Portal Home > Knowledgebase > Tutorials / Guides > Linux Debian > OpenVPN for Linux Debian

OpenVPN for Linux Debian

Configuring an access to proxy.sh OpenVPN tunnels on Linux Debian is not much complicated. You just need to follow the following easy steps.

Open a root shell and run the following command to install the OpenVPN package:

        # apt-get install openvpn

Fetch the .ovpn & .crt files from the download link available in your welcome email or via your active VPN package product details (or you can use our configuration files generator), to a temporary location, e.g. /tmp. If you do not already have root privileges, switch to the root user. Then, rename the .ovpn file to .conf (e.g. openvpn.conf). Now copy the downloaded file into OpenVPN's configuration directory:

        # mv /tmp/openvpn.conf /etc/openvpn

Create the file /etc/openvpn/openvpn.auth to store your proxy.sh credentials. It contains just two lines, one with your user name and the other one with your password.



Finally, change the ownership and permissions of the OpenVPN configuration and credential files, so only root has read-only access to them.

        # chown root:wheel /etc/openvpn/openvpn.conf
        # chown root:wheel /etc/openvpn/openvpn.auth
        # chmod 400 /etc/openvpn/openvpn.conf
        # chmod 400 /etc/openvpn/openvpn.auth

Open the file /etc/openvpn/openvpn.conf and append the following line at the end of the file:
auth-user-pass openvpn.auth

When saving passwords for OpenVPN, keep in mind that they are saved in plain text and that there is no hashing applied. This means that everybody having access to your machine, either physically or via the network, is able to read your user name and your password. We strongly advice to use at least an encrypted container to store your credentials. On Debian Linux, LUKS can be used for this purpose.

Let's then make sure you have the VPN switched on every time you logged into your account.

Verify that OpenVPN's start-up script works correctly.

        # /etc/init.d/openvpn start

Invoke ifconfig and ip route show like you did it before and verify that the connection got established as expected. Then stop OpenVPN.

        # /etc/init.d/openvpn stop

The OpenVPN package on Debian Linux automatically installs its start-up scripts on all run levels. This means that after the test run was successful, OpenVPN starts all available configurations during system start-up.

If you dislike this behaviour or you do not want to start OpenVPN by default, edit /etc/default/openvpn and change the AUTOSTART parameter accordingly, e.g. set it to none to disable OpenVPN during the system start-up at all. To start and stop OpenVPN, the above mentioned commands can be used.

Voila, that's pretty much about it. Enjoy!

NB: If you encounter difficulties to connect with OpenVPN, please try to connect to other servers or try alternative ports, especially more "discreet" ones such as TCP 443 or TCP 80. Please also make sure that the port you are connecting through is fully opened in your firewall/router/network. Below, you will find an aggregate of useful guides and articles that will help you troubleshoot your problems, should you have any.

Guide for setting up Safejumper (OpenVPN) on Linux Debian.
I cannot find the .ovpn and .crt files necessary for OpenVPN. Where are they?
No matter how hard I try, I cannot succesfully connect to OpenVPN.
I can't access any website through my browser while connected to VPN.
I am connected to the VPN but my IP is not yet hidden. Help!
I am having some kind of other problem. Where can I find some help?
How can I find the local log files of my VPN client?

If you still cannot connect successfully, please open a support ticket and include either a copy of your logs or a screenshot of your configuration and encountered errors. Logs can usually be found in software menus or settings, as well as their directories of installation (.log or .txt files). If you do not include a log or a screenshot, it will be hard for us to help you resolve the issues you have with connecting to our network.