π§ How to install and connect OpenVPN client on Debian
The client is used to connect to a remote openvpn server. This guide will help you install the OpenVPN packages for a client on a Debian system. Also connect to remote openvpn server via command line.
Before we start
We will assume that you already have:
- A running Debian system with sudo privileged access.
- The OpenVPN server is running on the remote system.
- Received OpenVPN client configuration from remote host administrator.
Step 1 – Installing the OpenVPN Client
OpenVPN packages are available in the default Debian repositories.
Open a terminal on your Debian system and update your apt cache.
After that, install the OpenVPN package.
Open a terminal and run the commands to install the openvpn client on Debian:
sudo apt update
sudo apt install openvpn -y
Step 2 – Connect to OpenVPN Server
Copy the openvpn client config file to your Debian machine.
You can use the βconfig command line parameter to provide a configuration file.
The command will read all the necessary data to create a vpn from this file.
Let’s run the following command to connect to the openvpn server:
openvpn --config client.ovpn
You should see the following output:
Thu Sep 10 12:04:18 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]69.87.218.145:1194 Thu Sep 10 12:04:18 2020 Socket Buffers: R=[212992->212992] S=[212992->212992] Thu Sep 10 12:04:18 2020 UDP link local: (not bound) Thu Sep 10 12:04:18 2020 UDP link remote: [AF_INET]69.87.218.145:1194 Thu Sep 10 12:04:18 2020 TLS: Initial packet from [AF_INET]69.87.218.145:1194, sid=6d27e1cb 524bd8cd Thu Sep 10 12:04:18 2020 VERIFY OK: depth=1, CN=Easy-RSA CA Thu Sep 10 12:04:18 2020 VERIFY OK: depth=0, CN=tecadmin-server Thu Sep 10 12:04:18 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA Thu Sep 10 12:04:18 2020 [tecadmin-server] Peer Connection Initiated with [AF_INET]69.87.218.145:1194 Thu Sep 10 12:04:19 2020 SENT CONTROL [tecadmin-server]: 'PUSH_REQUEST' (status=1) Thu Sep 10 12:04:19 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 20,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: timers and/or timeouts modified Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: --ifconfig/up options modified Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: route options modified
Step 3 – Check the connection
After a successful connection, a new IP address will be assigned on the tun0 interface by the OpenVPN server.
You can check it with the following command:
ip a show tun0
Output:
4: tun0: mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100 link/none inet 10.8.0.6 peer 10.8.0.5/32 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::7226:57b1:f101:313b/64 scope link stable-privacy valid_lft forever preferred_lft forever
You can also check the OpenVPN server log to check the connection status:
tail -f /var/log/openvpn.log
You should see the following output:
Thu Sep 10 12:04:18 2020 45.58.34.83:37445 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA Thu Sep 10 12:04:18 2020 45.58.34.83:37445 [client] Peer Connection Initiated with [AF_INET]45.58.34.83:37445 Thu Sep 10 12:04:18 2020 client/45.58.34.83:37445 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled) Thu Sep 10 12:04:18 2020 client/45.58.34.83:37445 MULTI: Learn: 10.8.0.6 -> client/45.58.34.83:37445 Thu Sep 10 12:04:18 2020 client/45.58.34.83:37445 MULTI: primary virtual IP for client/45.58.34.83:37445: 10.8.0.6 Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 PUSH: Received control message: 'PUSH_REQUEST' Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 20,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1) Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 Data Channel: using negotiated cipher 'AES-256-GCM' Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Conclusion
Your Debian system is now connected to the remote server via a virtual private VPN.