In this article i am showing how to install OpenVPN client on RPM/DEB-based Linux distributions and configure it to connect to OpenVPN server.
Particularly i will show an example of OpenVPN client configuration file that i use to connect to OpenVPN server with certificates and username/password-based authentication, how to create a systemd service for OpenVPN client and how to configure it to start on the system’s boot.
Install OpenVPN Client
Use one of the commands below, depending on your Linux distribution, to install OpenVPN.
Fedora/CentOS/RedHat:
$ sudo yum install openvpn
Ubuntu/Debian/Raspbian:
$ sudo apt install openvpn
Config OpenVPN Client
Create OpenVPN client configuration file and save it in /etc/openvpn/client/ directory.
OpenVPN Sample Configuration Files: Depending on your Linux distribution, if you have installed OpenVPN from an RPM or DEB package, you can find sample-config-files directory in /usr/share/doc/packages/openvpn (Fedora/CentOS/RedHat) or /usr/share/doc/openvpn (Ubuntu/Debian/Raspbian).
OpenVPN client config file example:
$ cat /etc/openvpn/client/connect-sample.conf client tls-client ca /etc/openvpn/keys/connect-sample-ca.crt cert /etc/openvpn/keys/connect-sample.crt key /etc/openvpn/keys/connect-sample.key auth-user-pass /etc/openvpn/keys/connect-sample-creds.conf dev tun proto tcp-client remote <openvpn-server-fqdn> <port> resolv-retry infinite nobind persist-key persist-tun cipher AES-256-CBC auth SHA1 verb 4 redirect-gateway autolocal # Redirect all the traffic into the tunnel
In the example above, my OpenVPN client is configured to connect to OpenVPN server using certificates and username/password-based authentication.
Create a folder to store certificates and and a file with credentials:
$ sudo mkdir /etc/openvpn/keys
Save credentials in /etc/openvpn/keys/connect-sample-creds.conf file:
$ cat /etc/openvpn/keys/connect-sample-creds.conf <username> <password>
Also save your certificates in /etc/openvpn/keys/ folder and set more strict permissions:
$ sudo chmod 0600 /etc/openvpn/keys/* $ sudo ls -al /etc/openvpn/keys/ total 16 -rw------- 1 pi pi 1224 Apr 18 20:49 connect-sample-ca.crt -rw------- 1 pi pi 24 Apr 18 21:55 connect-sample-creds.conf -rw------- 1 pi pi 1237 Apr 18 20:49 connect-sample.crt -rw------- 1 pi pi 1704 Apr 18 20:50 connect-sample.key
Start OpenVPN client service:
$ sudo systemctl start openvpn-client@connect-sample
To configure OpenVPN client service to start automatically on system’s boot, enable the service using the following command:
$ sudo systemctl enable openvpn-client@connect-sample
Troubleshoot OpenVPN Client Connection Issues
Check your public IP:
$ curl ifconfig.co
Check OpenVPN client service status:
$ systemctl status openvpn-client@connect-sample
Check logs:
$ journalctl -u openvpn-client@connect-sample