Sign in Subscribe
Web Hosting Articles

How to Implement Virtual Private Network (VPN) Site-to-Site Connectivity on Your VPS

How to Implement Virtual Private Network (VPN) Site-to-Site Connectivity on Your VPS

Setting up a Site-to-Site VPN on a Virtual Private Server (VPS) involves a few steps. This guide assumes you have two VPS instances, one acting as the server and another as the client.

Prerequisites:

  1. Access to Two VPS Instances: One will act as the VPN server and the other as the VPN client.
  2. Root Access: You need to have root access to both VPS instances.

Step 1: Choose a VPN Protocol

There are various VPN protocols available, including OpenVPN, IPSec, WireGuard, etc. For simplicity, I'll outline the steps using OpenVPN.

Step 2: Install OpenVPN

On the Server:

  1. Update Your System:sqlCopy codesudo apt update
    sudo apt upgrade
  2. Install OpenVPN:Copy codesudo apt install openvpn
  3. Generate Certificates and Keys:bashCopy codesudo bash /usr/share/easy-rsa/easyrsa init-pki
    sudo bash /usr/share/easy-rsa/easyrsa build-ca
    sudo bash /usr/share/easy-rsa/easyrsa build-server-full server nopass
    sudo bash /usr/share/easy-rsa/easyrsa gen-dh
  4. Generate Client Certificates (optional):bashCopy codesudo bash /usr/share/easy-rsa/easyrsa build-client-full client1 nopass

On the Client:

  1. Install OpenVPN:Copy codesudo apt install openvpn
  2. Generate Client Certificates (if not generated on the server):bashCopy codesudo bash /usr/share/easy-rsa/easyrsa build-client-full client2 nopass

Step 3: Configuration

On the Server:

  1. Copy Keys and Certificates:bashCopy codesudo cp /etc/openvpn/easy-rsa/pki/ca.crt /etc/openvpn
    sudo cp /etc/openvpn/easy-rsa/pki/dh.pem /etc/openvpn
    sudo cp /etc/openvpn/easy-rsa/pki/private/server.key /etc/openvpn
    sudo cp /etc/openvpn/easy-rsa/pki/issued/server.crt /etc/openvpn
  2. Copy Server Configuration:bashCopy codesudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
    sudo gzip -d /etc/openvpn/server.conf.gz
  3. Edit Server Configuration:bashCopy codesudo nano /etc/openvpn/server.conf
    Make necessary changes, including IP addresses, ports, certificates, and keys.

On the Client:

  1. Copy Client Certificates:bashCopy codesudo cp /etc/openvpn/easy-rsa/pki/ca.crt /etc/openvpn
    sudo cp /etc/openvpn/easy-rsa/pki/private/client.key /etc/openvpn
    sudo cp /etc/openvpn/easy-rsa/pki/issued/client.crt /etc/openvpn
  2. Copy Client Configuration:bashCopy codesudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/
  3. Edit Client Configuration:bashCopy codesudo nano /etc/openvpn/client.conf
    Update with the appropriate values.

Step 4: Start OpenVPN

On Both Server and Client:

  1. Start the OpenVPN Service:graphqlCopy codesudo systemctl start openvpn@server # On the server
    sudo systemctl start openvpn@client # On the client
  2. Enable Auto-Start on Boot:bashCopy codesudo systemctl enable openvpn@server # On the server
    sudo systemctl enable openvpn@client # On the client

Step 5: Firewall Rules

Make sure your VPS firewall (like UFW) allows traffic on the OpenVPN port (default is UDP 1194).

Step 6: Verify the Connection

You should be able to ping each VPS from the other by their VPN IP addresses.

Step 7: Troubleshooting

Check logs in /var/log/syslog for any error messages related to OpenVPN.

Remember to adapt the above steps according to your specific VPS configurations, operating systems, and networking requirements. Always ensure that you're following best security practices and keeping your systems up-to-date.

Read next