- How to Install & Connect OpenVPN Client on Ubuntu
- Prerequisites
- Step 1 – Installing OpenVPN Client on Ubuntu
- Step 2 – Connecting to a VPN Server with OpenVPN Client
- Step 3 – Verify Connection
- Troubleshooting Tips for Installing OpenVPN Client on Ubuntu
- Alternatives to Installing OpenVPN Client on Ubuntu
- Conclusion
- OpenVPN 3 Client for Linux
- Installation as Connector for CloudConnexa
- Installation for Debian and Ubuntu
- Important
- Installation for Fedora, Red Hat Enterprise Linux, CentOS, or Scientific Linux
- Note
- Using .ovpn Profile
- Mandatory Commands
- Important
- Note
- Important
- Note
How to Install & Connect OpenVPN Client on Ubuntu
Are you looking to install and connect OpenVPN Client on Ubuntu? It’s easy to do! In this guide, we’ll walk you through the process step-by-step. Assuming one of your clients wants to secure a connection to their server. The client has configured OpenVPN server on their network and provide you client configuration file. By the end, you’ll have a secure, encrypted connection to your VPN server. So, let’s get started!
Prerequisites
Before you can install OpenVPN Client on Ubuntu, you’ll need to make sure you have the following:
- The latest version of Ubuntu is installed on your computer.
- A reliable internet connection.
- An OpenVPN configuration file, which you can get from your VPN provider.
- A working VPN account.
Once you have all the prerequisites in place, you’re ready to start installing OpenVPN Client on Ubuntu.
Step 1 – Installing OpenVPN Client on Ubuntu
Installing OpenVPN Client on Ubuntu is relatively easy. Just follow the steps below and you should be up and running in no time.
- Open a terminal window on your Ubuntu machine and type in the following command: sudo apt install openvpn . This will install the OpenVPN package on your system.
sudo apt update && sudo apt install openvpn -y
sudo nano /etc/openvpn/client.conf
Step 2 – Connecting to a VPN Server with OpenVPN Client
Once you’ve installed OpenVPN Client on Ubuntu, you can easily connect to a VPN server. All you need to do is type in the following command in the terminal window:
sudo openvpn --config /etc/openvpn/client.conf
This will start the OpenVPN Client and you’ll be prompted to enter your VPN username and password. Once you’ve done that, you’ll be connected to the VPN server.
Output:Sat Feb 29 15:39:18 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]69.87.218.145:1194 Sat Feb 29 15:39:18 2020 Socket Buffers: R=[212992->212992] S=[212992->212992] Sat Feb 29 15:39:18 2020 UDP link local: (not bound) Sat Feb 29 15:39:18 2020 UDP link remote: [AF_INET]69.87.218.145:1194 Sat Feb 29 15:39:18 2020 TLS: Initial packet from [AF_INET]69.87.218.145:1194, sid=6d27e1cb 524bd8cd Sat Feb 29 15:39:18 2020 VERIFY OK: depth=1, CN=Easy-RSA CA Sat Feb 29 15:39:18 2020 VERIFY OK: depth=0, CN=tecadmin-server Sat Feb 29 15:39:18 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA Sat Feb 29 15:39:18 2020 [tecadmin-server] Peer Connection Initiated with [AF_INET]69.87.218.145:1194 Sat Feb 29 15:39:19 2020 SENT CONTROL [tecadmin-server]: 'PUSH_REQUEST' (status=1) Sat Feb 29 15:39:19 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 20,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' Sat Feb 29 15:39:19 2020 OPTIONS IMPORT: timers and/or timeouts modified Sat Feb 29 15:39:19 2020 OPTIONS IMPORT: --ifconfig/up options modified Sat Feb 29 15:39:19 2020 OPTIONS IMPORT: route options modified
Step 3 – Verify Connection
Once your client machine successfully established the VPN connection, A new virtual interface is created on your system named tun0. The OpenVPN server assigned an IP address to this interface based on server configuration. This IP will be in the same network as the VPN server. To view IP address of this virtual interface, type:
Output:4: tun0: mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100 link/none inet 10.8.0.6 peer 10.8.0.5/32 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::7226:57b1:f101:313b/64 scope link stable-privacy valid_lft forever preferred_lft forever
You can also check the OpenVPN server log to verify the connection status:
sudo tail -f /var/log/openvpn.log
