Install OpenVPN Access Server on Linux for Secure Communications
Updated by Linode
What is OpenVPN?
OpenVPN is a popular software package which creates encrypted tunnels for secure data transfer. In this guide, you will learn to configure your Linode as a VPN gateway using the OpenVPN Access Server software, and connect your Windows, OSX, or Linux computer to it.
NoteAfter securing your server, ensure that TCP port
943and UDP port
1194are permitted through your firewall in order for the OpenVPN Access Server to function.
Install OpenVPN Access Server
Update the Linode to ensure that you have the latest packages, using your installed package manager.
Create a new directory for the OpenVPN installer.
mkdir openvpn cd openvpn
Download the latest version of OpenVPN Access Server for your distribution of choice. Installation packages are provided for the listed distributions in supported package formats. Install using the following commands, based on your system’s package manager.
Debian based systems (Debian/Ubuntu):
sudo dpkg -i openvpn-as-*.deb
RPM based systems(Fedora/CentOS/OpenSuse):
sudo rpm --install openvpn-as-*.rpm
Once the install process is complete, information on accessing the Admin and Client UI will be displayed.
Access Server web UIs are available here: Admin UI: https://192.0.2.1:943/admin Client UI: https://192.0.2.1:943/
The Admin UI is where you configure the OpenVPN Access Server, while the Client UI is used to download the VPN packages to connect new client computers
Set the password for the OpenVPN user.
sudo passwd openvpn
Configure OpenVPN Client Settings
Connect to the Admin UI address shown at the end of the install process, using the password for your OpenVPN User.
Click the Client Settings link, and ensure that all options besides “Offer server-locked profile” are checked.
Once the changes to the settings have been saved, you will be prompted to update the running server.
OpenVPN User Management
You can add additional users to your OpenVPN Access Server to enable auditing of connections to your VPN tunnel, and user level access control.
NoteOpenVPN Access Server’s free edition is limited to two users. If you require additional users for your VPN, you can view pricing details and purchase licenses at OpenVPN’s Website
From the admin web interface, click the User Permissions link under User Management.
Enter the new username that you wish to add in the
New Usernamefield at the bottom of the list.
View and configure additional settings for the new user by clicking the Show link in the “More Settings” column.
Click the Save Settings option at the bottom of the page to complete the creation of the new user account.
Permit Autologin Profiles
If you wish to configure autologin profiles, you will need to modify your user settings to allow autologin profiles to be displayed on the connections page.
CautionThis configuration type can be useful for connecting other servers to your VPN on startup, or for configuring a system that will always route all of its traffic over the VPN automatically. Utilizing this type of profile will cause all of your non-local traffic to be routed over the VPN automatically. If you wish to enable and disable your VPN at will, you will want to utilize User or Server locked profiles instead.
From the OpenVPN Access Server admin web interface, visit the User Permissions link.
Fill in the check mark next to “Allow Auto Login” for the required user to enable this profile.
Client Software Installation
Connect to the OpenVPN Access Server Client UI. Click the link to download the OpenVPN Connect software to your computer.
When prompted, click run to kick off the installation process.
Once the installation has completed, you should be presented with the OpenVPN login window. Your server’s IP address should be pre-filled in. You will need to enter the username and password of your OpenVPN user.
You can utilize the OpenVPN icon located in your Windows taskbar to view the status of your VPN connection, and disconnect or reconnect to the VPN.
Connect to the OpenVPN Access Server Client UI, and click the link to download the OpenVPN Connect Software.
Once the DMG package has downloaded, a Finder window will open with the Installer package icon.
Double click the OpenVPN Connect installer package. A prompt will open requesting approval to open the package. Click Open to continue with the installation.
Once the installation process has completed, you will see an OpenVPN icon in your OSX taskbar. Right clicking this icon will bring up the context menu for starting your OpenVPN connection.
Clicking Connect will bring up a window prompting for the OpenVPN username and password. Enter the credentials for your OpenVPN user and click Connect to establish a VPN tunnel.
OpenVPN for Linux
Download and install the OpenVPN client software using your distribution’s package manager.
sudo apt-get install openvpn
sudo yum install OpenVPN
Connect to the OpenVPN Access Server Client UI, and download the appropriate profile for your usage.
NoteIf you are connecting a headless machine to your OpenVPN server, such as another Linode, you will need to utilize the wget tool to download the appropriate profile. You can do so by copying the link from the OpenVPN Access Server client page for your required profile, and then utilizing the wget tool to download the client profile.
Copy the downloaded profile to your
/etc/openvpnfolder, and rename it to
~/Downloads/client.ovpnwith the location of your download folder, if necessary.
sudo cp ~/Downloads/client.ovpn /etc/openvpn/client.conf
Start the OpenVPN Tunnel service. Unless you have configured and downloaded an autologin profile, you will be prompted for your OpenVPN user’s username and password.
sudo service openvpn start
Run the ifconfig command to view your network connections. Once the VPN interface has come online, a
tun0interface will be added to the list.
NoteAfter completing this process on any of the listed operating systems, you can utilize a website such as WhatIsMyIp.com to verify your VPN connectivity. You can also query from the command line with
curl ifconfig.meIf successful, these steps should return the IP address of your Linode rather than your local IP.
- Secure Communications with OpenVPN on Ubuntu 12.04 (Precise) and Debian 7 - Deprecated
- Upgrading glibc for the GHOST Vulnerability
- Disabling SSLv3 for POODLE
- Webmin Control Panel
- Upgrading Bash for the Shellshock Vulnerability
This guide is published under a CC BY-ND 4.0 license.