In this tutorial, we will show you how to install OpenVPN on Debian 10. For those of you who didn’t know, OpenVPN is an open-source application that is widely used to create secure virtual private networks over the unsecured public Internet. OpenVPN is an SSL VPN solution that drains your system connection securely through the Internet. OpenVPN functions in the client-server structure. All the devices connected to a virtual private network act as if they’re linked to your local area network. The packets sent through the VPN tunnel are encrypted with 256 bit AES encryption making data theft impossible.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘
sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the OpenVPN server on a Debian 10 (Buster).
Install OpenVPN on Debian 10 Buster
Step 1. Before we install any software, it’s important to make sure your system is up to date by running the following
apt commands in the terminal:
sudo apt update sudo apt upgrade
Step 2. Find your public IP address.
Use the following command to find out your network interface, type the following
ip-br addr show
lo UNKNOWN127.0.0.1/8 ::1/128ens3 UP XXX.XXX.XXX.XXX/32XXX.XXX.XXX.XXX/8XXXX:XXXX:XXXX:XXXX::1/128XXXX::XXX:XXXX:XXXX:XXXX/64
Step 3. Download and Installing OpenVPN on Debian 10.
Now run the following command to download the script OpenVPN:
wget https://git.io/vpn -O openvpn-install.sh
Once downloaded, run
openvpn-install.sh script to install and configure the OpenVPN server automatically for you:
chmod +x openvpn-install.sh && ./openvpn-install.sh
Welcometothis OpenVPN "road warrior"installer!I need to ask you a few questions before starting the setup.Youcan leave thedefaultoptionsandjust press enterifyou are okwiththem.First,provide theIPv4addressofthe networkinterfaceyou wantOpenVPNlistening to.IP address: XXX.XXX.XXX.XXXWhichprotocoldoyou wantfor OpenVPNconnections?1)UDP(recommended)2)TCPProtocol [1-2]: 1Whatportdoyou wantOpenVPNlistening to?Port: 1194WhichDNSdoyou want touse withthe VPN?1) Currentsystem resolvers2) 220.127.116.11) Google4) OpenDNS5) VerisignDNS[1-5]: 3Finally,tell me your nameforthe client certificate.Please, useone word only, nospecial characters.Clientname: MeilanaOkay,that was all I needed. Weare ready tosetup yourOpenVPNserver now.Pressany key tocontinue...
Your OpenVPN server has been configured and ready to use. You can see added firewall rules
/etc/rc.local file using
#!/bin/bashiptables-I FORWARD-m state--state RELATED,ESTABLISHED-j ACCEPT iptables-I FORWARD-s10.8.0.0/24 -j ACCEPT iptables-I INPUT-p udp--dport1194 -j ACCEPT iptables-t nat-A POSTROUTING-s10.8.0.0/24 ! -d10.8.0.0/24 -j SNAT--to XXX.XXX.XXX.XXXexit 0
You can view your OpenVPN server config file generated by the script as follows:
port1194proto udp dev tun sndbuf0rcvbuf0ca ca.crt cert server.crt key server.key dh dh.pem auth SHA512 tls-auth ta.key0topology subnet server10.8.0.0 255.255.255.0ifconfig-pool-persist ipp.txt push"redirect-gateway def1 bypass-dhcp"push"dhcp-option DNS 18.104.22.168"push"dhcp-option DNS 22.214.171.124"keepalive10 120cipher AES-256-CBC user nobodygroupnogroup persist-key persist-tun status openvpn-status.log verb3crl-verify crl.pem
Now we enable and start the OpenVPN services:
systemctl start openvpn@server
Step 4. Configure Firewall.
You must open required ports such as SSH port 22, 80, 443:
sudo ufw allow 22 sudo ufw allow 80 sudo ufw allow 443 sudo ufw enable
Step 5. OpenVPN Client Configuration.
Now we install the OpenVPN client on Debian using
sudo apt install openvpn
Meilana.ovpn as follows:
Test connectivity from the CLI:
Then, restart OpenVPN services:
Test the connectivity:
Congratulations! You have successfully installed OpenVPN. Thanks for using this tutorial for installing the OpenVPN server on Debian 10 Buster. For additional help or useful information, we recommend you check the official OpenVPN website.