You should see the following output:
Output:Fri Feb 21 15:39:18 2020 45.58.34.83:37445 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA Sat Feb 29 15:41:18 2020 45.58.34.83:37445 [client] Peer Connection Initiated with [AF_INET]45.58.34.83:37445 Sat Feb 29 15:41:18 2020 client/45.58.34.83:37445 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled) Sat Feb 29 15:41:18 2020 client/45.58.34.83:37445 MULTI: Learn: 10.8.0.6 -> client/45.58.34.83:37445 Sat Feb 29 15:41:18 2020 client/45.58.34.83:37445 MULTI: primary virtual IP for client/45.58.34.83:37445: 10.8.0.6 Sat Feb 29 15:41:19 2020 client/45.58.34.83:37445 PUSH: Received control message: 'PUSH_REQUEST' Sat Feb 29 15:41:19 2020 client/45.58.34.83:37445 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 20,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1) Sat Feb 29 15:41:19 2020 client/45.58.34.83:37445 Data Channel: using negotiated cipher 'AES-256-GCM' Sat Feb 29 15:41:19 2020 client/45.58.34.83:37445 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Sat Feb 29 15:41:19 2020 client/45.58.34.83:37445 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Troubleshooting Tips for Installing OpenVPN Client on Ubuntu
If you’re having trouble installing OpenVPN Client on Ubuntu, here are a few troubleshooting tips that might help:
- Make sure that your OpenVPN configuration file is correct. Double-check it for any typos or errors and make sure all the settings are correct.
- Make sure that your internet connection is stable and fast. If your connection is slow or unreliable, it may cause issues with the installation process.
- If you’re still having trouble, try reinstalling the OpenVPN package. You can do this by typing in the following command in the terminal window: sudo apt —purge remove openvpn followed by sudo apt install openvpn .
- If you still can’t get it to work, try using a different OpenVPN client. There are several alternatives available such as OpenConnect, OpenVPN GUI, or Viscosity.
Alternatives to Installing OpenVPN Client on Ubuntu
If you don’t want to install OpenVPN Client on Ubuntu, there are several alternatives available. Here are some of the most popular ones:
- OpenConnect – This is an open-source VPN client that is compatible with most VPN providers. It supports both command-line and GUI options.
- OpenVPN GUI – This is a graphical user interface for OpenVPN. It’s user-friendly and easy to set up.
- Viscosity – This is a commercial VPN client that supports a wide range of VPN protocols. It’s user-friendly and fully featured.
Conclusion
Installing OpenVPN Client on Ubuntu is easy. Just follow the steps outlined in this guide and you’ll be connected to a secure, encrypted VPN server in no time. Make sure to double-check your OpenVPN configuration file for any typos or errors, and if you’re still having trouble, try using a different OpenVPN client. Good luck!
If you found this guide helpful, please share it with your friends and family. And if you have any questions or comments, feel free to leave them in the comments section below.
OpenVPN 3 Client for Linux
The OpenVPN 3 Linux project is a new client built on top of the OpenVPN 3 Core Library, which is also used in the various OpenVPN Connect clients and OpenVPN for Android (need to be enabled via the settings page in the app).
This client is built around a completely different architecture in regard to usage. It builds heavily on D-Bus and allows unprivileged Users to start and manage their own WPC tunnels out-of-the-box. System Administrators wanting more control can also control and restrict this access both by hardening the default OpenVPN 3 D-Bus policy or facilitating features in OpenVPN 3 Linux.
Even though the project name carries “Linux”, it doesn’t mean it is restricted to Linux only. Any platform which has D-Bus available should be capable of running this client in theory. But since D-Bus is most commonly used in Linux environments, this will naturally be the primary focus for the project.
The release notes are stored in git tags in the project git repository. They can also be viewed here: https://github.com/OpenVPN/openvpn3-linux/releases (expand the tag to see the full text).
