How to create your own VPN server on Ubuntu, Debian and CentOS

With the constant changes of city and country that I have had lately, I have had to use a lot of free Wi-Fi networks (even now I'm connected from a wifi that I got the key thanks to aircrack-ng, airmon-ng, airdump-ng, aireplay-ng which were already installed in Kali Linux), The problem is that these connections can compromise my information and we do not know who can be connected and make me know on the network. A solution to this problem is the one raised long ago by let's use linux en How to surf safely on open Wi-Fi networks, but there is also the possibility of solving it using a VPN, of which there are many free and paid ones that are easy to use and install, each with its pros and cons, but we can also create our own VPN server on Ubuntu, Debian and Centos.

Looking for the solution to this problem and prioritizing using a VPN that would give me other advantages, I managed to find a script that allows us to build a VPN server automatically with little interaction with the user.

cta nordvpn

What is the server configuration script?

It's a shell script allowing automatically configure a VPN server over IPsec in Ubuntu, Debian and CentOS quickly and easily, plus supports IPsec / L2TP and Cisco IPsec protocols. The user just needs to provide their own VPN credentials and let the script do the rest.

The server VPN over IPsec It encrypts network traffic, so that data cannot be eavesdropped while there is communication between the user and the VPN server. This is especially useful when using unsecured networks, for example in coffee shops, airports, or hotel rooms.

The script uses freewan which is an implementation of IPsec for Linux xl2tpd which is a L2TP provider.

The script can be used on any dedicated server or Virtual Private Server (VPS). Furthermore, it can be used directly as "user data" of Amazon EC2 For the launch of a new instance, this feature makes it ideal because it allows me to have a VPN up and running at any time and helps me take advantage of Amazon's offer of one year free of their VPS.

Features of the VPN over IPsec server configuration script

  • Configuration of a fully automated VPN over IPsec server, without user intervention
  • Supports the fastest protocol IPsec/XAuth ("Cisco IPsec")
  • Available docker images from the VPN server
  • Encapsulates all VPN traffic in UDP - ESP protocol is not required
  • It can be used directly as "user data" for new Amazon EC2 instances
  • Automatically determine the Public IP and Private IP of the server
  • Includes basic IPTables rules and allows you to adjust the sysctl.conf
  • Tested on Ubuntu 16.04 / 14.04 / 12.04, Debian 8 and CentOS 6 & 7

VPN over IPsec server configuration script requirements

A Dedicated Server or Virtual Private Server (VPS) is required, although it is recommended to use an instance of Amazon EC2, using one of these AMIs:

Installing the VPN over IPsec server configuration script

Installing the VPN over IPsec server configuration script on Ubuntu and Debian

The first thing you should do is update your system, for this run the following commands apt-get update && apt-get dist-upgrade and reboot.

 This step is not mandatory, but it is recommended that it be done.

To install the VPN, please select one of the following options:

Option 1: Generate the VPN credentials at random, which can be viewed when the installation is complete

wget -O && sudo sh

Option 2: Edit the script and provide your own VPN credentials

wget -O nano -w [Replace with your values: YOUR_IPSEC_PSK, YOUR_USERNAME and YOUR_PASSWORD] sudo sh

Option 3: Define VPN credentials as environment variables

# All values ​​must be enclosed within 'single quotes'
# Do not use these characters within the values: \ "'
wget -O && sudo \ VPN_IPSEC_PSK ='your_ipsec_pre_shared_key' \ VPN_USER ='your_vpn_username' \ VPN_PASSWORD ='your_vpn_password' sh

Installing the VPN over IPsec server configuration script on Centos

The first thing you should do is update your system, for this run the following commands yum update  and reboot.

 This step is not mandatory, but it is recommended that it be done.

Follow the same steps as in Ubuntu and Debian, but substituting by

Conclusions on the VPN over IPsec server configuration script

cta nordvpn

Well, once we have our VPN installed, we must connect to it through a VPN client, I recommend that we use OpenVPN, which we can install with the package manager of our distribution. That in the case of Debian and derivatives we can do it in the following way:

sudo apt-get install openvpn

This is a very elegant solution to connect to the internet in a safe way and have our own VPN which can also be used to

  • Access a work or home network when you are traveling.
  • Hide browsing data.
  • Enter geo-blocked sites.
  • And many other uses

And this is all guys I hope you enjoy it and get it going. If all this has seemed complicated to you and you prefer to keep it simple, you can always hire a VPN like Hidemyass, which in addition to having good opinions, offers very good offers for new users.


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

10 comments, leave yours

Leave a Comment

Your email address will not be published.



  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Rodrigo said

    Why did they cross out the part where he admits to having committed a crime? jajajjajajajjaja

  2.   hemnys said

    Hello friend, I have managed to install the VPN in an Amazon instance with ubuntu, but now what I cannot do to connect to the installed VPN, I think it is necessary to add the ports in the instance at the moment I have achieved that they are these: open TCP port 1723 and also open the protocol with ID 47 (GRE).
    For L2TP you have to open TCP port 1701; If you are going to use IPSec, you must open the UDP port 500 and the protocols of ID 50 (IPSec ESP) and 51 (IPSec AH), once I have added them I verify with netstat -ntpl in the instance but it does not Come be active, could you give me a hand please?

    1.    Luigys toro said

      For servers with an external firewall (for example EC2), you must open UDP ports 500 and 4500, and TCP port 22 (for SSH).

      To open additional ports on the server, edit /etc/iptables.rulesy / or /etc/iptables/rules.v4(Ubuntu / Debian), or / etc / sysconfig / iptables (CentOS). And restart the Server, although EC2, the convenient thing is with the external firewall.

  3.   atheriel said

    "The Freedom of the Code is directly proportional to the Growth of an Organization", an excellent statement.

  4.   Jose Luis said

    Thanks for the great script.
    I have managed to install it and it works with Iphone and Android, but I don't know how to use openVPN in linux as a client.

    The server I have installed in Ubuntu 16.04 terminal.

    Help please

  5.   rock-668 said

    Hello, how do I make it work with a dynamic ip?

    1.    Beavis said

      subscribe to in free version.

  6.   Oscar said

    Hello, my name is Oscar, I have installed this VPN server on my Linux server in a VPS, and my security study after 24 hours, is that it performs attacks, Smurf, performs connection scans and tries to intercept data, it only seems to be able to intervene All the keys that use non-secure protocols, that is, any connection that does not use encryption, immediately after I noticed, I closed my VPN connection and reset the VPS, since I created a restore point before starting this process.
    I expose all this so that the author and / or reader of this article who reads these comments is precarious when installing this VPN server, I say it all in good faith, and I thank the author for taking his time in writing this article.

    A greeting.

  7.   gerardo said

    when I do ifconfig tun0 it gives me this error
    Error fetching interface information: Device not found

  8.   pedro said

    Now I know why I don't use VPN…. because it is not easy and it is tedious to configure it. Is there not a simpler and more graphic way to do it?