This comprehensive Linux guide expects that you run the following commands as root user but if you decide to run the commands as a different user then ensure that the user has
sudoaccess and that you precede each of the privileged commands with
OpenVPN is an open-source VPN protocol allowing secure online access from point-to-point completely free of charge. It implements multiple secuirty layers using the SSL/TLS protocol. You can bypass blocked site and increase your privacy or safety online by being an anonymous user as your actual credentials and location are hidden to the target website.
Finding your own IP Address
First, you need to find your own IP Address. You can use following commands to find IPv4 public address.
ip addr show eth0
Or if your network card is identified as eth1 use the following command, otherwise type the identifier of your corresponding network card.
ip addr show eth1
Aternatively you can also view your public IP Address by using the host command.
host myip.opendns.com resolver1.opendns.com
Update System Libraries
Its a good practice to update system libraries before continuing so you can use the following commands to update your system
apt-get update apt-get upgrade
You might also need to reboot, use the following command to reboot your linux machine.
Installing Uncomplicated Firewall
OpenVPN server must be configured on Debian 9 server along with firewall to secure and hardened OpenVPN Server on Debian 9
apt-get install ufw
After installation, you need to allow certain ports to be opened through the firewall such as SSH port 22, 80, 443. Use the following commands to enable the required ports.
ufw allow 22 ufw allow 80 ufw allow 443
Enabling The Firewall
To enable the firewall you can use the following commands
ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup
Verification Of Firewall Rules
To verify the firewall you can use the following commands
ufw status Status: active To Action From -- ------ ---- 22 ALLOW Anywhere 80 ALLOW Anywhere 443 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6)
Downloading The OpenVPN Install.sh Script
Now its time to download and install the OpenVPN. You can use the following wget command to download the script.
wget https://git.io/vpn -O openvpn-install.sh
Configuring OpenVPN Server
After the download, type the following command to install and configure OpenVPN server automatically.
When the terminal asks for IP address, provide the actual IP address of the system previously determined in starting steps. Set the Port number to 1194. If you are not using a web server, you can set the port to 443 as well. Type in a client name and press enter to continue and finish the installation procedure.
The VPN service has been enabled and ready to use. You can view the configured firewall rules by using the following command
#!/bin/sh -e iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -I INPUT -p udp --dport 1194 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 220.127.116.11 exit 0
The OpenVPN server configuration can be viewed by the following command:
vi -M /etc/openvpn/server.conf
port 1194 proto udp dev tun sndbuf 0 rcvbuf 0 ca ca.crt cert server.crt key server.key dh dh.pem auth SHA512 tls-auth ta.key 0 topology subnet server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 18.104.22.168" push "dhcp-option DNS 22.214.171.124" push "dhcp-option DNS 126.96.36.199" push "dhcp-option DNS 188.8.131.52" push "dhcp-option DNS 184.108.40.206" push "dhcp-option DNS 220.127.116.11" push "dhcp-option DNS 18.104.22.168" push "dhcp-option DNS 22.214.171.124" push "dhcp-option DNS 126.96.36.199" push "dhcp-option DNS 188.8.131.52" keepalive 10 120 cipher AES-256-CBC comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3 crl-verify crl.pem
Starting, Stopping and Restarting the OpenVPN Service
To Start the Service
systemctl start [email protected]
To Stop the Service
systemctl stop [email protected]
To Restart The Service
systemctl restart [email protected]
On your server you will find a client configuration file named as
~/macos-vpn-client.ovpn. In the Next Step, copy this file to your local desktop using the scp and provide this file to your OpenVPN client to connect:
scp [email protected]:~/macos-vpn-client.ovpn
On the Client System, use the following commands to install OpenVPN on a Debian System
apt install openvpn
Alternatively for CentOS you can use
yum install openvpn
Copy macos-vpn-client.ovpn as follows:
cp macos-vpn-client.ovpn /etc/openvpn/client.conf
Test connectivity using
openvpn --client --config /etc/openvpn/client.conf
To run this automatically at startup use:
systemctl start [email protected]
Test the connectivity again using:
ping 10.8.0.1 ip route dig TXT +short o-o.myaddr.l.google.com @ns1.google.com