Introducing Scaleway NextGen NVMe Cloud Servers with Hot-Snapshots. 🚀


Community tutorials and documentations

Get your VPN server ready to use in one-click with the OpenVPN InstantApp

Get your VPN server ready to use in one-click with the OpenVPN InstantApp

This page shows you how to use the OpenVPN InstantApp on your Scaleway instance.

OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. The OpenVPN InstantApp is a fast and simple way to protect your online privacy and surf anonymously.

OpenVPN InstantApp comes with:

  • OpenVPN server
  • A client configuration profile to setup your client


  • You have an account and are logged into
  • You have configured your SSH Key
  • You have installed a VPN client on your local machine

There are three steps to begin with the OpenVPN InstantApp

  • Create and start a new instance using the OpenVPN InstantApp
  • Download the client profile on your local machine
  • Configure your client

Step 1 - Create and start a new instance using the OpenVPN InstantApp

First, we need to create a new server using the OpenVPN InstantApp. Click the “Create Server” button in the control panel.

Control Panel

You land on the server creation page where you must input information and choose an image.

Create server basic information

After inputting your server basic information, select the OpenVPN image for your server.
On the ImageHub tab, select OpenVPN and click the “Create Server” button.

The server is starting with a fully configured and ready to use OpenVPN server.

Step 2 - Create a VPN user

The OpenVPN server running, connect it with ssh. The message of the day (MOTD) when you connect your server displays the path and the url to retrieve the VPN client file that we will use to connect to the VPN server.

Welcome on OpenVPN (GNU/Linux 4.4.114-mainline-rev1 x86_64 )

System information as of: Mon Feb  5 11:51:23 UTC 2018

System load:	0.04		Int IP Address:
Memory usage:	0.0%		Pub IP Address:
Usage on /:	2%		Swap usage:	0.0%
Local Users:	0		Processes:	94
Image build:	2017-08-03	System uptime:	1 min
Disk vda:	l_ssd 50G

Image source:

It's the first boot, we are crafting your keys,
this is going to take a long time... ~30m since the boot

Run this command to be notified when your service is ready:
        $ scw-ovpn status

Step 1 - Create a new user using scw-vpn

Once your instance is ready, you can create a new user with the scw-ovpn tool:

root@scw-942e6e:~# scw-ovpn
This wrapper helps you manage your openvpn server.
Use these commands to create an user and get a link to its configuration:
	$ scw-ovpn create MYUSER
	$ scw-ovpn serve MYUSER

If you do not want to transfer your configuration over cleartext HTTP, type this command on your own machine:
	$ ssh root@ scw-ovpn show MYUSER > MYUSER.ovpn

You could also copy-paste the output of:
	$ scw-ovpn show MYUSER

Or even use port forwarding to tunnel your requests to the port the http server listens on when running '$ scw-ovpn serve  ...'.

Choose the way you like and understand !

	$ scw-ovpn status
	shows the status of the initial openvpn configuration

	$ scw-ovpn create CLIENTNAME
	create a new certificate with name CLIENTNAME

	$ scw-ovpn list
	list all available and revoked clients in separate lists

	$ scw-ovpn revoke CLIENTNAME
	revoke the certificate for CLIENTNAME. This client will not be able to connect afterwards.

	$ scw-ovpn show CLIENTNAME
	shows the openvpn config file for client CLIENTNAME

	$ scw-ovpn serve CLIENTNAME
	starts an HTTP server you can download your openvpn client configuration from

	$ scw-ovpn add-instance PROTOCOL PORT ID
	add an openvpn instance listenning on PORT with PROTOCOL.
	protocol must be one of udp and tcp.

	$ scw-ovpn del-instance ID
	removes the openvpn instance with subnet id ID

	$ scw-ovpn list-instances
	list all running openvpn instances

To create a new user run it with the following command scw-ovpn create CLIENTNAME. It will automatically generate the configuration for the client CLIENTNAME.

You can download the configuration file from your server either via SSH or by starting a HTTP server that provides an URL to download the files directly on your computer: scw-ovpn serve CLIENTNAME

root@scw-942e6e:~# scw-ovpn serve ovpn
You can now download the openvpn client configuration at :
>>> Press ENTER to stop serving the config file
Serving HTTP on port 4242 ...

Download the configuration file from the URL displayed in the MOTD. We assume that you have already installed a VPN client.

Open the configuration with you VPN client.

Control Panel

Once the configuration is loaded, start a new connection using the VPN profile we just installed.

Control Panel

You are now connected and all your traffic is routed through the OpenVPN server. You can validate is fine by looking that your public IP match the public IP of the server.


With the OpenVPN InstantApp you can easily protect your online privacy and surf anonymously. No heavy setup actions are required to get it works and create secure point-to-point connections.

If you have any suggestion or question about this tutorial, please leave a comment in our Community.

Discover a New Cloud Experience

Deploy SSD Cloud Servers in seconds.