Create client/server OpenVPN config pair to use in case if your provider blocks OpenVPN tunnel after it detect SSL/TLS handshake of OpenVPN

vps.sh

#!/usr/bin/env bash

set -xueo pipefail

IP=$1
PORT=$2

openvpn --genkey secret secret.key
trap 'rm secret.key' ERR EXIT

cat >/etc/openvpn/vps.conf <<_EOF
proto udp
local $IP
port $PORT
dev tun
ifconfig 10.8.0.1 10.8.0.2
cipher AES-256-CBC
verb 4
<secret>
$( awk '/-----BEGIN OpenVPN Static key V1-----/, /-----END OpenVPN Static key V1-----/' secret.key )
</secret>
_EOF

systemctl enable openvpn@vps
systemctl start openvpn@vps
systemctl status openvpn@vps

cat >client.ovpn <<_EOF
proto udp
remote $IP
port $PORT
dev tun
ifconfig 10.8.0.2 10.8.0.1
redirect-gateway def1 bypass-dhcp
cipher AES-256-CBC
verb 4
<secret>
$( awk '/-----BEGIN OpenVPN Static key V1-----/, /-----END OpenVPN Static key V1-----/' secret.key )
</secret>
_EOF

sysctl net.ipv4.ip_forward=1
sysctl -p

iptables -F
iptables -X
iptables -F -t nat
iptables -X -t nat

iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
iptables -A OUTPUT -o tun+ -j ACCEPT

iptables -L
iptables -L -t nat