DebianLinuxTutorials

How To Install OpenVPN on Debian 10

r00t

Install OpenVPN on Debian 10

In this tutorial, we will show you how to install OpenVPN on Debian 10. For those of you who didn’t know, Virtual Private Networks (VPNs) have become increasingly important in today’s digital landscape, providing a secure and private way to access the internet and protect sensitive information. OpenVPN, a popular open-source VPN solution, offers a reliable and flexible way to establish a secure connection between devices.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the OpenVPN server on a Debian 10 (Buster).

Prerequisites

  • A server running one of the following operating systems: Debian 10 (Buster).
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install OpenVPN on Debian 10 Buster

Step 1. It is crucial to keep your system up-to-date with the latest security patches and bug fixes. Begin by updating the package index and upgrading installed packages:

sudo apt update
sudo apt upgrade

This command ensures that your system is running the most recent versions of the available packages.

Step 2. Find your public IP address.

Use the following command to find out your network interface, type the following ip command:

ip -br addr show

Output:

lo        UNKNOWN   127.0.0.1/8 ::1/128 
ens3      UP        XXX.XXX.XXX.XXX/32 XXX.XXX.XXX.XXX/8 XXXX:XXXX:XXXX:XXXX::1/128 XXXX::XXX:XXXX:XXXX:XXXX/64

Step 3. Download and Install OpenVPN on Debian 10.

Now run the following command to download the script OpenVPN:

wget https://git.io/vpn -O openvpn-install.sh

Once downloaded, run openvpn-install.sh script to install and configure the OpenVPN server automatically for you:

chmod +x openvpn-install.sh && ./openvpn-install.sh

Sample outputs:

Welcome to this OpenVPN "road warrior" installer!

I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.

First, provide the IPv4 address of the network interface you want OpenVPN
listening to.
IP address: XXX.XXX.XXX.XXX

Which protocol do you want for OpenVPN connections?
   1) UDP (recommended)
   2) TCP
Protocol [1-2]: 1

What port do you want OpenVPN listening to?
Port: 1194

Which DNS do you want to use with the VPN?
   1) Current system resolvers
   2) 1.1.1.1
   3) Google
   4) OpenDNS
   5) Verisign
DNS [1-5]: 3

Finally, tell me your name for the client certificate.
Please, use one word only, no special characters.
Client name: Meilana

Okay, that was all I needed. We are ready to set up your OpenVPN server now.
Press any key to continue...

Your OpenVPN server has been configured and is ready to use. You can see added firewall rules /etc/rc.local file using cat command:

cat /etc/rc.local

Sample outputs:

#!/bin/bash

iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to XXX.XXX.XXX.XXX
exit 0

You can view your OpenVPN server config file generated by the script as follows:

cat /etc/openvpn/server/server.conf

Sample outputs:

port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 1.1.1.1"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem

Now we enable and start the OpenVPN services:

systemctl start openvpn@server

Step 4. Configure Firewall.

You must open required ports such as SSH ports 22, 80, 443:

sudo ufw allow 22
sudo ufw allow 80
sudo ufw allow 443
sudo ufw enable

Step 5. OpenVPN Client Configuration.

Now we install the OpenVPN client on Debian using apt command:

sudo apt install openvpn

Next, copy Meilana.ovpn as follows:

cp Meilana.ovpn /etc/openvpn/client.conf

Test connectivity from the CLI:

openvpn --client --config /etc/openvpn/client.conf

Then, restart OpenVPN services:

systemctl start openvpn@client

Test the connectivity:

ping 10.8.0.1

Congratulations! You have successfully installed OpenVPN. Thanks for using this tutorial for installing the OpenVPN server on Debian 10 Buster. For additional help or useful information, we recommend you check the official OpenVPN website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2024 idroot.us | All Rights Reserved.
Back to top button