When making decisions as to what to use to make your own VPN, a cool challenge can be to use an old laptop or Raspberry Pie combined with OpenVPN to do everything yourself, and we'll see here how we can do that, but remember there are multiple ways to deploy such a service.

Let's see what do we need to run such a service on our own machine.

Here we'll use an old HP laptop as machine, with Debian 12 as OS, but you could use almost any hardware/software combination, even a VM if you want. We made the choice of a physical machine because we had a spare one, and also because if our hypervisor is down at some point, there may be some problem while trying to starting virtual machines back therefore no more VPN, meaning that we could have to be on site to put the VPN back up.

On your linux distribution, you must have the package curl installed in order to follow the installations. If you don't, here's how to install it using apt:

sudo apt update && sudo apt install curl

First we'll download an installer file, and then run it:

curl -O https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh

The file won't be seen as an executable, so we need to change that:

chmod +x ./openvpn-install.sh

Then we run it with root privileges:

sudo ./openvpn-install.sh

Now, the installation process has started, and should be pretty simple to follow. Normally, the service should be able to auto complete the options by default, but we'll still go through each of them.

First, you are prompted to enter the machine address, if you use a hosted machine, you shall enter it's public IP. Here we have a machine on our home network, therefore behind NAT, so it'll auto complete with its local IP (192.168.1.2 for example).

Then, if behind NAT (which is our case), you are prompted to enter the public IP of your network. Our was auto completed, but if it wasn't, we could go to https://www.whatismyip.com (for example) in order to get our public IP and enter it into the prompt. You could also use a public hostname that would point at you.

Next, if your host has IPv6 support, you're asked if you want to use it, free to you to choose any, but we chose yes.

Then you can choose the port for your VPN. We don't recommend to use the default port for security reasons, therefore use a custom or a random one. We chose random, but you may want to choose an easy to remember, or maybe you already have decided which one you'd use.

Now, select the protocol, UDP is recommended for a VPN, and use TCP only if you don't have any other choice.

The installer now needs you to choose a DNS resolver, if you don't know which one to use you can use the default as we did.

Then you have to choose if you want to use compression and customize encryption, and we said no to both as the first one is used by an attack and the other needs you to know what you are doing with it.

After all that, the installer has everything it needs and you are prompted to press any key for it to start the real setup.

It'll start downloading the right packages for OpenVPN to run and to be secure.

Et voilà, after some time the prompt stops, and OpenVPN is installed and the client configuration starts.

If you followed the last chapter about OpenVPN installation, the scripts directly asks you to enter a client name. Here we'll enter the client we'll use outside our place (usually your lab/work/school laptop). For example, if your laptop is named “balthasar” then you enter “balthasar”, simple.

Then, you have to choose if you want to protect the configuration file with a password. The default is no but we are never too secure, so we chose yes.

You will now be prompted to enter the pass phrase to protect the config file, and to repeat the password, which we complied to do.

And there you are, the client configuration file is generated, and put in $PWD/balthasar.ovpn. Also, the certificate is in /etc/openvpn/easy-rsa/pki/issued/balthasar.crt