How to install OpenVPN Server on Debian 9

Debian Tutorial – This tutorial is going to show you how to install OpenVPN on Debian 9 Stretch. OpenVPN is a great solution that provide a secure connection over the internet. The VPN (Virtual Private Network) can protect you from the bad guy when you connected to public WiFi or else.

On this example, I have a droplet (virtual server) at DigitalOcean. You may also power up a small droplet like mine with $5 per month. Make a note the public IP address of the droplet. We will use the IP address of the droplet on this tutorial. For example, your public IP is : 139.59.105.22

Steps to install OpenVPN on Debian 9

Step 1. Get the Public IP address

In DigitalOcean dashboard, you can see current IP address of the droplet easily.

Step 2. Update and Upgrade Debian

Make sure your system is up to date.

apt update
apt upgrade

Step 3. Install and configure UFW (Uncomplicated Firewall)

We need to install and configure the UFW on Debian 9. Its pretty easy.

Install UFW

apt install ufw

Configure ufw to enable some important ports

ufw allow 22
ufw allow 443
ufw allow 80
ufw enable
ufw status

Output

root@debian-openvpn:~# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? 


root@debian-openvpn:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
22 (v6)                    ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)             

root@debian-openvpn:~#

At this point ufw is up and running and access to port 80, 442 and 22 is enabled.

Step 4. Download install script

 wget https://git.io/vpn -O openvpn-install.sh

Step 5. Run the install script

bash openvpn-install.sh

You will be asked to enter your IP address, port etc. Please make sure you change the IP address with your Public IP address.

Welcome to this quick OpenVPN "road warrior" installer

I need to ask you a few questions before starting the setup
You can leave the default options and just press enter if you are ok with them

First I need to know the IPv4 address of the network interface you want OpenVPN
listening to.
IP address: 139.59.105.22

Which protocol do you want for OpenVPN connections?
   1) UDP (recommended)
   2) TCP
Protocol [1-2]: 1

What port do you want OpenVPN listening to?
Port: 1194

Which DNS do you want to use with the VPN?
   1) Current system resolvers
   2) Google
   3) OpenDNS
   4) NTT
   5) Hurricane Electric
   6) Verisign
DNS [1-6]: 1

Finally, tell me your name for the client certificate
Please, use one word only, no special characters
Client name: debian-openvpn

Okay, that was all I needed. We are ready to setup your OpenVPN server now
Press any key to continue...

The installation process will take place. It took some times so be patient. At this point, our OpenVPN Server is ready. You can now check firewall rule

cat /etc/rc.local

Output

root@debian-openvpn:~# cat /etc/rc.local
#!/bin/sh -e
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 139.59.105.37
exit 0

How to start, stop and check status of the OpenVPN Server Service

#start service
systemctl start openvpn@server

#stop service
systemctl stop openvpn@server

#check status
systemctl status openvpn@server

Download the configuration file

Now we can download the ovpn configuration file. This file will be used to connect to the server. We can use scp command to do this

scp root@139.59.105.22:~/debian-openvpn.ovpn /home/dhani/Desktop

Change the details above with your own.

3 Comments

  1. Bonjour,

    Merci pour votre tuto.
    Je viens de faire l’installation d’openVPN sur mon serveur qui est sous Debian 9 sur lequel j’ai créer une seedbox et après avoir utilisé la commande “systemctl start openvpn@server” j’ai vérifier en utilisant la commande “systemctl status openvpn@server” et la voici ce qui est apparu :

    root@ns335252:~# systemctl start openvpn@server
    root@ns335252:~# systemctl status openvpn@server
    openvpn@server.service – OpenVPN connection to server
    Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset
    Active: failed (Result: exit-code) since Sun 2017-12-03 00:34:39 CET; 29s ago
    Docs: man:openvpn(8)
    https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
    https://community.openvpn.net/openvpn/wiki/HOWTO
    Process: 24488 ExecStart=/usr/sbin/openvpn –daemon ovpn-server –status /run/
    Main PID: 24489 (code=exited, status=1/FAILURE)

    déc. 03 00:34:39 ns335252 ovpn-server[24489]: Could not determine IPv4/IPv6 prot
    déc. 03 00:34:39 ns335252 ovpn-server[24489]: Socket Buffers: R=[212992->212992]
    déc. 03 00:34:39 ns335252 ovpn-server[24489]: TCP/UDP: Socket bind failed on loc
    déc. 03 00:34:39 ns335252 ovpn-server[24489]: Exiting due to fatal error
    déc. 03 00:34:39 ns335252 ovpn-server[24489]: Closing TUN/TAP interface
    déc. 03 00:34:39 ns335252 ovpn-server[24489]: /sbin/ip addr del dev tun1 10.8.0.
    déc. 03 00:34:39 ns335252 systemd[1]: Started OpenVPN connection to server.
    déc. 03 00:34:39 ns335252 systemd[1]: openvpn@server.service: Main process exite
    déc. 03 00:34:39 ns335252 systemd[1]: openvpn@server.service: Unit entered faile
    déc. 03 00:34:39 ns335252 systemd[1]: openvpn@server.service: Failed with result
    lines 1-19/19 (END)
    openvpn@server.service – OpenVPN connection to server
    Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
    Active: failed (Result: exit-code) since Sun 2017-12-03 00:34:39 CET; 29s ago
    Docs: man:openvpn(8)
    https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
    https://community.openvpn.net/openvpn/wiki/HOWTO
    Process: 24488 ExecStart=/usr/sbin/openvpn –daemon ovpn-server –status /run/openvpn/se
    Main PID: 24489 (code=exited, status=1/FAILURE)

    déc. 03 00:34:39 ns335252 ovpn-server[24489]: Could not determine IPv4/IPv6 protocol. Usin
    déc. 03 00:34:39 ns335252 ovpn-server[24489]: Socket Buffers: R=[212992->212992] S=[212992
    déc. 03 00:34:39 ns335252 ovpn-server[24489]: TCP/UDP: Socket bind failed on local address
    déc. 03 00:34:39 ns335252 ovpn-server[24489]: Exiting due to fatal error
    déc. 03 00:34:39 ns335252 ovpn-server[24489]: Closing TUN/TAP interface
    déc. 03 00:34:39 ns335252 ovpn-server[24489]: /sbin/ip addr del dev tun1 10.8.0.1/24
    déc. 03 00:34:39 ns335252 systemd[1]: Started OpenVPN connection to server.
    déc. 03 00:34:39 ns335252 systemd[1]: openvpn@server.service: Main process exited, code=ex
    déc. 03 00:34:39 ns335252 systemd[1]: openvpn@server.service: Unit entered failed state.
    déc. 03 00:34:39 ns335252 systemd[1]: openvpn@server.service: Failed with result ‘exit-cod
    ~
    ~
    Dons si j’ai bien compris celui ne fonctionne pas correctement.
    Pouvez-vous me venir en aide.
    Je vous en remercie par avance.
    (Je suis débutant sous Linux)
    Samuël

  2. J’ai fait une erreur lorsque j’ai posté ma question, j’aurais surement du masqué le nom de mon serveur a chaque fois

Leave a Reply