OpenVPN: Connect Client Setup – Install & Config – Linux

In this article i am showing how to install OpenVPN client on RPM/DEB-based Linux distributions and configure it to connect to OpenVPN server.

Particularly i will show an example of OpenVPN client configuration file that i use to connect to OpenVPN server with certificates and username/password-based authentication, how to create a systemd service for OpenVPN client and how to configure it to start on the system’s boot.

Cool Tip: How to rename OpenVPN client interface (tun0, by default). Read more →

Install OpenVPN Client

Use one of the commands below, depending on your Linux distribution, to install OpenVPN.

Fedora/CentOS/RedHat:

$ sudo yum install openvpn

Ubuntu/Debian/Raspbian:

$ sudo apt install openvpn

Config OpenVPN Client

Create OpenVPN client configuration file and save it in /etc/openvpn/client/ directory.

OpenVPN Sample Configuration Files: Depending on your Linux distribution, if you have installed OpenVPN from an RPM or DEB package, you can find sample-config-files directory in /usr/share/doc/packages/openvpn (Fedora/CentOS/RedHat) or /usr/share/doc/openvpn (Ubuntu/Debian/Raspbian).

OpenVPN client config file example:

$ cat /etc/openvpn/client/connect-sample.conf
client
tls-client
ca /etc/openvpn/keys/connect-sample-ca.crt
cert /etc/openvpn/keys/connect-sample.crt
key /etc/openvpn/keys/connect-sample.key
auth-user-pass /etc/openvpn/keys/connect-sample-creds.conf
dev tun
proto tcp-client
remote <openvpn-server-fqdn> <port>
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-256-CBC
auth SHA1
verb 4
redirect-gateway autolocal # Redirect all the traffic into the tunnel

In the example above, my OpenVPN client is configured to connect to OpenVPN server using certificates and username/password-based authentication.

Create a folder to store certificates and and a file with credentials:

$ sudo mkdir /etc/openvpn/keys

Save credentials in /etc/openvpn/keys/connect-sample-creds.conf file:

$ cat /etc/openvpn/keys/connect-sample-creds.conf
<username>
<password>

Also save your certificates in /etc/openvpn/keys/ folder and set more strict permissions:

$ sudo chmod 0600 /etc/openvpn/keys/*
$ sudo ls -al /etc/openvpn/keys/
total 16
-rw------- 1 pi pi 1224 Apr 18 20:49 connect-sample-ca.crt
-rw------- 1 pi pi   24 Apr 18 21:55 connect-sample-creds.conf
-rw------- 1 pi pi 1237 Apr 18 20:49 connect-sample.crt
-rw------- 1 pi pi 1704 Apr 18 20:50 connect-sample.key

Start OpenVPN client service:

$ sudo systemctl start openvpn-client@connect-sample

To configure OpenVPN client service to start automatically on system’s boot, enable the service using the following command:

$ sudo systemctl enable openvpn-client@connect-sample

Troubleshoot OpenVPN Client Connection Issues

Check your public IP:

$ curl ifconfig.co

Check OpenVPN client service status:

$ systemctl status openvpn-client@connect-sample

Check logs:

$ journalctl -u openvpn-client@connect-sample