Okay, Before we begin.. This panel is still in development phase.. But so far its the best, quick, easiest one ive found. Its clean and neat, tidy!

So lets begin!!

Login to your fresh server, As root (of course!)

Add APT Repo

cd ~

sh -c 'echo "deb [trusted=yes] https://cad.github.io/ovpm/deb/ ovpm main" >> /etc/apt/sources.list'
sudo apt update

Install OVPM

sudo apt install ovpm openvpn

Enable ovpmd

systemctl start ovpmd
systemctl enable ovpmd

Now, We need to begin the setup.. So lets begin!

Perform the INIT of the OpenVPN Server

$ ovpm vpn init --hostname vpn.server.net

Add the Administrator account for the WebUI

$ ovpn user create -p admin -p MySecretPASS --admin

Generate the ovpn configuration file for the administrator (We admins deserve a config too eh?)

$ ovpn user genconfig -u admin

This creates admin.ovpn in the current directory.

Generate the first network for the users to be assocated with.

$ ovpm net def --name MyFirstNetwork --type SERVERNET --cidr

Now we need to put the administrator into that network.

$ ovpm net assoc --net MyFirstNetwork --user admin

Thats it. Below is a example of every valid command, and explanation of the usage along with the iptables ruleset that goes along with openvpn.

Finishing Up!

Now that all of the above is completed. You can access the WebUI at


Login with the credentials from above. And finish adding your users to the server, or you can just use the CLI.

$ ovpmd --web-port 9090
INFO[0000] OVPM 0.2.4 is running gRPC:9090, REST:80 ...

$ ovpm vpn init --hostname <vpn.example.com>
INFO[0004] ovpm server initialized

$ ovpm user create -u joe -p verySecretPassword
INFO[0000] user created: joe

$ ovpm user genconfig -u joe
INFO[0000] exported to joe.ovpn

$ ovpm user create -u joe -p joerocks
INFO[0000] user created: joe

$ ovpm user list

| 1 | joe | | 10/4/17 | true     | true    |

$ ovpm user update -u joe --password

$ ovpm user update -u joe --admin

$ ovpm user update -u joe --no-admin

$ ovpm user update -u joe --static

$ ovpm user update -u joe --no-static

$ ovpm user update -u joe --gw

$ ovpm user update -u joe --no-gw

$ ovpm net types
| 1 | SERVERNET | network behind vpn server     |
| 2 | ROUTE     | network to be pushed as route |

$ ovpm net def --name example1 --type SERVERNET --cidr
INFO[0000] network created: asd (

$ ovpm net def --name example2 --type ROUTE --cidr
INFO[0000] network created: asd (

$ ovpm net def --name example3 --type ROUTE --cidr --via
INFO[0000] network created: asd (

$ ovpm net undef --net example1
INFO[0000] network deleted: example1 (

$ ovpm net list

| 1 | example1 |             | SERVERNET |
| 2 | example2 | via vpn-server  | ROUTE     |
| 3 | example3 | via | ROUTE     |

$ ovpm net assoc --net example1 --user joe
INFO[0000] network associated: user:joe <-> network:example1

$ ovpm net dissoc --net example1 --user joe
INFO[0000] network dissociated: user:joe <-> network:example1

Now, The IPTables ruleset you'll need to use here will be.

IPTable Rules:


:OUTPUT ACCEPT [112:7504]
-A POSTROUTING -s ! -d -j SNAT --to-source your.public.ip.here
-A POSTROUTING -s ! -d -j SNAT --to-source your.public.ip.here


:INPUT ACCEPT [1251:105053]
:OUTPUT ACCEPT [1193:106138]
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 465 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 995 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1197 -j ACCEPT
-A INPUT -p udp -m udp --dport 1197 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT


Save the above ruleset to /etc/iptables.rules.

Then issue the command

iptables-restore < /etc/iptables.rules

That should do the trick. Then just download the .ovpn from either FTP/WEB. Load it into whatever client/device. Activate it. And boom. Free OpenVPN Server. Well not free. But better than paying someone to do this for you, host this for you, manage this for you :)