Raw commands from: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04
With some tweaks so you don't have to open nano
/vim
Also includes an OpenVZ tweak
apt update
apt upgrade -y
apt install -y openvpn easy-rsa
make-cadir ~/openvpn-ca
cd ~/openvpn-ca
sed -i 's/export KEY_NAME="EasyRSA"/export KEY_NAME="server"/g' vars
cd ~/openvpn-ca
source vars
./clean-all
./build-ca
./build-key-server server
enter y to two questions
./build-dh
openvpn --genkey --secret keys/ta.key
cd ~/openvpn-ca
source vars
# Change client1 to account name
./build-key client1
enter and y for the prompts
cd ~/openvpn-ca/keys
sudo cp ca.crt server.crt server.key ta.key dh2048.pem /etc/openvpn
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf
sed -i 's/;tls-auth ta.key 0 # This file is secret/tls-auth ta.key 0 # This file is secret\nkey-direction 0/g' /etc/openvpn/server.conf
sed -i 's/;cipher AES-128-CBC/cipher AES-128-CBC\nauth SHA256/g' /etc/openvpn/server.conf
sed -i 's/;user nobody/user nobody/g' /etc/openvpn/server.conf
sed -i 's/;group nogroup/group nogroup/g' /etc/openvpn/server.conf
sed -i 's/;push "redirect-gateway def1 bypass-dhcp"/push "redirect-gateway def1 bypass-dhcp"/g' /etc/openvpn/server.conf
sed -i 's/;push "dhcp-option DNS/push "dhcp-option DNS/g' /etc/openvpn/server.conf
sed -i 's/port 1194/port 443/g' /etc/openvpn/server.conf
sed -i 's/;proto tcp/proto tcp/g' /etc/openvpn/server.conf
sed -i 's/proto udp/;proto udp/g' /etc/openvpn/server.conf
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
sudo sysctl -p
apt install -y ufw
ip route | grep default #for openvz venet0
sed -i '10i\\n# START OPENVPN RULES\n# NAT table rules\n*nat\n:POSTROUTING ACCEPT [0:0] \n# Allow traffic from OpenVPN client to wlp11s0 (change to the interface you discovered)\n-A POSTROUTING -s 10.8.0.0/8 -o venet0 -j MASQUERADE\nCOMMIT\n# END OPENVPN RULES' /etc/ufw/before.rules
sed -i 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/g' /etc/default/ufw
sudo ufw allow https
sudo ufw allow OpenSSH
sudo ufw enable
sed -i 's/LimitNPROC=10/#LimitNPROC=10/g' /lib/systemd/system/openvpn@.service
systemctl daemon-reload
sudo systemctl start openvpn@server
sudo systemctl status openvpn@server
mkdir -p ~/client-configs/files
chmod 700 ~/client-configs/files
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/client-configs/base.conf
# Replace server_IP_address
sed -i 's/remote my-server-1 1194/remote server_IP_address 443/g' ~/client-configs/base.conf
sed -i 's/;proto tcp/proto tcp/g' ~/client-configs/base.conf
sed -i 's/proto udp/;proto udp/g' ~/client-configs/base.conf
sed -i 's/;user nobody/user nobody/g' ~/client-configs/base.conf
sed -i 's/;group nogroup/group nogroup/g' ~/client-configs/base.conf
sed -i 's/ca ca.crt/#ca ca.crt/g' ~/client-configs/base.conf
sed -i 's/cert client.crt/#cert client.crt/g' ~/client-configs/base.conf
sed -i 's/key client.key/#key client.key/g' ~/client-configs/base.conf
sed -i 's/;cipher x/cipher AES-128-CBC/g' ~/client-configs/base.conf
echo "auth SHA256" >> ~/client-configs/base.conf
echo "key-direction 1" >> ~/client-configs/base.conf
echo "# script-security 2" >> ~/client-configs/base.conf
echo "# up /etc/openvpn/update-resolv-conf" >> ~/client-configs/base.conf
echo "# down /etc/openvpn/update-resolv-conf" >> ~/client-configs/base.conf
wget https://gist.githubusercontent.com/miketweaver/b358e09ac688036491f28ae4d561f31f/raw/make_config.sh -O ~/client-configs/make_config.sh
chmod 700 ~/client-configs/make_config.sh
cd ~/client-configs
# Replace client1 with username.
./make_config.sh client1
ls ~/client-configs/files