Okay, Before we begin.. This panel is still in development phase.. But so far its the best, quick, easiest one ive found. Its clean and neat, tidy!

So lets begin!!

Login to your fresh server, As root (of course!)

Add APT Repo

cd ~

sh -c 'echo "deb [trusted=yes] https://cad.github.io/ovpm/deb/ ovpm main" >> /etc/apt/sources.list'
sudo apt update

Install OVPM

sudo apt install ovpm openvpn

Enable ovpmd

systemctl start ovpmd
systemctl enable ovpmd

Now, We need to begin the setup.. So lets begin!

Perform the INIT of the OpenVPN Server

$ ovpm vpn init --hostname vpn.server.net

Add the Administrator account for the WebUI

$ ovpn user create -p admin -p MySecretPASS --admin

Generate the ovpn configuration file for the administrator (We admins deserve a config too eh?)

$ ovpn user genconfig -u admin

This creates admin.ovpn in the current directory.

Generate the first network for the users to be assocated with.

$ ovpm net def --name MyFirstNetwork --type SERVERNET --cidr 10.9.0.0/24

Now we need to put the administrator into that network.

$ ovpm net assoc --net MyFirstNetwork --user admin

Thats it. Below is a example of every valid command, and explanation of the usage along with the iptables ruleset that goes along with openvpn.

Finishing Up!

Now that all of the above is completed. You can access the WebUI at

http://<your_server>:8080/

Login with the credentials from above. And finish adding your users to the server, or you can just use the CLI.

$ ovpmd --web-port 9090
INFO[0000] OVPM 0.2.4 is running gRPC:9090, REST:80 ...

$ ovpm vpn init --hostname <vpn.example.com>
INFO[0004] ovpm server initialized

$ ovpm user create -u joe -p verySecretPassword
INFO[0000] user created: joe

$ ovpm user genconfig -u joe
INFO[0000] exported to joe.ovpn

$ ovpm user create -u joe -p joerocks
INFO[0000] user created: joe

$ ovpm user list

+---+-----------+------+---------+-----------+---------+
| # | USERNAME | IP | CREATED
AT | VALID CRT | PUSH GW |
+---+-----------+------+---------+-----------+---------+
| 1 | joe | 10.9.0.2/24 | 10/4/17 | true     | true    |
+---+-----------+------+---------+-----------+---------+

$ ovpm user update -u joe --password

$ ovpm user update -u joe --admin

$ ovpm user update -u joe --no-admin

$ ovpm user update -u joe --static 10.9.0.55

$ ovpm user update -u joe --no-static

$ ovpm user update -u joe --gw

$ ovpm user update -u joe --no-gw

$ ovpm net types
+---+-----------+-------------------------------+
| 1 | SERVERNET | network behind vpn server     |
| 2 | ROUTE     | network to be pushed as route |
+---+-----------+-------------------------------+

$ ovpm net def --name example1 --type SERVERNET --cidr 172.16.16.0/24
INFO[0000] network created: asd (172.16.16.0/24)

$ ovpm net def --name example2 --type ROUTE --cidr 8.8.8.8/32
INFO[0000] network created: asd (172.16.16.0/24)

$ ovpm net def --name example3 --type ROUTE --cidr 8.8.8.8/32 --via 192.168.1.1
INFO[0000] network created: asd (172.16.16.0/24)

$ ovpm net undef --net example1
INFO[0000] network deleted: example1 (172.16.16.0/24)

$ ovpm net list

+---+----------+--------+-----------+-------+-----------+
| 1 | example1 | 172.16.16.0/24             | SERVERNET |
| 2 | example2 | 8.8.8.8/32 via vpn-server  | ROUTE     |
| 3 | example3 | 8.8.4.4/32 via 192.168.1.1 | ROUTE     |
+---+----------+--------+-----------+-------+-----------+

$ ovpm net assoc --net example1 --user joe
INFO[0000] network associated: user:joe <-> network:example1

$ ovpm net dissoc --net example1 --user joe
INFO[0000] network dissociated: user:joe <-> network:example1

Now, The IPTables ruleset you'll need to use here will be.

IPTable Rules:

*nat

:PREROUTING ACCEPT [39:2716]
:INPUT ACCEPT [9:316]
:OUTPUT ACCEPT [112:7504]
:POSTROUTING ACCEPT [112:7504]
-A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to-source your.public.ip.here
-A POSTROUTING -s 10.9.0.0/24 ! -d 10.9.0.0/24 -j SNAT --to-source your.public.ip.here

COMMIT

*filter
:INPUT ACCEPT [1251:105053]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1193:106138]
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 465 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 995 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1197 -j ACCEPT
-A INPUT -p udp -m udp --dport 1197 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.8.0.0/24 -j ACCEPT
-A FORWARD -s 10.9.0.0/24 -j ACCEPT

COMMIT

Save the above ruleset to /etc/iptables.rules.

Then issue the command

iptables-restore < /etc/iptables.rules

That should do the trick. Then just download the .ovpn from either FTP/WEB. Load it into whatever client/device. Activate it. And boom. Free OpenVPN Server. Well not free. But better than paying someone to do this for you, host this for you, manage this for you :)