OpenVPN is an open-source VPN (Virtual Private Network) solution that provides a secure and encrypted connection over the internet. This guide will walk you through the installation and setup of OpenVPN on a Linux machine.
Before starting, ensure that you have:
First, update your system to ensure you have the latest packages installed:
sudo apt update && sudo apt upgrade -y # For Debian/Ubuntu sudo yum update -y # For CentOS/RHEL
On Debian/Ubuntu
sudo apt install openvpn -y
On CentOS/RHEL
sudo yum install epel-release -y sudo yum install openvpn -y
After installation, check the version to confirm OpenVPN is installed correctly:
openvpn --version
To set up an OpenVPN server and generate client connection files, follow these steps:
Install Easy-RSA for Certificate Management
sudo apt install easy-rsa -y # For Debian/Ubuntu sudo yum install easy-rsa -y # For CentOS/RHEL
Initialize the PKI and Build CA
make-cadir ~/openvpn-ca cd ~/openvpn-ca ./easyrsa init-pki ./easyrsa build-ca
Generate Server Certificate and Key
./easyrsa gen-req server nopass ./easyrsa sign-req server server
Generate Diffie-Hellman Parameters
./easyrsa gen-dh
Generate Client Certificates and Keys
For each client, generate a certificate and key pair:
./easyrsa gen-req client1 nopass ./easyrsa sign-req client client1
Create Client Configuration File
Create a client configuration file (client1.ovpn) with the following content:
client dev tun proto udp remote <YOUR_SERVER_IP> 1194 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server auth SHA256 cipher AES-256-CBC comp-lzo verb 3 key-direction 1 <ca> # Insert the content of ca.crt here </ca> <cert> # Insert the content of client1.crt here </cert> <key> # Insert the content of client1.key here </key> <tls-auth> # Insert the content of ta.key here </tls-auth>
Save this file as client1.ovpn and distribute it to the client machine.
You need configuration files from your VPN provider or you can create your own for a self-hosted OpenVPN server. Download the .ovpn configuration files and place them in the OpenVPN directory:
sudo mkdir -p /etc/openvpn/client sudo cp /path/to/your/config.ovpn /etc/openvpn/client/
To connect to an OpenVPN server, use the following command:
sudo openvpn --config /etc/openvpn/client/config.ovpn
This command will initiate the connection and prompt for any credentials if required.
To automatically start OpenVPN at boot, follow these steps:
For Debian/Ubuntu
sudo systemctl enable openvpn@client sudo systemctl start openvpn@client
For CentOS/RHEL
sudo systemctl enable openvpn@client sudo systemctl start openvpn@client
To verify if OpenVPN is running, check the service status:
sudo systemctl status openvpn@client
Alternatively, check your IP address to confirm that your VPN is active:
curl ifconfig.me
If the IP address differs from your original, then OpenVPN is working correctly.
You have successfully installed and configured OpenVPN on your Linux machine. If you experience any issues, check the logs using:
sudo journalctl -u openvpn@client --no-pager | tail -n 50
With this setup, your internet traffic is now encrypted and secure.