DebianLinuxTutorials

How To Install OpenVPN on Debian 10

r00t

Install OpenVPN on Debian 10

In this tutorial, we will show you how to install OpenVPN on Debian 10. For those of you who didn’t know, OpenVPN is an open-source application that is widely used to create secure virtual private networks over the unsecured public Internet. OpenVPN is an SSL VPN solution that drains your system connection securely through the Internet. OpenVPN functions in the client-server structure. All the devices connected to a virtual private network act as if they’re linked to your local area network. The packets sent through the VPN tunnel are encrypted with 256 bit AES encryption making data theft impossible.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the OpenVPN server on a Debian 10 (Buster).

Prerequisites

  • A server running one of the following operating systems: Debian 10 (Buster).
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install OpenVPN on Debian 10 Buster

Step 1. Before we install any software, it’s important to make sure your system is up to date by running the following apt commands in the terminal:

sudo apt update
sudo apt upgrade

Step 2. Find your public IP address.

Use the following command to find out your network interface, type the following ip command:

ip -br addr show

Output:

lo        UNKNOWN   127.0.0.1/8 ::1/128 
ens3      UP        XXX.XXX.XXX.XXX/32 XXX.XXX.XXX.XXX/8 XXXX:XXXX:XXXX:XXXX::1/128 XXXX::XXX:XXXX:XXXX:XXXX/64

Step 3. Download and Install OpenVPN on Debian 10.

Now run the following command to download the script OpenVPN:

wget https://git.io/vpn -O openvpn-install.sh

Once downloaded, run openvpn-install.sh script to install and configure the OpenVPN server automatically for you:

chmod +x openvpn-install.sh && ./openvpn-install.sh

Sample outputs:

Welcome to this OpenVPN "road warrior" installer!

I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.

First, provide the IPv4 address of the network interface you want OpenVPN
listening to.
IP address: XXX.XXX.XXX.XXX

Which protocol do you want for OpenVPN connections?
   1) UDP (recommended)
   2) TCP
Protocol [1-2]: 1

What port do you want OpenVPN listening to?
Port: 1194

Which DNS do you want to use with the VPN?
   1) Current system resolvers
   2) 1.1.1.1
   3) Google
   4) OpenDNS
   5) Verisign
DNS [1-5]: 3

Finally, tell me your name for the client certificate.
Please, use one word only, no special characters.
Client name: Meilana

Okay, that was all I needed. We are ready to set up your OpenVPN server now.
Press any key to continue...

Your OpenVPN server has been configured and is ready to use. You can see added firewall rules /etc/rc.local file using cat command:

cat /etc/rc.local

Sample outputs:

#!/bin/bash

iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to XXX.XXX.XXX.XXX
exit 0

You can view your OpenVPN server config file generated by the script as follows:

cat /etc/openvpn/server/server.conf

Sample outputs:

port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 1.1.1.1"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem

Now we enable and start the OpenVPN services:

systemctl start openvpn@server

Step 4. Configure Firewall.

You must open required ports such as SSH ports 22, 80, 443:

sudo ufw allow 22
sudo ufw allow 80
sudo ufw allow 443
sudo ufw enable

Step 5. OpenVPN Client Configuration.

Now we install the OpenVPN client on Debian using apt command:

sudo apt install openvpn

Next, copy Meilana.ovpn as follows:

cp Meilana.ovpn /etc/openvpn/client.conf

Test connectivity from the CLI:

openvpn --client --config /etc/openvpn/client.conf

Then, restart OpenVPN services:

systemctl start openvpn@client

Test the connectivity:

ping 10.8.0.1

Congratulations! You have successfully installed OpenVPN. Thanks for using this tutorial for installing the OpenVPN server on Debian 10 Buster. For additional help or useful information, we recommend you check the official OpenVPN website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Copyright © 2024 idroot.us | All Rights Reserved.
Back to top button