Easily deploy a secure OpenVPN server on Debian, Ubuntu, Fedora, CentOS, Arch Linux, Oracle Linux, Rocky Linux, and AlmaLinux with this automated script.
- Quick Setup: Configure your VPN server in seconds.
- Customizable Security: Enhanced encryption settings for maximum security.
- User Management: Easily add, remove, or manage clients.
- Multi-Platform: Compatible with various Linux distributions.
- Automated Headless Install: Fully automated installation for seamless deployment.
| Distribution | Support |
|---|---|
| AlmaLinux 8 | ✅ |
| Amazon Linux 2 | ✅ |
| Arch Linux | ✅ |
| CentOS 7 | ✅ 🤖 |
| CentOS Stream >= 8 | ✅ 🤖 |
| Debian >= 10 | ✅ 🤖 |
| Fedora >= 35 | ✅ 🤖 |
| Oracle Linux 8 | ✅ |
| Rocky Linux 8 | ✅ |
| Ubuntu >= 18.04 | ✅ 🤖 |
Note: Distributions marked with 🤖 are regularly tested.
curl -O https://raw.githubusercontent.com/AnonVM/OpenVPN-Installer/main/setup.sh
chmod +x setup.shsudo ./setup.shFollow the prompts to configure your VPN server.
After installation, rerun the script to:
- Add a Client
- Remove a Client
- Uninstall OpenVPN
Client configuration files (.ovpn) will be saved in your home directory. Use them with your preferred OpenVPN client.
You can automate the installation process:
AUTO_INSTALL=y ./setup.shOr set environment variables:
export AUTO_INSTALL=y
./setup.shCustomizable options include:
APPROVE_INSTALL=yAPPROVE_IP=yIPV6_SUPPORT=nPORT_CHOICE=1PROTOCOL_CHOICE=1DNS=1COMPRESSION_ENABLED=nCUSTOMIZE_ENC=nCLIENT=clientnamePASS=1
To set the server endpoint behind NAT:
ENDPOINT=$(curl -4 ifconfig.co)For more customization, modify the installQuestions() function in the script.
To automate user addition:
#!/bin/bash
export MENU_OPTION="1"
export CLIENT="foo"
export PASS="1"
./setup.shOpenVPN defaults to strong encryption settings, further enhanced by this script:
- AES-GCM: Provides confidentiality, integrity, and authenticity.
- TLS 1.2: Enforced for optimal security.
- ECDSA: Default certificate type for efficiency and security.
- tls-crypt: Enabled by default for additional privacy and DoS protection.
- AnonVM: Privacy focused secure hostiing
- Windows: Official OpenVPN Community Client
- Linux: Use the
openvpnpackage from your distribution. APT repository for Debian/Ubuntu - macOS: Tunnelblick, Viscosity, OpenVPN for Mac
- Android: OpenVPN for Android
- iOS: OpenVPN Connect
No. Even though this script enhances security, if you're trying to hide from the NSA, a VPN may not be enough. Review your threat models carefully.
Refer to the OpenVPN Manual for detailed documentation on all options.
Open an issue to discuss significant changes before submitting a PR.
Warning: This section has not been updated for OpenVPN 2.5 and later.
- Default: Compression is disabled to prevent VORACLE attacks.
- Supported: LZ0 and LZ4 (v1/v2) algorithms, though not recommended.
- Default: TLS 1.2 enforced with
tls-version-min 1.2. - Support: TLS 1.2 is available since OpenVPN 2.3.3.
- Default: ECDSA with
prime256v1curve. - Supported: ECDSA curves (
prime256v1,secp384r1,secp521r1) and RSA keys (2048, 3072, 4096 bits).
- Default: AES-128-GCM.
- Supported Ciphers: AES-GCM and AES-CBC with varying key lengths.
- Default:
TLS-ECDHE-*with AES-128-GCM and SHA256. - Supported: Configurable based on certificate type (ECDSA or RSA).
- Default: ECDH with
prime256v1. - Supported: ECDH and classic DH keys.
- Default: SHA256.
- Supported: SHA256, SHA384, SHA512.
- Default:
tls-cryptenabled for privacy and DoS protection. - Supported: Both
tls-authandtls-crypt.