In this tutorial, we are going to show you how you can easily create your own VPN server and use it for your personal daily use both on your computer and mobile phones. stop paying for the public VPN server.
Features of your own VPN server:
- High security, as you know no one else is using your server and you are the only one having access to.
- Maybe our internet provider block all public VPN servers so You can create your customized VPN server.
- CentOS 8 server with at least 512MB RAM
- Need a Domain for your VPN server here we are suing vpn.NullJungle.com
Step 1- Install OpenConnect VPN Server (OCserv) on CentOS 8
First your need to log in to your Centos 8 Server with SSH
then run the below command for installing the EPEL repository.
sudo dnf install epel-release sudo dnf install ocserv
Step 2 – Open Ports in Firewall
here we are going to use 443 Port as VPN server ports so lets open these ports on default centos 8 firewall :
sudo firewall-cmd --permanent --add-port=443/tcp sudo firewall-cmd --permanent --add-port=443/udp
Also we are going to generate SSL with let’s encrypted so we need to open Port 80 too :
sudo firewall-cmd --permanent --add-port=80/tcp
now reload firewall to everything take effect.
sudo systemctl reload firewalld
Step 3 – Install Let’s Encrypt and Generate SSL
Run the following command to install the Let’s Encrypt client (certbot) on CentOS 8.
sudo dnf install certbot
Generate and obtain SSL:
the below code will generate SSL for our domain: vpn.nulljungle.com
sudo certbot certonly --standalone --preferred-challenges http --agree-tos --email [email protected] -d vpn.nulljungle.com
for your own domain, you need to change “vpn.nulljungle.com” and email “[email protected]”.
Step 4 – Edit OCserv VPN Server Configuration File
Now you should edit configuration files of OCcserv and set some settings :
sudo nano /etc/ocserv/ocserv.conf
irst, configure password authentication. By default, password authentication through PAM (Pluggable Authentication Modules) is enabled, which allows you to use CentOS system accounts to login from VPN clients. This behavior can be disabled by commenting out the following line.
auth = "pam"
auth = "plain[passwd=/etc/ocserv/ocpasswd]"
then you should set SSL key and cert file, find the blow files :
server-cert = /etc/pki/ocserv/public/server.crt server-key = /etc/pki/ocserv/private/server.key
replace them with your generated SSL file which you did on step 3:
server-cert = /etc/letsencrypt/live/vpn.yourdomain.com/fullchain.pem server-key = /etc/letsencrypt/live/vpn.yourdomain.com/privkey.pem
It’s recommended to enable LZ4 compression, so uncomment the following line.
compression = true
and use some more settings for better VPN server :
max-clients = 0
max-same-clients = 0
keepalive = 30
try-mtu-discovery = true
default-domain = vpn.yourdomain.com
ipv4-network = 10.10.10.0 ipv4-netmask = 255.255.255.0
tunnel-all-dns = true
dns = 22.214.171.124 dns = 126.96.36.199
Save and close the file.(ctrl+x)
Step 5 – Creating VPN Accounts
sudo ocpasswd -c /etc/ocserv/ocpasswd username
You will be asked to set a password for the user and the information will be saved to
/etc/ocserv/ocpasswd file. To reset the password, simply run the above command again.
now just start your ocserv services:
sudo systemctl start ocserv
and enable it on boot time
sudo systemctl enable ocserv
Step 6 – Enable IP Forwarding in Linux Kernel
In order for the VPN server to route packets between VPN client and the Internet, we need to enable IP forwarding. Edit
sudo nano /etc/sysctl.conf
Add the following line at the end of this file.
net.ipv4.ip_forward = 1
Save and close the file. Then apply the changes with the below command. The -p option will load sysctl settings from /etc/sysctl.conf file. This command will preserve our changes across system reboots.
sudo sysctl -p
Step 7 – Configure IP Masquerading in Firewall
Run the following command to enable IP masquerading for the
10.10.10.0/24 subnet in the server firewall. as we set before on ocserv configuration files.
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.10.10.0/24" masquerade'
now reset the firewall to take effect
sudo systemctl reload firewalld
Step 8 – Connect to your Own VPN Server
It’s time for your testing. You can connect to your VPN server with Windows, Linux, Android and IOS.
– windows :
Download Cisco AnyConnect Secure Mobility Client: here | 12.93 MB
Enter your domain which you set on this tutorial and push connect button.
it will ask you the username and password which you set on Step 5.
now it will connect you and you can use your VPN server.
– Android :
Download here: https://play.google.com/
– IOS :
Download here: https://apps.apple.com/
If you have any problem or question you can ask us down below on comment section