DigitalOcean VPN Server Guide: Droplet and OpenVPN Access Server

Why Use DigitalOcean for Your VPN Server?

• Ease of Use: The OpenVPN Access Server image reduces setup complexity.
• Privacy: You control your server and data, unlike third-party VPNs.
• Affordable: Plans start at $5/month with 1TB of bandwidth.
• Scalable: Upgrade your Droplet as your needs grow.

Step-by-Step Setup Guide

Step 1: Create a DigitalOcean Account

• Visit digitalocean.com and sign up if you don’t have an account.
• Log in to access the dashboard.

Step 2: Create a New Droplet

1. Click “Create” > “Droplets” in the dashboard.
2. Choose an Image:
   • Go to the “Marketplace” tab.
   • Search for “OpenVPN Access Server” and select it.
3. Select a Plan:
   • The Basic plan (1GB RAM, 25GB storage, $5/month) works for most users.
   • Choose a higher plan if you expect heavy usage.
4. Choose a Datacenter Region:
   • Pick a region close to your location for better speed (e.g., New York if you’re in the US East Coast).
5. Authentication Method:
   • SSH Keys (Recommended): Secure and preferred. Follow DigitalOcean’s SSH key guide if new to this.
   • Password: Use a strong, unique password if you opt for this.
6. Additional Options (Optional):
   • Add backups or monitoring if desired (not required for VPN).
7. Hostname: Name your Droplet (e.g., “vpn-server”).
8. Click “Create Droplet” to deploy.

Step 3: Connect to Your Droplet

• Wait for the Droplet to finish creating (takes a minute or two). You’ll see its IP address in the dashboard.
• Using SSH Keys:
  • On macOS/Linux: Open Terminal and run ssh root@your_droplet_ip.
  • On Windows: Use PuTTY, entering your Droplet’s IP and SSH key.
• Using a Password:
  • Connect with the same tools, entering the password when prompted.
• Set OpenVPN Password:
  • On first login, you’ll be asked to set a password for the “openvpn” user. Choose a strong one (e.g., mix of letters, numbers, symbols).

Step 4: Access the OpenVPN Web Interface

• Open a browser and go to https://your_droplet_ip/admin.
• Ignore the security warning (self-signed certificate) and proceed.
• Log in with:
  • Username: openvpn
  • Password: The one you set in Step 3.

Step 5: Configure OpenVPN Access Server

• The web interface loads with default settings that work for most users.
• Add Users:
  • Navigate to “User Permissions”.
  • Add a username (e.g., “user1”) and save.
• Authentication: Local authentication is enabled by default. Advanced options like LDAP are available but optional.

Step 6: Download and Install the OpenVPN Client

• In your browser, go to https://your_droplet_ip (no “/admin”).
• Log in with the username you created (e.g., “user1”).
• Download the OpenVPN client for your device:
  • Options include Windows, macOS, Linux, iOS, or Android.
• Install the client following the provided instructions.

Step 7: Connect to Your VPN

• Open the installed client on your device.
• Use the downloaded configuration file or credentials to connect.
• Verify it works by visiting whatismyip.com. Your IP should match your Droplet’s IP.

Additional Tips and Considerations

• Bandwidth Monitoring:
  • DigitalOcean includes 1TB of outbound bandwidth on the $5 plan. Check usage in the dashboard to avoid overage fees.
• Security Best Practices:
  • Use SSH keys over passwords.
  • Keep your Droplet and OpenVPN updated (via the web interface or SSH).
• Optional Configurations:
  • Split Tunneling: Route only specific traffic through the VPN (configured in the client or server settings).
  • Custom DNS: Set in the OpenVPN admin interface if needed.
• Multiple Users: Add more users in the “User Permissions” section as needed.

Why This Setup Works

• Fast Setup: Takes less than 10 minutes with the marketplace image.
• Cost-Effective: Starts at $5/month, cheaper than many VPN subscriptions.
• Full Control: You manage your server and data.

Final Thoughts