How To Install OpenVPN on Debian 10

Install OpenVPN on Debian 10

In this tutorial, we will show you how to install OpenVPN on Debian 10. For those of you who didn’t know, OpenVPN is an open-source application that is widely used to create secure virtual private networks over the unsecured public Internet. OpenVPN is an SSL VPN solution that drains your system connection securely through the Internet. OpenVPN functions in the client-server structure. All the devices connected to a virtual private network act as if they’re linked to your local area network. The packets sent through the VPN tunnel are encrypted with 256 bit AES encryption making data theft impossible.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the OpenVPN server on a Debian 10 (Buster).

Install OpenVPN on Debian 10 Buster

Step 1. Before we install any software, it’s important to make sure your system is up to date by running the following apt commands in the terminal:

sudo apt update
sudo apt upgrade

Step 2. Find your public IP address.

Use the following command to find out your network interface, type the following ip command:

ip-br addr show

Output:

lo        UNKNOWN127.0.0.1/8 ::1/128ens3      UP        XXX.XXX.XXX.XXX/32XXX.XXX.XXX.XXX/8XXXX:XXXX:XXXX:XXXX::1/128XXXX::XXX:XXXX:XXXX:XXXX/64

Step 3. Download and Installing OpenVPN on Debian 10.

Now run the following command to download the script OpenVPN:

wget https://git.io/vpn -O openvpn-install.sh

Once downloaded, run openvpn-install.sh script to install and configure the OpenVPN server automatically for you:

chmod +x openvpn-install.sh && ./openvpn-install.sh

Sample outputs:

Welcometothis OpenVPN "road warrior"installer!I need to ask you a few questions before starting the setup.Youcan leave thedefaultoptionsandjust press enterifyou are okwiththem.First,provide theIPv4addressofthe networkinterfaceyou wantOpenVPNlistening to.IP address: XXX.XXX.XXX.XXXWhichprotocoldoyou wantfor OpenVPNconnections?1)UDP(recommended)2)TCPProtocol [1-2]: 1Whatportdoyou wantOpenVPNlistening to?Port: 1194WhichDNSdoyou want touse withthe VPN?1) Currentsystem resolvers2) 1.1.1.13) Google4) OpenDNS5) VerisignDNS[1-5]: 3Finally,tell me your nameforthe client certificate.Please, useone word only, nospecial characters.Clientname: MeilanaOkay,that was all I needed. Weare ready tosetup yourOpenVPNserver now.Pressany key tocontinue...

Your OpenVPN server has been configured and ready to use. You can see added firewall rules /etc/rc.local file using cat command:

cat/etc/rc.local

Sample outputs:

#!/bin/bashiptables-I FORWARD-m state--state RELATED,ESTABLISHED-j ACCEPT
iptables-I FORWARD-s10.8.0.0/24 -j ACCEPT
iptables-I INPUT-p udp--dport1194 -j ACCEPT
iptables-t nat-A POSTROUTING-s10.8.0.0/24 ! -d10.8.0.0/24 -j SNAT--to XXX.XXX.XXX.XXXexit 0

You can view your OpenVPN server config file generated by the script as follows:

cat /etc/openvpn/server/server.conf

Sample outputs:

port1194proto udp
dev tun
sndbuf0rcvbuf0ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key0topology subnet
server10.8.0.0 255.255.255.0ifconfig-pool-persist ipp.txt
push"redirect-gateway def1 bypass-dhcp"push"dhcp-option DNS 8.8.8.8"push"dhcp-option DNS 1.1.1.1"keepalive10 120cipher AES-256-CBC
user nobodygroupnogroup
persist-key
persist-tun
status openvpn-status.log
verb3crl-verify crl.pem

Now we enable and start the OpenVPN services:

systemctl start [email protected]

Step 4. Configure Firewall.

You must open required ports such as SSH port 22, 80, 443:

sudo ufw allow 22
sudo ufw allow 80
sudo ufw allow 443
sudo ufw enable

Step 5. OpenVPN Client Configuration.

Now we install the OpenVPN client on Debian using apt command:

sudo apt install openvpn

Next, copy Meilana.ovpn as follows:

cp Meilana.ovpn/etc/openvpn/client.conf

Test connectivity from the CLI:

openvpn--client--config/etc/openvpn/client.conf

Then, restart OpenVPN services:

systemctl start[email protected]

Test the connectivity:

ping10.8.0.1

Congratulations! You have successfully installed OpenVPN. Thanks for using this tutorial for installing the OpenVPN server on Debian 10 Buster. For additional help or useful information, we recommend you check the official OpenVPN website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!