In this tutorial, we will show you how to install OpenVPN on Debian 10. For those of you who didn’t know, OpenVPN is an open-source application that is widely used to create secure virtual private networks over the unsecured public Internet. OpenVPN is an SSL VPN solution that drains your system connection securely through the Internet. OpenVPN functions in the client-server structure. All the devices connected to a virtual private network act as if they’re linked to your local area network. The packets sent through the VPN tunnel are encrypted with 256 bit AES encryption making data theft impossible.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the OpenVPN server on a Debian 10 (Buster).
Prerequisites
- A server running one of the following operating systems: Debian 10 (Buster).
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install OpenVPN on Debian 10 Buster
Step 1. Before we install any software, it’s important to make sure your system is up to date by running the following apt commands in the terminal:
sudo apt update sudo apt upgrade
Step 2. Find your public IP address.
Use the following command to find out your network interface, type the following ip command:
ip-br addr show
Output:
lo UNKNOWN127.0.0.1/8 ::1/128ens3 UP XXX.XXX.XXX.XXX/32XXX.XXX.XXX.XXX/8XXXX:XXXX:XXXX:XXXX::1/128XXXX::XXX:XXXX:XXXX:XXXX/64
Step 3. Download and Install OpenVPN on Debian 10.
Now run the following command to download the script OpenVPN:
wget https://git.io/vpn -O openvpn-install.sh
Once downloaded, run openvpn-install.sh script to install and configure the OpenVPN server automatically for you:
chmod +x openvpn-install.sh && ./openvpn-install.sh
Sample outputs:
Welcometothis OpenVPN "road warrior"installer!I need to ask you a few questions before starting the setup.Youcan leave thedefaultoptionsandjust press enterifyou are okwiththem.First,provide theIPv4addressofthe networkinterfaceyou wantOpenVPNlistening to.IP address: XXX.XXX.XXX.XXXWhichprotocoldoyou wantfor OpenVPNconnections?1)UDP(recommended)2)TCPProtocol [1-2]: 1Whatportdoyou wantOpenVPNlistening to?Port: 1194WhichDNSdoyou want touse withthe VPN?1) Currentsystem resolvers2) 1.1.1.13) Google4) OpenDNS5) VerisignDNS[1-5]: 3Finally,tell me your nameforthe client certificate.Please, useone word only, nospecial characters.Clientname: MeilanaOkay,that was all I needed. Weare ready tosetup yourOpenVPNserver now.Pressany key tocontinue...
Your OpenVPN server has been configured and is ready to use. You can see added firewall rules /etc/rc.local file using cat command:
cat/etc/rc.local
Sample outputs:
#!/bin/bashiptables-I FORWARD-m state--state RELATED,ESTABLISHED-j ACCEPT iptables-I FORWARD-s10.8.0.0/24 -j ACCEPT iptables-I INPUT-p udp--dport1194 -j ACCEPT iptables-t nat-A POSTROUTING-s10.8.0.0/24 ! -d10.8.0.0/24 -j SNAT--to XXX.XXX.XXX.XXXexit 0
You can view your OpenVPN server config file generated by the script as follows:
cat /etc/openvpn/server/server.conf
Sample outputs:
port1194proto udp dev tun sndbuf0rcvbuf0ca ca.crt cert server.crt key server.key dh dh.pem auth SHA512 tls-auth ta.key0topology subnet server10.8.0.0 255.255.255.0ifconfig-pool-persist ipp.txt push"redirect-gateway def1 bypass-dhcp"push"dhcp-option DNS 8.8.8.8"push"dhcp-option DNS 1.1.1.1"keepalive10 120cipher AES-256-CBC user nobodygroupnogroup persist-key persist-tun status openvpn-status.log verb3crl-verify crl.pem
Now we enable and start the OpenVPN services:
systemctl start openvpn@server
Step 4. Configure Firewall.
You must open required ports such as SSH ports 22, 80, 443:
sudo ufw allow 22 sudo ufw allow 80 sudo ufw allow 443 sudo ufw enable
Step 5. OpenVPN Client Configuration.
Now we install the OpenVPN client on Debian using apt command:
sudo apt install openvpn
Next, copy Meilana.ovpn as follows:
cp Meilana.ovpn/etc/openvpn/client.conf
Test connectivity from the CLI:
openvpn--client--config/etc/openvpn/client.conf
Then, restart OpenVPN services:
systemctl startopenvpn@client
Test the connectivity:
ping10.8.0.1
Congratulations! You have successfully installed OpenVPN. Thanks for using this tutorial for installing the OpenVPN server on Debian 10 Buster. For additional help or useful information, we recommend you check the official OpenVPN website.