OpenVPN: Connect Client Setup – Install & Config – Linux

In this article i am showing how to install OpenVPN client on RPM/DEB-based Linux distributions and configure it to connect to OpenVPN server.

Particularly i will show an example of OpenVPN client configuration file that i use to connect to OpenVPN server with certificates and username/password-based authentication, how to create a systemd service for OpenVPN client and how to configure it to start on the system’s boot.

Install OpenVPN Client

Use one of the commands below, depending on your Linux distribution, to install OpenVPN.

Fedora/CentOS/RedHat:

$ sudo yum install openvpn

Ubuntu/Debian/Raspbian:

$ sudo apt install openvpn

Config OpenVPN Client

Create OpenVPN client configuration file and save it in /etc/openvpn/client/ directory.

OpenVPN Sample Configuration Files: Depending on your Linux distribution, if you have installed OpenVPN from an RPM or DEB package, you can find sample-config-files directory in /usr/share/doc/packages/openvpn (Fedora/CentOS/RedHat) or /usr/share/doc/openvpn (Ubuntu/Debian/Raspbian).

OpenVPN client config file example:

$ cat /etc/openvpn/client/connect-sample.conf
client
tls-client
ca /etc/openvpn/keys/connect-sample-ca.crt
cert /etc/openvpn/keys/connect-sample.crt
key /etc/openvpn/keys/connect-sample.key
auth-user-pass /etc/openvpn/keys/connect-sample-creds.conf
dev tun
proto tcp-client
remote <openvpn-server-fqdn> <port>
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-256-CBC
auth SHA1
verb 4
redirect-gateway autolocal # Redirect all the traffic into the tunnel

In the example above, my OpenVPN client is configured to connect to OpenVPN server using certificates and username/password-based authentication.

Create a folder to store certificates and and a file with credentials:

$ sudo mkdir /etc/openvpn/keys

Save credentials in /etc/openvpn/keys/connect-sample-creds.conf file:

$ cat /etc/openvpn/keys/connect-sample-creds.conf
<username>
<password>

Also save your certificates in /etc/openvpn/keys/ folder and set more strict permissions:

$ sudo chmod 0600 /etc/openvpn/keys/*
$ sudo ls -al /etc/openvpn/keys/
total 16
-rw------- 1 pi pi 1224 Apr 18 20:49 connect-sample-ca.crt
-rw------- 1 pi pi   24 Apr 18 21:55 connect-sample-creds.conf
-rw------- 1 pi pi 1237 Apr 18 20:49 connect-sample.crt
-rw------- 1 pi pi 1704 Apr 18 20:50 connect-sample.key

Start OpenVPN client service:

$ sudo systemctl start openvpn-client@connect-sample

To configure OpenVPN client service to start automatically on system’s boot, enable the service using the following command:

$ sudo systemctl enable openvpn-client@connect-sample

Troubleshoot OpenVPN Client Connection Issues

Check your public IP:

$ curl ifconfig.co

Check OpenVPN client service status:

$ systemctl status openvpn-client@connect-sample

Check logs:

$ journalctl -u openvpn-client@connect-sample