Secure Your Connection: A Step-by-Step Guide to OpenVPN Client Setup on Linux
Connecting to a Virtual Private Network (VPN) is a critical step for securing your internet traffic, protecting your privacy, and accessing private networks remotely. OpenVPN is one of the most trusted and versatile open-source VPN solutions available. This guide provides a clear, comprehensive walkthrough for installing and configuring an OpenVPN client on your Linux system, focusing on popular distributions like CentOS and Ubuntu.
Whether you’re a system administrator securing server-to-server communication or a developer connecting to a corporate network, this guide will get you up and running securely.
Prerequisites
Before we begin, ensure you have the following:
- A Linux server or desktop running a modern distribution (such as CentOS 8/Stream, RHEL 8, Ubuntu 18.04/20.04/22.04, or another Debian/RHEL-based system).
- Access to a user account with
sudoor root privileges. - An OpenVPN client configuration file, which typically has a
.ovpnextension. This file is essential, as it contains the server address, certificates, and keys needed to establish a connection. You should receive this from your VPN provider or your network administrator.
Step 1: Install the OpenVPN Package
The first step is to install the core OpenVPN software package from your distribution’s official repositories. The process differs slightly between RHEL-based systems (like CentOS) and Debian-based systems (like Ubuntu).
For Ubuntu and Debian-based Systems
On Ubuntu and other Debian derivatives, you can use the apt package manager.
First, update your package index to ensure you get the latest version available:
sudo apt updateNext, install the OpenVPN package:
bash
sudo apt install openvpn
For CentOS, RHEL, and Fedora-based Systems
On CentOS and other RHEL-based systems, OpenVPN is typically available in the Extra Packages for Enterprise Linux (EPEL) repository.
First, install the EPEL repository if it’s not already on your system.
sudo dnf install epel-releaseNext, use the
dnfpackage manager to install OpenVPN:
bash
sudo dnf install openvpn
At this point, the OpenVPN client software is installed, but it is not yet configured or connected.
Step 2: Configure the OpenVPN Client
With the software installed, you now need to provide it with your unique .ovpn configuration file. The standard practice is to place this file in the /etc/openvpn/client/ directory. Using this directory allows you to easily manage the connection using systemd, the standard service manager in modern Linux systems.
Copy your
.ovpnfile to the configuration directory. It’s also a best practice to rename it to something descriptive and change its extension to.conf. This makessystemdintegration seamless.For example, if your file is named
your-vpn-profile.ovpn, you would copy and rename it like this:sudo cp your-vpn-profile.ovpn /etc/openvpn/client/corporate-network.confIn this example,
corporate-networkwill be the identifier for your VPN connection.It is highly recommended to secure this file, as it contains sensitive credentials and keys. Restrict its permissions so that only the root user can read it.
bash
sudo chmod 600 /etc/openvpn/client/corporate-network.conf
Step 3: Start and Manage the VPN Connection
With the configuration file in place, you can now start, stop, and manage your VPN connection using systemd. The service name is based on the name you gave your .conf file.
To start the VPN connection, use the
systemctl startcommand, followed byopenvpn-client@and the name of your configuration file (without the.confextension).sudo systemctl start openvpn-client@corporate-networkTo check the status of the connection and see if it was established successfully, use
systemctl status:sudo systemctl status openvpn-client@corporate-networkLook for a line that says “Active: active (running)” and “Initialization Sequence Completed” in the log output.
To stop the VPN connection, simply use the
stopcommand:
bash
sudo systemctl stop openvpn-client@corporate-network
Step 4: Verify Your Secure Connection
Once the service is running, it’s crucial to verify that your traffic is actually being routed through the VPN tunnel.
Check Your Public IP Address: The easiest way to verify the connection is to check your public IP address before and after connecting. If the VPN is working, you should see the IP address of the VPN server, not your local IP.
Run this command in your terminal before connecting and again after:
curl ifconfig.meAlternatively, you can use
curl icanhazip.com. The IP address returned should change after a successful connection.Test for DNS Leaks: A common vulnerability is a “DNS leak,” where your DNS queries are still sent through your regular internet provider instead of the VPN tunnel, exposing your browsing activity. You can test for this by visiting a website like dnsleaktest.com. The test should report IP addresses and hostnames belonging to your VPN provider, not your ISP.
Pro Tip: Automatically Start OpenVPN on Boot
If you need this VPN connection to be active whenever the system is running, you can easily enable the service to start automatically on boot.
Use the systemctl enable command. This creates a permanent link that ensures the service starts every time the system reboots.
sudo systemctl enable openvpn-client@corporate-network
If you ever decide you no longer want the VPN to connect automatically, you can disable it with:
sudo systemctl disable openvpn-client@corporate-network
By following these steps, you have successfully installed, configured, and secured an OpenVPN client on your Linux system, ensuring your data remains private and your connections are secure.
Source: https://kifarunix.com/install-and-configure-openvpn-client-on-centos-8-ubuntu-18-04/
