Debian Tutorial – This tutorial is going to show you how to install OpenVPN on Debian 9 Stretch. OpenVPN is a great solution that provide a secure connection over the internet. The VPN (Virtual Private Network) can protect you from the bad guy when you connected to public WiFi or else.
On this example, I have a droplet (virtual server) at DigitalOcean. You may also power up a small droplet like mine with $5 per month. Make a note the public IP address of the droplet. We will use the IP address of the droplet on this tutorial. For example, your public IP is : 220.127.116.11
Steps to install OpenVPN on Debian 9
Step 1. Get the Public IP address
In DigitalOcean dashboard, you can see current IP address of the droplet easily.
Step 2. Update and Upgrade Debian
Make sure your system is up to date.
apt update apt upgrade
Step 3. Install and configure UFW (Uncomplicated Firewall)
We need to install and configure the UFW on Debian 9. Its pretty easy.
apt install ufw
Configure ufw to enable some important ports
ufw allow 22 ufw allow 443 ufw allow 80
ufw enable ufw status
root@debian-openvpn:~# ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? root@debian-openvpn:~# ufw status Status: active To Action From -- ------ ---- 22 ALLOW Anywhere 443 ALLOW Anywhere 80 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) root@debian-openvpn:~#
At this point ufw is up and running and access to port 80, 442 and 22 is enabled.
Step 4. Download install script
wget https://git.io/vpn -O openvpn-install.sh
Step 5. Run the install script
You will be asked to enter your IP address, port etc. Please make sure you change the IP address with your Public IP address.
Welcome to this quick OpenVPN "road warrior" installer I need to ask you a few questions before starting the setup You can leave the default options and just press enter if you are ok with them First I need to know the IPv4 address of the network interface you want OpenVPN listening to. IP address: 18.104.22.168 Which protocol do you want for OpenVPN connections? 1) UDP (recommended) 2) TCP Protocol [1-2]: 1 What port do you want OpenVPN listening to? Port: 1194 Which DNS do you want to use with the VPN? 1) Current system resolvers 2) Google 3) OpenDNS 4) NTT 5) Hurricane Electric 6) Verisign DNS [1-6]: 1 Finally, tell me your name for the client certificate Please, use one word only, no special characters Client name: debian-openvpn Okay, that was all I needed. We are ready to setup your OpenVPN server now Press any key to continue...
The installation process will take place. It took some times so be patient. At this point, our OpenVPN Server is ready. You can now check firewall rule
root@debian-openvpn:~# cat /etc/rc.local #!/bin/sh -e iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -I INPUT -p udp --dport 1194 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 22.214.171.124 exit 0
How to start, stop and check status of the OpenVPN Server Service
#start service systemctl start openvpn@server #stop service systemctl stop openvpn@server #check status systemctl status openvpn@server
Download the configuration file
Now we can download the ovpn configuration file. This file will be used to connect to the server. We can use scp command to do this
scp firstname.lastname@example.org:~/debian-openvpn.ovpn /home/dhani/Desktop
Change the details above with your own.