In this article i am showing how to install OpenVPN client on RPM/DEB-based Linux distributions and configure it to connect to OpenVPN server.
Particularly i will show an example of OpenVPN client configuration file that i use to connect to OpenVPN server with certificates and username/password-based authentication, how to create a systemd service for OpenVPN client and how to configure it to start on the system’s boot.
Cool Tip: How to rename OpenVPN client interface (tun0, by default). Read more →
Install OpenVPN Client
Use one of the commands below, depending on your Linux distribution, to install OpenVPN.
Fedora/CentOS/RedHat:
$ sudo yum install openvpn
Ubuntu/Debian/Raspbian:
$ sudo apt install openvpn
Config OpenVPN Client
Create OpenVPN client configuration file and save it in /etc/openvpn/client/ directory.
OpenVPN Sample Configuration Files: Depending on your Linux distribution, if you have installed OpenVPN from an RPM or DEB package, you can find sample-config-files directory in /usr/share/doc/packages/openvpn (Fedora/CentOS/RedHat) or /usr/share/doc/openvpn (Ubuntu/Debian/Raspbian).
OpenVPN client config file example:
$ cat /etc/openvpn/client/connect-sample.conf client tls-client ca /etc/openvpn/keys/connect-sample-ca.crt cert /etc/openvpn/keys/connect-sample.crt key /etc/openvpn/keys/connect-sample.key auth-user-pass /etc/openvpn/keys/connect-sample-creds.conf dev tun proto tcp-client remote <openvpn-server-fqdn> <port> resolv-retry infinite nobind persist-key persist-tun cipher AES-256-CBC auth SHA1 verb 4 redirect-gateway autolocal # Redirect all the traffic into the tunnel
In the example above, my OpenVPN client is configured to connect to OpenVPN server using certificates and username/password-based authentication.
Create a folder to store certificates and and a file with credentials:
$ sudo mkdir /etc/openvpn/keys
Save credentials in /etc/openvpn/keys/connect-sample-creds.conf file:
$ cat /etc/openvpn/keys/connect-sample-creds.conf <username> <password>
Also save your certificates in /etc/openvpn/keys/ folder and set more strict permissions:
$ sudo chmod 0600 /etc/openvpn/keys/* $ sudo ls -al /etc/openvpn/keys/ total 16 -rw------- 1 pi pi 1224 Apr 18 20:49 connect-sample-ca.crt -rw------- 1 pi pi 24 Apr 18 21:55 connect-sample-creds.conf -rw------- 1 pi pi 1237 Apr 18 20:49 connect-sample.crt -rw------- 1 pi pi 1704 Apr 18 20:50 connect-sample.key
Start OpenVPN client service:
$ sudo systemctl start openvpn-client@connect-sample
To configure OpenVPN client service to start automatically on system’s boot, enable the service using the following command:
$ sudo systemctl enable openvpn-client@connect-sample
Troubleshoot OpenVPN Client Connection Issues
Check your public IP:
$ curl ifconfig.co
Check OpenVPN client service status:
$ systemctl status openvpn-client@connect-sample
Check logs:
$ journalctl -u openvpn-client@connect-sample