Saturday, June 14, 2025

Setting Up OpenVPN3 Client

 In this guide, we will walk through the steps to install and configure the OpenVPN3 client on both Debian and RHEL systems.

1. Add Repositories and Install the Package

For Debian

  1. Create Keyring Directory and Add Repository Key
    Execute the following commands to create a directory for the keyring and add the OpenVPN repository key:

    sudo mkdir -p /etc/apt/keyrings && curl -fsSL https://packages.openvpn.net/packages-repo.gpg | sudo tee /etc/apt/keyrings/openvpn.asc

  2. Change $DISTRO
    Replace $DISTRO with your Debian distribution name (e.g., bookwormbullseye, etc.), then run this command to add the OpenVPN repository:

    echo "deb [signed-by=/etc/apt/keyrings/openvpn.asc] https://packages.openvpn.net/openvpn3/debian $DISTRO main" | sudo tee /etc/apt/sources.list.d/openvpn-packages.list

  3. Update Package List and Install OpenVPN3
    Finally, update your package list and install OpenVPN3:

    sudo apt update
sudo apt install openvpn3

For RHEL

  1. Install EPEL Repositories
    Ensure that you have the EPEL repositories added. Then, install the OpenVPN3 repository:

    dnf install https://packages.openvpn.net/openvpn-openvpn3-epel-repo-1-1.noarch.rpm

  2. Install OpenVPN3 Client
    Next, install the OpenVPN3 client:

    dnf install openvpn3-client

2. Configure OpenVPN

After copying all required files (key, certificate, ta.keyca.crt, and config.ovpn), follow these steps:

  1. Convert the Key
    Ensure the key is converted to a new RSA key without password protection first (specific steps depend on your key generation method).

  2. Import the Configuration
    Import your OpenVPN configuration:

    openvpn3 config-import --config /file/to/profile.ovpn --name $NAME --persistent

  3. Set Access Control List (ACL)
    Set the ACL to lock down the configuration:

    openvpn3 config-acl --show --lock-down true --grant root --config $NAME

  4. Enable and Start the OpenVPN Session
    Enable and start the OpenVPN session service:

    systemctl enable openvpn3-session@$NAME.service
systemctl start openvpn3-session@$NAME.service

3. Check the Status

  1. Check Service Status
    To verify that the OpenVPN session is running, use:

    systemctl status openvpn3-session@$NAME.service

  2. Check VPN IP Address
    Find the VPN IP address by checking the network interfaces:

    ip addr

    Look for the tun0 device.

  3. Ping the VPN Server
    Finally, test connectivity by pinging the VPN server (replace 10.8.0.1 with your server's IP address):

    ping 10.8.0.1

at
Labels: , ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)

Popular Posts