Guides - Deploying OpenVPN through the Linode Marketplace
Quickly deploy a Compute Instance with many various software applications pre-installed and ready to use.
OpenVPN is a widely trusted, free, and open-source VPN (virtual private network) application that creates encrypted tunnels for secure data transfer between computers that are not on the same local network. Your traffic is encrypted by OpenVPN using OpenSSL. You can use OpenVPN to:
Connect your computer to the public Internet through a dedicated OpenVPN server. By encrypting your traffic and routing it through an OpenVPN server that you control, you can protect yourself from network attacks when using public Wi-Fi.
Connect your computer to services that you don’t want to expose to the public Internet. Keep your sensitive applications isolated on your servers’ private networking and use OpenVPN to access them remotely.
Deploying a Marketplace App
The Linode Marketplace allows you to easily deploy software on a Compute Instance using the Cloud Manager. See Get Started with Marketplace Apps for complete steps.
Log in to the Cloud Manager and select the Marketplace link from the left navigation menu. This displays the Linode Create page with the Marketplace tab pre-selected.
Under the Select App section, select the app you would like to deploy.
Complete the form by following the steps and advice within the Creating a Compute Instance guide. Depending on the Marketplace App you selected, there may be additional configuration options available. See the Configuration Options section below for compatible distributions, recommended plans, and any additional configuration options available for this Marketplace App.
Click the Create Linode button. Once the Compute Instance has been provisioned and has fully powered on, wait for the software installation to complete. If the instance is powered off or restarted before this time, the software installation will likely fail.
To verify that the app has been fully installed, see Get Started with Marketplace Apps > Verify Installation. Once installed, follow the instructions within the Getting Started After Deployment section to access the application and start using it.
NoteEstimated deployment time: OpenVPN should be fully installed within 2-5 minutes after the Compute Instance has finished provisioning.
Configuration Options
- Supported distributions: Debian 11, Ubuntu 20.04 LTS
- Recommended minimum plan: All plan types and sizes can be used, though consider the amount of traffic needed for the VPN and select a plan with enough Outbound Network Transfer to handle the expected traffic.
OpenVPN Options
NoteThe admin password for the OpenVPN application is no longer manually entered when creating the Compute Instance. Instead, this password is now automatically generated. See Obtaining the Admin Password for instructions on viewing the admin password after deployment.
Limited User (Optional)
You can optionally fill out the following fields to automatically create a limited user for your new Compute Instance. This is recommended for most deployments as an additional security measure. This account will be assigned to the sudo group, which provides elevated permission when running commands with the sudo
prefix.
- Limited sudo user: Enter your preferred username for the limited user.
- Password for the limited user: Enter a strong password for the new user.
- SSH public key for the limited user: If you wish to login as the limited user through public key authentication (without entering a password), enter your public key here. See Creating an SSH Key Pair and Configuring Public Key Authentication on a Server for instructions on generating a key pair.
- Disable root access over SSH: To block the root user from logging in over SSH, select Yes (recommended). You can still switch to the root user once logged in and you can also log in as root through Lish.
Custom Domain (Optional)
If you wish to automatically configure a custom domain, you first need to configure your domain to use Linode’s name servers. This is typically accomplished directly through your registrar. See Use Linode’s Name Servers with Your Domain. Once that is finished, you can fill out the following fields for the Marketplace App:
- Linode API Token: If you wish to use the Linode’s DNS Manager to manage DNS records for your custom domain, create a Linode API Personal Access Token on your account with Read/Write access to Domains. If this is provided along with the subdomain and domain fields (outlined below), the installation attempts to create DNS records via the Linode API. See Get an API Access Token. If you do not provide this field, you need to manually configure your DNS records through your DNS provider and point them to the IP address of the new instance.
- Subdomain: The subdomain you wish to use, such as www for
www.example.com
. - Domain: The domain name you wish to use, such as example.com.
- Email address for the SOA record: The start of authority (SOA) email address for this server. This is a required field if you want the installer to create DNS records.
Getting Started After Deployment
Access Details
CautionOpenVPN Access Server is only accessible over an HTTPS connection (not HTTP). When accessing both the admin and client dashboards, your browser may warn you that the connection is not private, is not secure, or that there is a potential security risk. You must accept this risk to continue.
OpenVPN Admin Interface:
- URL:
https://192.0.2.1:943/admin/
, where192.0.2.1
represents the IPv4 address of your new Compute Instance. For assistance locating the IP address, see Managing IP Addresses. - Username:
openvpn
- Password: See Obtaining the Admin Password below.
For more details on logging in to the OpenVPN admin interface for the first time (as well as changing the initial password), see the Access Server Admin Web UI First Login article within OpenVPN’s docs.
OpenVPN Client Interface:
- URL:
https://192.0.2.1:943/
, where your Linode’s IPv4 address should take the place of the192.0.2.1
example address. The client interface includes links to download the OpenVPN client software for your computer.
Obtaining the Admin Password
The password for the main administrator account was automatically generated during the initial install process. To find this password, log in to your Compute Instance through the LISH Console. Your credentials should appear towards the end of the installation script.
Access Server Web UIs are available here:
Admin UI: https://192.0.2.1:943/admin
Client UI: https://192.0.2.1:943/
Login as "openvpn" with "password" to continue
(password can be changed on Admin UI)
+++++++++++++++++++++++++++++++++++++++++++++++
You can also obtain your password by running the following command:
cat /usr/local/openvpn_as/init.log | grep 'To login'
Open a Connection to your VPN
To open a connection to your OpenVPN server from your computer, you’ll need to install the OpenVPN client software. Follow the instructions in the Client Software Installation section of our OpenVPN guide for a detailed explanation of how to install and use this software.
NoteCurrently, Linode does not manage software and systems updates for Marketplace Apps. It is up to the user to perform routine maintenance on software deployed in this fashion.
More Information
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.
This page was originally published on