🖧 How to install and connect OpenVPN client on Debian

The client is used to connect to a remote openvpn server. This guide will help you install the OpenVPN packages for a client on a Debian system. Also connect to remote openvpn server via command line.

Before we start

We will assume that you already have:

• A running Debian system with sudo privileged access.
• The OpenVPN server is running on the remote system.
• Received OpenVPN client configuration from remote host administrator.

Step 1 – Installing the OpenVPN Client

OpenVPN packages are available in the default Debian repositories.

Open a terminal on your Debian system and update your apt cache.

After that, install the OpenVPN package.

Open a terminal and run the commands to install the openvpn client on Debian:

sudo apt update  sudo apt install openvpn -y 

Step 2 – Connect to OpenVPN Server

Copy the openvpn client config file to your Debian machine.

You can use the –config command line parameter to provide a configuration file.

The command will read all the necessary data to create a vpn from this file.

Let’s run the following command to connect to the openvpn server:

openvpn --config client.ovpn

You should see the following output:

Thu Sep 10 12:04:18 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]69.87.218.145:1194
Thu Sep 10 12:04:18 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Sep 10 12:04:18 2020 UDP link local: (not bound)
Thu Sep 10 12:04:18 2020 UDP link remote: [AF_INET]69.87.218.145:1194
Thu Sep 10 12:04:18 2020 TLS: Initial packet from [AF_INET]69.87.218.145:1194, sid=6d27e1cb 524bd8cd
Thu Sep 10 12:04:18 2020 VERIFY OK: depth=1, CN=Easy-RSA CA
Thu Sep 10 12:04:18 2020 VERIFY OK: depth=0, CN=tecadmin-server
Thu Sep 10 12:04:18 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Thu Sep 10 12:04:18 2020 [tecadmin-server] Peer Connection Initiated with [AF_INET]69.87.218.145:1194
Thu Sep 10 12:04:19 2020 SENT CONTROL [tecadmin-server]: 'PUSH_REQUEST' (status=1)
Thu Sep 10 12:04:19 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 20,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: timers and/or timeouts modified
Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: --ifconfig/up options modified
Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: route options modified

Step 3 – Check the connection

After a successful connection, a new IP address will be assigned on the tun0 interface by the OpenVPN server.

You can check it with the following command:

ip a show tun0 

Output:

4: tun0:  mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none 
    inet 10.8.0.6 peer 10.8.0.5/32 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::7226:57b1:f101:313b/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever

You can also check the OpenVPN server log to check the connection status:

tail -f /var/log/openvpn.log 

You should see the following output:

Thu Sep 10 12:04:18 2020 45.58.34.83:37445 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Thu Sep 10 12:04:18 2020 45.58.34.83:37445 [client] Peer Connection Initiated with [AF_INET]45.58.34.83:37445
Thu Sep 10 12:04:18 2020 client/45.58.34.83:37445 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Thu Sep 10 12:04:18 2020 client/45.58.34.83:37445 MULTI: Learn: 10.8.0.6 -> client/45.58.34.83:37445
Thu Sep 10 12:04:18 2020 client/45.58.34.83:37445 MULTI: primary virtual IP for client/45.58.34.83:37445: 10.8.0.6
Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 PUSH: Received control message: 'PUSH_REQUEST'
Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 20,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Conclusion

Your Debian system is now connected to the remote server via a virtual private VPN.