BestHub
Sign in
Operations 10 min read

How to Deploy an OpenVPN Server on a Public Cloud and Configure Clients

This step‑by‑step guide shows how to install OpenVPN on a public‑cloud Linux host, generate CA and server certificates with Easy RSA, configure the OpenVPN server, create a user authentication script, and set up matching client configurations for secure VPN access.

MaGe Linux Operations
MaGe Linux Operations
MaGe Linux Operations
How to Deploy an OpenVPN Server on a Public Cloud and Configure Clients

1. Set up OpenVPN server on public cloud

# Install openvpn
yum install openvpn

2. Install Easy RSA suite

Generate keys and certificates

# Download Easy RSA source
wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.2/EasyRSA-3.1.2.tgz
mv EasyRSA-3.1.2 /etc/openvpn/easy-rsa

Modify configuration

# Rename vars.example to vars and edit
# Set EASYRSA_CA_EXPIRE to 365 days
# Set EASYRSA_CERT_EXPIRE as needed

Generate CA and server certificates

# Clean previous keys
./easyrsa clean-all
# Build CA
./easyrsa build-ca
# Build server certificate without password
./easyrsa build-server-full server nopass
# Generate Diffie‑Hellman parameters
./easyrsa gen-dh
# Generate TLS‑auth key
openvpn --genkey --secret ta.key

3. OpenVPN server configuration

Create server.conf

port 1194
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA1
proto tcp
server 10.8.0.0 255.255.255.0
push "route 10.0.8.2 255.255.252.0"
client-to-client
verb 3
persist-key
persist-tun
keepalive 10 120
max-clients 200
ifconfig-pool-persist ipp.txt
duplicate-cn
script-security 3
auth-user-pass-verify /etc/openvpn/check.sh via-env
username-as-common-name

User authentication script

#!/bin/bash
PASSFILE="/etc/openvpn/openvpnfile"
LOG_FILE="/var/log/openvpn-password.log"
TIME_STAMP=$(date "+%Y-%m-%d %T")
# (script body that checks username/password against $PASSFILE and logs results)

Create user password file

/etc/openvpn/openvpnfile
koten 1

Copy keys and start service

cp /etc/openvpn/easy-rsa/pki/ca.crt /etc/openvpn/server/
cp /etc/openvpn/easy-rsa/pki/private/ca.key /etc/openvpn/server/
cp /etc/openvpn/easy-rsa/pki/issued/server.crt /etc/openvpn/server/
cp /etc/openvpn/easy-rsa/pki/private/server.key /etc/openvpn/server/
cp /etc/openvpn/easy-rsa/pki/dh.pem /etc/openvpn/server/
cp /etc/openvpn/easy-rsa/ta.key /etc/openvpn/server/
openvpn --config server.conf

4. Client configuration

Install OpenVPN

yum install openvpn

Generate client certificate

cd /etc/openvpn/easy-rsa
./easyrsa build-client-full client nopass

Create client.conf

client
dev tun
proto tcp
remote <server_ip> 1194
ca ca.crt
cert client.crt
key client.key
nobind
auth SHA1
resolv-retry infinite
verb 3
persist-key
persist-tun
auth-user-pass pass.txt

Create pass.txt with username and password

username
password

Start client

openvpn --config client.conf
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

LinuxcloudServer SetupVPNEasyRSAOpenVPN
MaGe Linux Operations
Written by

MaGe Linux Operations

Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment