Search our site for answers
Help Docs Hosting Services Cloud VPS (Virtual Private Server) How to run a private VPN server on your VPS

How to run a private VPN server on your VPS

Using a VPN to connect to your server? Liquid Web offers a cloud vpn solution for connecting to your server securely. Get directions for installing and configuring the VPN client on a Ubuntu desktop.
Server Management
10 min read

Tired of slow, overpriced, and sketchy Virtual Private Network (VPN) services that claim to protect your data but could be logging everything you do? Why trust a third party when you can run your own VPN?

Setting up a private VPN on your own Virtual Private Server (VPS) gives you full control over your internet traffic – no middlemen, no restrictions, no unknowns. You decide who connects, how it operates, and where your data flows. Whether you want to encrypt your browsing, access geo-blocked content, or secure remote work connections, a self-hosted VPN is the smartest move.

And here’s the best part: it’s easier than you think. This guide will show you exactly how to set up a secure, private VPN in no time!

Key Points

  • A self-hosted VPN on a VPS gives you full control over your online privacy – no third-party logging, no restrictions, and no unknowns.
  • Setting up OpenVPN is fast and straightforward. You can install OpenVPN in minutes using an automated script and easily manage client access.
  • Client devices connect using .ovpn files, and you can securely set up OpenVPN on Windows, macOS, Linux, Android, and iOS in just a few steps.
  • Testing your VPN ensures your connection is fully encrypted and leak-free. Check your IP, run a DNS leak test, and monitor performance to confirm security.
  • A reliable VPS is critical for a fast, secure VPN, and Liquid Web’s high-performance hosting ensures your VPN runs smoothly with maximum uptime and expert support.

Step 1: Preparing your VPS environment

A smooth VPN installation starts with a properly configured VPS server:

1. Choose the right VPS

For the best performance, your VPS should have:

  • A reliable hosting provider (like Liquid Web) with full root access.
  • A Linux-based OS (Ubuntu 24.04.2 LTS is a great choices).
  • At least 1 CPU core and 1GB RAM (more is better for handling multiple connections).
  • A dedicated IPv4 address (essential for stable VPN performance).

2. Update your system

Before installing anything, update your system’s package list to ensure you’re working with the latest versions. Run:

  • For Ubuntu/Debian:
sudo apt update && sudo apt upgrade -y
  • For CentOS/RHEL:
sudo dnf update -y

This keeps your system clean, secure, and ready for OpenVPN.

OpenVPN is an open-source VPN protocol that creates a secure, encrypted tunnel between your device and the internet. Unlike proprietary VPN solutions, OpenVPN is fully transparent, highly configurable, and trusted by security professionals worldwide. It’s the gold standard for self-hosted VPNs because:

  • It has military-grade encryption – uses AES-256 encryption to keep your data safe.
  • It is highly flexible – works on almost any operating system (Windows, macOS, Linux, Android, iOS).
  • It bypasses firewalls – can be configured to disguise VPN traffic as regular HTTPS, making it harder to block.
  • There is no third-party control – you own and manage the VPN, so no one else logs or monitors your activity.

Although you can install everything as root, creating a non-root user with sudo privileges is more secure:

# Create a user named 'vpnadmin'
sudo adduser vpnadmin

# Grant 'vpnadmin' sudo privileges
sudo usermod -aG sudo vpnadmin

# Switch to the new user
su - vpnadmin

4. Enable firewall rules

OpenVPN uses port 1194/udp by default. Make sure your firewall allows this traffic and also permits SSH (so you don’t lock yourself out):

  • UFW (Ubuntu/Debian):
sudo ufw allow OpenSSH

sudo ufw allow 1194/udp

sudo ufw enable
  • firewalld (CentOS/RHEL):
sudo firewall-cmd --permanent --add-service=openvpn

sudo firewall-cmd --permanent --add-masquerade

sudo firewall-cmd --reload

Now that your VPS is prepped and secured, it’s time to install OpenVPN.

Step 2: OpenVPN installation

We’ll use a popular automated script by Nyr. This script simplifies the entire setup:

# Still as a user with sudo privileges or as root:

wget -O openvpn-install.sh https://git.io/vpn

chmod +x openvpn-install.sh

sudo ./openvpn-install.sh

As the script runs, it will ask for:

  • IP address: The script usually detects your VPS’s public IP. Press Enter to confirm or manually specify if incorrect.
  • Protocol: UDP (faster, ideal for most) or TCP (can help in networks blocking UDP).
  • Port: Default is 1194. Only change if you must use a different port.
  • DNS: Select your preferred DNS provider (Google, Cloudflare, etc.).
  • Client name: Enter a unique identifier for the first client (e.g., myvpnuser).
  • Enable compression: Generally “No” to avoid potential security issues.

At the end, the script generates a .ovpn file for your first VPN client. For example:

myvpnuser.ovpn

It will typically place this file in your home directory (if run as root, that’s usually /root; if run as vpnadmin, that’s /home/vpnadmin). Confirm its location by running:

ls ~/*.ovpn

To download it securely to your local computer:

# Example using scp on Linux/macOS:

scp vpnadmin@<YOUR-VPS-IP>:~/myvpnuser.ovpn ./

Adjust the path and username if necessary.

Step 3: Verifying your installation

Let’s make sure everything is running correctly before connecting a client.

  1. Confirm that the OpenVPN service is up and running. Run:
sudo systemctl status openvpn

If you’re using Ubuntu/Debian, run:

sudo systemctl status openvpn@server

If it’s not running, start and enable the service:

sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server
  1. Your VPN should be listening for connections on port 1194 (UDP by default). Verify this by running:
sudo netstat -tunlp | grep 1194

If OpenVPN is configured correctly, you’ll see output like this:

udp  0  0 0.0.0.0:1194  0.0.0.0:*  1234/openvpn

If the port isn’t open, check your firewall settings from Step 1 and restart OpenVPN.

  1. If anything seems off, check OpenVPN’s logs for any errors:
sudo journalctl -u openvpn --no-pager | tail -50

Look for error messages related to missing certificates, incorrect configurations, or firewall issues. If needed, re-run the installation script and double-check your setup.

  1. To make sure your VPN is routing traffic correctly, run this command inside your VPN session:
curl ifconfig.me

It should return your VPS’s public IP address, confirming that your VPN tunnel is active.

Step 4: Managing client access

1. Adding a new VPN user

Each device or person connecting to your VPN needs their own client configuration file (.ovpn). To generate one, re-run the OpenVPN installation script:

sudo ./openvpn-install.sh

Since OpenVPN is already installed, it will detect the existing setup and ask what you want to do. Select the option to add a new user. Then, you’ll be prompted to enter:

  • Client name: Pick a unique identifier, e.g., work-laptop or john-phone.
  • Encryption options: Stick with the default for security.

Once generated, you’ll find the new .ovpn file in your home directory.

2. Transferring the .ovpn file to clients

Each user needs their .ovpn file to connect. Securely transfer it using SCP or SFTP:

  • For Linux/macOS:
scp vpnadmin@your-vps-ip:~/client-name.ovpn ./
  • For Windows, use an SFTP client like WinSCP to download the file from your VPS.

3. Revoking VPN access (removing a client)

If a user’s device is lost or you need to remove access, revoke their certificate:

cd /etc/openvpn/easy-rsa/

./easyrsa revoke client-name

./easyrsa gen-crl

Then, update OpenVPN’s configuration to apply the change:

sudo systemctl restart openvpn@server

This will block the revoked client from connecting.

4. Managing active VPN sessions

To check who’s currently connected, run:

sudo cat /var/log/openvpn/status.log

You’ll see a list of active sessions, their assigned IPs, and connection duration.

With client access fully managed, it’s time to set up your devices and connect to your private VPN.

Step 5: Client setup guides

OpenVPN supports Windows, macOS, Linux, iOS, and Android, so let’s walk through how to connect from each platform.

Setting up OpenVPN on Windows

  1. Download and install OpenVPN client from the official site.
  2. Open the OpenVPN GUI and move the .ovpn file.
  3. Right-click the OpenVPN GUI and select Run as Administrator.
  4. Click Connect and enter your VPN credentials if prompted.

You should now be securely connected.

Setting up OpenVPN on macOS

  1. Install Tunnelblick, an OpenVPN client for macOS.
  1. Open Tunnelblick and drag the .ovpn file onto the app.
  2. Click Connect, and you’re good to go.

Setting up OpenVPN on Linux

  1. Install OpenVPN:
sudo apt install openvpn -y  # Ubuntu/Debian

sudo yum install openvpn -y  # CentOS/RHEL
  1. Start the VPN connection using your .ovpn file:
sudo openvpn --config /path/to/client.ovpn

You’re now connected.

Step 6: Testing your VPN

Now that your VPN is set up and your clients are connected, let’s verify that everything is working correctly:

  • Check your VPN connection: On your client device, visit https://whatismyipaddress.com. Then, compare the IP address shown on the website to your VPS’s public IP address. If they match, your VPN is working correctly. If you still see your home ISP’s IP address, your VPN connection isn’t routing traffic properly. Double-check your OpenVPN settings.
  • Test for DNS leaks: Some VPN setups leak DNS requests, exposing your real location. To test this, visit: https://www.dnsleaktest.com. Click Extended Test and check the DNS servers listed. If you see your VPS’s IP, your DNS is secure. If you see your ISP’s DNS, configure OpenVPN to use a secure DNS:
    • Edit your OpenVPN server configuration file:
sudo nano /etc/openvpn/server.conf
  • Add or modify these lines:
push "dhcp-option DNS 1.1.1.1"

push "dhcp-option DNS 8.8.8.8"
  • Save the file and restart OpenVPN:
sudo systemctl restart openvpn@server
  • Check your VPN encryption: To ensure your traffic is encrypted, use Wireshark (on Windows/macOS/Linux) or Packet Capture (on Android). Start capturing network traffic while connected to the VPN. Look for UDP traffic on port 1194 – it should be encrypted. If you see unencrypted HTTP traffic, something is misconfigured.
  • Test VPN speed: A self-hosted VPN should be fast, but if it feels slow, test your speed here with Speedtest. If speeds are much lower than expected:
    • Try switching to TCP instead of UDP in the .ovpn file.
    • Use a VPS closer to your physical location for lower latency.
    • Upgrade your VPS plan if needed.
  • Ensure the VPN reconnects automatically: Some devices disconnect from the VPN after sleep or network changes. To keep it always on:
    • Windows/macOS: Use OpenVPN’s “Auto-Connect” setting.
    • Linux: Use a systemd service to auto-restart OpenVPN.
    • Android/iOS: Enable “Reconnect on Network Change” in OpenVPN Connect.

At this point, your VPN should be fully functional, encrypted, and leak-free. You’re in full control of your private VPN!

Wrapping up

You did it! Your private VPN is fully operational, running securely on your VPS, and giving you complete control over your online privacy. No third parties tracking your activity, no bandwidth restrictions, and no uncertainty about how your data is handled. Every connection now runs through your own secure server, exactly the way you want it.

And don’t forget – the foundation of a great VPN is a high-performance VPS, and that’s where Liquid Web makes all the difference!

A self-hosted VPN is only as reliable as the infrastructure behind it, and with Liquid Web’s powerful, optimized VPS solutions, you get the speed, security, and uptime you can trust. When your privacy is on the line, you need a hosting provider that keeps your VPN running 24/7 without slowdowns or interruptions. 
Check out Liquid Web’s VPS plans today and take full control of your online security!

Was this article helpful?