Installation as Connector for CloudConnexa
Installation of CloudConnexa 3 client as a Connector for CloudConnexa Host or Network has been simplified and documented here.
Installation for Debian and Ubuntu
Follow these steps in order to install OpenVPN 3 Client on Linux for Debian and Ubuntu:
- Open the Terminal by pressing ctrl + alt + T .
- Type the following command into the Terminal: sudo wget https://swupdate.openvpn.net/repos/openvpn-repo-pkg-key.pub . This will install the OpenVPN repository key used by the OpenVPN 3 Linux packages.
- Type the following command into the Terminal: curl -fsSL https://swupdate.openvpn.net/repos/openvpn-repo-pkg-key.pub | gpg —dearmor | sudo tee /etc/apt/trusted.gpg.d/openvpn-repo-pkg-keyring.gpg . This will install the OpenVPN repository key used by the OpenVPN 3 Linux packages.
- Type the following command into the Terminal: DISTRO=$(lsb_release -c | awk ») . This will detect the OS distribution and will be automatically used in the next command.
Important
It is recommended to be cautious of the distribution and release you are running. Distribution and version should preferably be retrieved using the hostnamectl command, where the user needs to link the Operating System field with the supported distros table.
Distribution
Release name ($DISTRO)
Installation for Fedora, Red Hat Enterprise Linux, CentOS, or Scientific Linux
Packages for these distributions are provided via a Fedora Copr repository. Supported versions:
Distribution
Release versions
Red Hat Enterprise Linux / CentOS
In order to install the OpenVPN 3 Client for Fedora , Red Hat Enterprise Linux , CentOS , or Scientific Linux , follow the steps below:
- Open Terminal by typing terminal into the search bar.
- If you are running Red Hat Enterprise Linux or its clones, you need to install the Fedora EPEL repository first. Here is the list of commands for each version: (The original article on Fedora EPEL can be found here). RHEL/CentOS 6 : sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm RHEL/CentOS 7 : sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm On RHEL 7 it is recommended to also enable the optional, extras , and HA repositories since EPEL packages may depend on packages from these repositories: sudo subscription-manager repos —enable «rhel-*-optional-rpms» —enable «rhel-*-extras-rpms» —enable «rhel-ha-for-rhel-*-server-rpms RHEL/CentOS 8 : sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm On RHEL 8 it is required to also enable the codeready-builder-for-rhel-8-$-rpms repository since EPEL packages may depend on packages from it: sudo ARCH=$( /bin/arch ) followed by sudo subscription-manager repos —enable «codeready-builder-for-rhel-8-$-rpms On CentOS 8 it is recommended to also enable the PowerTools repository since EPEL packages may depend on packages from it: sudo dnf config-manager —set-enabled PowerTools
- You need to install the yum copr module first by running the following command: sudo yum install yum-plugin-copr .
Note
Using .ovpn Profile
Please note that by this point you should have downloaded a .ovpn Profile to your machine.
Mandatory Commands
- In order to start a one-shot configuration Profile, type the following command into the Terminal: openvpn3 session-start —config $ .
Important
A » one-shot configuration Profile » means that the configuration file is parsed, loaded, and deleted from the configuration manager as soon as the WPC session has been started. No configuration file is available for re-use after this approach. This is achieved by giving the configuration file to the openvpn3 session-start command directly.
Note
Using this approach, an imported configuration file can be used several times, and access to the configuration file itself is not needed to start WPC tunnels. By default, configuration profiles imported are only available to the User who imported the configuration file. But OpenVPN 3 Linux also provides an Access Control List feature via openvpn3 config-acl to grant access to specific or all Users on the system.
Important
This loads the configuration Profile and stores it in memory-only . That means, if the system is rebooted, the configuration Profile is not preserved. If the –persistent argument is added to the command line above, the configuration Profile will be saved to disk in a directory only accessible by the CloudConnexa User. Whenever the Configuration Manager is started, configuration files imported with –persistent will be automatically loaded as well.
Note
When a configuration Profile is available via openvpn3 configs-list , it can easily be started via openvpn3 session-start using the configuration Profile name (typically the filename used during the import)