt update && apt upgrade -y

3. Install OpenVPN and Easy-RSA

Install OpenVPN and Easy-RSA to manage certificates:

apt install openvpn easy-rsa -y

4. Configure certificates

Create an Easy-RSA directory and initialize the Certificate Authority (CA):

make-cadir ~/openvpn-ca
cd ~/openvpn-ca
./easyrsa init-pki
./easyrsa build-ca

👉 During generation, enter a password and details (you can leave defaults).


5. Generate server keys and certificates

Still inside ~/openvpn-ca:

./easyrsa gen-req server nopass
./easyrsa sign-req server server
./easyrsa gen-dh
openvpn --genkey --secret ta.key

6. Copy files to OpenVPN

Copy generated certificates and keys to /etc/openvpn:

cp pki/ca.crt pki/issued/server.crt pki/private/server.key pki/dh.pem ta.key /etc/openvpn/

7. Configure the OpenVPN server

Create the config file /etc/openvpn/server.conf:

nano /etc/openvpn/server.conf

Add:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-auth ta.key 0
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

Save with CTRL+O, then ENTER, and exit with CTRL+X.


8. Enable network routing

Edit sysctl.conf:

nano /etc/sysctl.conf

Uncomment (or add) the line:

net.ipv4.ip_forward=1

Apply:

sysctl -p

9. Configure firewall rules

Enable NAT so VPN traffic passes correctly:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

👉 To make the rule permanent, install iptables-persistent:

apt install iptables-persistent -y

Then save with:

netfilter-persistent save

10. Start and enable OpenVPN

Enable OpenVPN at boot and start the service:

systemctl start openvpn@server
systemctl enable openvpn@server

Check status:

systemctl status openvpn@server

11. Create a VPN client

Still in ~/openvpn-ca:

./easyrsa gen-req client1 nopass
./easyrsa sign-req client client1

Copy the required files (client1.crt, client1.key, ca.crt, ta.key) to your local machine.


12. Client configuration file

Create client1.ovpn with:

client
dev tun
proto udp
remote VPS_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3

----- contents of ca.crt -----


----- contents of client1.crt -----


----- contents of client1.key -----

👉 Import this .ovpn file into OpenVPN Connect (Windows/macOS/Linux) or the OpenVPN app on Android/iOS.


🎉 Conclusion

You now have a fully functional VPN server on your OuiHeberg VPS.

Each client can securely connect to the Internet via your VPS.