DebianLinuxTutorials

How To Install OpenVPN Server on Debian 11

Install OpenVPN Server on Debian 11

In this tutorial, we will show you how to install OpenVPN Server on Debian 11. For those of you who didn’t know, Virtual Private Networks (VPNs) have become increasingly important in today’s digital landscape, providing secure and private access to online resources. OpenVPN, a popular open-source VPN solution, offers a reliable and flexible way to establish encrypted connections between devices.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the OpenVPN Server on a Debian 11 (Bullseye).

Prerequisites

  • A server running one of the following operating systems: Debian 11 (Bullseye).
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install OpenVPN Server on Debian 11 Bullseye

Step 1. It’s crucial to keep your system up-to-date with the latest security patches and bug fixes. Run the following commands to update and upgrade your system packages:

sudo apt update
sudo apt upgrade

This process may take a few minutes, depending on the number of updates available.

Step 2. Installing OpenVPN Server on Debian 11.

Now we download the script installer OpenVPN server from GitHub using curl command:

curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh

After downloading, execute permissions to the script and then run it:

chmod +x openvpn-install.sh
sudo ./openvpn-install.sh

You will be prompted to enter some information:

Welcome to the OpenVPN installer!
The git repository is available at: https://github.com/angristan/openvpn-install

I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.

I need to know the IPv4 address of the network interface you want OpenVPN listening to.
Unless your server is behind NAT, it should be your public IPv4 address.
IP address:

We will be asked if we want to enable IPv6 which is disabled by default:

Checking for IPv6 connectivity...

Your host appears to have IPv6 connectivity.

Do you want to enable IPv6 support (NAT)? [y/n]: y

By default, OpenVPN uses port 1194, If you want to use a specific port, press 2 and then press:

What port do you want OpenVPN to listen to?
   1) Default: 1194
   2) Custom
   3) Random [49152-65535]
Port choice [1-3]: 1

Next, set the protocol that OpenVPN will use:

What protocol do you want OpenVPN to use?
UDP is faster. Unless it is not available, you shouldn't use TCP.
   1) UDP
   2) TCP
Protocol [1-2]: 2

Now you have to select a DNS provider:

What DNS resolvers do you want to use with the VPN?
   1) Current system resolvers (from /etc/resolv.conf)
   2) Self-hosted DNS Resolver (Unbound)
   3) Cloudflare (Anycast: worldwide)
   4) Quad9 (Anycast: worldwide)
   5) Quad9 uncensored (Anycast: worldwide)
   6) FDN (France)
   7) DNS.WATCH (Germany)
   8) OpenDNS (Anycast: worldwide)
   9) Google (Anycast: worldwide)
   10) Yandex Basic (Russia)
   11) AdGuard DNS (Anycast: worldwide)
   12) NextDNS (Anycast: worldwide)
   13) Custom
DNS [1-12]: 9

Now you will be asked if you want to use Compression. You will be informed there that it is not recommended but it is your choice:

Do you want to use compression? It is not recommended since the VORACLE attack make use of it.
Enable compression? [y/n]: n

If you really know how to manipulate OpenVPN you can customize the encryption options. If you don’t, don’t do it:

Do you want to customize encryption settings?
Unless you know what you're doing, you should stick with the default parameters provided by the script.
Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN's defaults)
See https://github.com/angristan/openvpn-install#security-and-encryption to learn more.

Customize encryption settings? [y/n]: n

Then the whole installation process will start. After that, add a new client you will see the following output screen where you will have to define the Client Name:

Okay, that was all I needed. We are ready to setup your OpenVPN server now.
You will be able to generate a client at the end of the installation.
Press any key to continue...

Tell me a name for the client.
The name must consist of alphanumeric character. It may also include an underscore or a dash.
Client name: idroot

Next, you will be asked if you want to protect the configuration file with a password:

Do you want to protect the configuration file with a password?
(e.g. encrypt the private key with a password)
   1) Add a passwordless client
   2) Use a password for the client
Select an option [1-2]: 1

Finally, you will be informed that the process has been successful:

Client idroot added.

The configuration file has been written to /home/user/idroot.ovpn.
Download the .ovpn file and import it in your OpenVPN client.

Once you complete the setup installation, you have to download the idroot.ovpn file and copy it to the client so that it can connect from the GUI of your connection manager or via the terminal using the command below:

openvpn [openvpnfile]

Step 3. Configure Firewall.

By default, OpenVPN uses port 1194, you must open required ports 1194:

sudo ufw allow 1194
sudo ufw enable

Congratulations! You have successfully installed OpenVPN. Thanks for using this tutorial for installing the latest version of the OpenVPN server on Debian 11 Bullseye. For additional help or useful information, we recommend you check the official OpenVPN website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Back to top button