Installing OpenVPN on Debian

List of content you will read in this article:

Today's online concerns about the safety of communications over the net are more paramount than at any time in the past. To that end, OpenVPN is indeed one of the greatest single-source codes of open-source VPN solutions that offer a secure and encrypted connection with privacy and data protection features. Whether you want to set up a VPN for different purposes, such as remote access, breaking geoblocking, or securing an internal network from outside forces, OpenVPN is for you. 

In this article, you will learn the whole installation and configuration guide for OpenVPN on a Debian system through the various setups for both server and client. By the end, you will have your complete working VPN for which your online security and anonymity will now improve significantly.

What is OpenVPN and Why Should You Use It on Debian?

OpenVPN is an undoubtedly trusted alternative open-source VPN that creates a private tunnel between the Debian system and a remote server to secure the online activities of the user from hackers, ISPs, and any third-party entities. Protects sensitive data, circumvents geo-restrictions, or enables secure remote access these are functions that Open VPN would guarantee by providing good reliable, and configurative solutions. 

OpenVPN is focused on high-grade encryption standards combined with extensive modification options, which make dynamic this program for all users serious about their online safety and privacy. This will cover the complete installation & setup of OpenVPN on a Debian-based system.

Learn about the Ubuntu OS using the link: What is Ubuntu?

• Military-Grade Encryption: OpenVPN uses AES-256 encryption and secure tunneling protocols to safeguard your data from cyber threats.
• Cross-Platform Compatibility: While Debian is a preferred choice for servers, OpenVPN also works seamlessly across Linux, Windows, macOS, Android, and iOS.
• Bypass Geo-Restrictions: Mask your real IP address and securely access content that is otherwise restricted in your region.
• Secure Remote Access: Businesses can deploy OpenVPN on Debian servers to allow employees to securely connect to internal networks from anywhere.
• Open-Source & Highly Customizable: With open-source code, OpenVPN allows users to tweak configurations, enhance security settings, and integrate additional authentication layers.
• Reliable and Flexible Performance: OpenVPN supports both UDP and TCP modes, allowing users to optimize performance based on speed or reliability requirements. 

If you want to learn about the differences between VPN and VPS, read the article: VPN vs VPS

How to Install OpenVPN on Debian

OpenVPN is a powerful open-source VPN solution that provides secure and encrypted connections, protecting your online activities from prying eyes. Whether you want to set up a private VPN server for secure remote access or bypass geo-restrictions, OpenVPN on Debian is a reliable choice. This guide will walk you through the entire process of installing and configuring OpenVPN on a Debian-based system, covering both server and client setups.

Update Your System

Before installing OpenVPN, update your Debian system to ensure all packages are up to date. Run the following commands:

sudo apt update && sudo apt upgrade -y

Install OpenVPN and Easy-RSA

OpenVPN requires Easy-RSA, a tool for managing SSL certificates. Install both using:

sudo apt install openvpn easy-rsa -y

Once installed, verify the installation:

openvpn --version

Set Up the OpenVPN Server

Create the OpenVPN Directory for Certificates

make-cadir ~/openvpn-ca

cd ~/openvpn-ca

Edit the “vars” file in the Easy-RSA directory to set up certificate details:

nano vars

Modify the following values to match your organization:

set_var EASYRSA_REQ_COUNTRY    "US"

set_var EASYRSA_REQ_PROVINCE   "California"

set_var EASYRSA_REQ_CITY       "San Francisco"

set_var EASYRSA_REQ_ORG        "MONOVM"

set_var EASYRSA_REQ_EMAIL      "admin@monovm.com"

set_var EASYRSA_REQ_OU         "IT”

Save and exit (CTRL+X, then Y, then Enter).

Initialize the Public Key Infrastructure (PKI):

./easyrsa init-pki

./easyrsa build-ca

You'll be prompted to create a password and enter certificate details.

Generate Server and Client Certificates

Create the Server Certificate and Key

./easyrsa gen-req server nopass

./easyrsa sign-req server server

Generate the Diffie-Hellman Key

./easyrsa gen-dh

Generate a Strong HMAC Key

openvpn --genkey --secret ta.key

Configure the OpenVPN Server

Copy Required Files to the OpenVPN Directory

sudo cp pki/ca.crt pki/private/server.key pki/issued/server.crt pki/dh.pem ta.key /etc/openvpn/

Create the OpenVPN Configuration File

sudo nano /etc/openvpn/server.conf

Paste the following configuration:

port 1194

proto udp

dev tun

ca /etc/openvpn/ca.crt

cert /etc/openvpn/server.crt

key /etc/openvpn/server.key

dh /etc/openvpn/dh.pem

tls-auth /etc/openvpn/ta.key 0

server 10.8.0.0 255.255.255.0

keepalive 10 120

persist-key

persist-tun

status /var/log/openvpn-status.log

verb 3

Save and exit.

Enable IP Forwarding and Firewall Rules

Edit the sysctl configuration file:

sudo nano /etc/sysctl.conf

Uncomment the following line:

net.ipv4.ip_forward=1

Apply the changes:

sudo sysctl -p

Allow traffic forwarding:

sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Save the firewall rules:

sudo apt install iptables-persistent

sudo netfilter-persistent save

sudo netfilter-persistent reload

Start and Enable the OpenVPN Service

sudo systemctl start openvpn@server

sudo systemctl enable openvpn@server

Check if OpenVPN is running:

sudo systemctl status openvpn@server

Configure OpenVPN Clients

On the client machine, install OpenVPN:

sudo apt install openvpn -y

Transfer the following files from the server to the client (“scp” or “SFTP” can be used):

ca.crt

client.crt

client.key

ta.key

Create a client configuration file (client.ovpn):

client

dev tun

proto udp

remote SERVER_IP 1194

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

cert client.crt

key client.key

tls-auth ta.key 1

cipher AES-256-CBC

verb 3

Run the VPN connection on the client:

sudo openvpn --config client.ovpn

Verify Connection

Once the client is connected, check the VPN interface on the server:

ip a show tun0

You should see an assigned IP address confirming a successful VPN connection.

If you want to learn how to check the Debian version, read the article below:
How to check the Debian version?

Troubleshooting Common OpenVPN Issues on Debian

After an installation is deemed successful, some problems may still arise while running OpenVPN on Debian. Problems include connection failures, authentication failures, firewall restrictions, and DNS leaks. These issues arise from server misconfiguration or client configuration, wrong firewall rules, or missing dependencies. 

To troubleshoot OpenVPN, one would need to check log files, verify network settings, and ensure that the services concerned are all up and running smoothly. Below is the table containing some OpenVPN problems and their solutions.

Conclusion

Installing and configuring OpenVPN on a Debian server further secures and encrypts communication channels. These, in turn, shield your online activities and provide secure remote access to private networks. This step-by-step guide enabled you to install, configure, and troubleshoot common OpenVPN issues. For personal privacy, Aussie OpenVPN, circumvention of geo-restrictions, or securing business operations, a proper set of firewall rules, DNS, and IP forwarding is vital for a smooth VPN experience. If the VPN incurs any problems, logs and configuration checks will help eliminate them very quickly.