Home » Tools » Build Your Own Private VPN

Build Your Own Private VPN with OpenVPN Access Server

What is OpenVPN Access Server?

OpenVPN Access Server (AS) is a secure, battle-tested VPN server based on the OpenVPN protocol. It gives you an admin web UI, user accounts, and one-click client profiles—so non-technical users can connect easily. The free license allows 2 concurrent users, perfect for personal use or a small lab.

Why use a private VPN (instead of a public VPN)?

  • Privacy & control: Your traffic terminates on your server. You decide logging, DNS, users, and security policy.

  • Stable location/IP: Keep a consistent country/IP (e.g., US) for services, dashboards, or automations.

  • Secure on public Wi-Fi: Your device encrypts all traffic to your server; local snoops can’t see contents.

  • Multi-device & easy onboarding: Create user accounts, issue profiles, and revoke access instantly.

  • Cost-effective & scalable: Start on a tiny VM; scale up only if you need more speed or users.

One-Time Setup: Install OpenVPN AS on a Kali Linux VM (Docker)

Works on Kali (Debian-based). If your Kali VM is behind a router, port-forward 443/TCP, 943/TCP, 1194/UDP (and 22/TCP if you need SSH) to the VM.

Code:

# 1) Update OS
sudo apt update && sudo apt -y upgrade

# 2) Install Docker
sudo apt -y install docker.io
sudo systemctl enable –now docker

# 3) Ensure the TUN device exists (required for VPN)
sudo modprobe tun
[ -e /dev/net/tun ] || { sudo mkdir -p /dev/net; sudo mknod /dev/net/tun c 10 200; sudo chmod 0666 /dev/net/tun; }
ls -l /dev/net/tun

# 4) Create a persistent config directory
sudo mkdir -p /srv/openvpn-as

# 5) Run OpenVPN Access Server with the needed capabilities
sudo docker run -d –name openvpn-as –restart unless-stopped \
–cap-add=NET_ADMIN \
–cap-add=NET_RAW \
–device /dev/net/tun \
-p 443:443 -p 943:943 -p 1194:1194/udp \
-v /srv/openvpn-as:/openvpn \
openvpn/openvpn-as:latest

# 6) Create your admin/user account (replace PASSWORD)
sudo docker exec -it openvpn-as /usr/local/openvpn_as/scripts/sacli \
–user mina –new_pass ‘PASSWORD’ SetLocalPassword

# 7) Grant admin (superuser) rights
sudo docker exec -it openvpn-as /usr/local/openvpn_as/scripts/sacli \
–user mina –key “prop_superuser” –value “true” UserPropPut

# 8) Ensure the user is allowed to connect
sudo docker exec -it openvpn-as /usr/local/openvpn_as/scripts/sacli \
–user mina –key “type” –value “user_connect” UserPropPut

# 9) Start/verify services
sudo docker exec -it openvpn-as /usr/local/openvpn_as/scripts/sacli start
sudo docker exec -it openvpn-as /usr/local/openvpn_as/scripts/sacli Status

 

 

Finish in the Web UI

  • Admin UI: https://<KALI_PUBLIC_OR_LAN_IP>:943/admin → log in as mina.

    • Configuration → Network Settings: set Hostname or IP to your public IP/DNS (or LAN IP for internal use).

    • Ensure Routing/NAT = Yes (redirect internet traffic) → SaveApply.

  • Client Portal: https://<KALI_PUBLIC_OR_LAN_IP>/ → users sign in, download OpenVPN Connect and their profile → Connect.

Optional: Host Firewall (UFW)

 

sudo apt -y install ufw
sudo ufw allow 22/tcp
sudo ufw allow 443/tcp
sudo ufw allow 943/tcp
sudo ufw allow 1194/udp
sudo ufw –force enable
sudo ufw status

Notes

  • The free OpenVPN AS license supports 2 concurrent users (you can add more accounts; only two can connect at once).

  • For a US exit IP, host the Kali VM in a US region—or use a US VPS and run the same commands.

  • Your server config persists in /srv/openvpn-as. To update the container later:

 

sudo docker pull openvpn/openvpn-as:latest
sudo docker stop openvpn-as && sudo docker rm openvpn-as
sudo docker run -d –name openvpn-as –restart unless-stopped \
–cap-add=NET_ADMIN –cap-add=NET_RAW –device /dev/net/tun \
-p 443:443 -p 943:943 -p 1194:1194/udp \
-v /srv/openvpn-as:/openvpn \
openvpn/openvpn-as:latest

 

This gives you a clean, secure private VPN with easy onboarding for Windows/macOS/iOS/Android—and full control over your traffic and location.

Scroll to Top