BestHub
Sign in
Information Security 11 min read

Step-by-Step Guide to Setting Up OpenVPN Server and Client on Linux

This tutorial explains what a VPN is, outlines its two main types, introduces OpenVPN, and provides detailed, command‑line instructions for installing, configuring, and testing both the OpenVPN server and client on a Linux environment.

MaGe Linux Operations
MaGe Linux Operations
MaGe Linux Operations
Step-by-Step Guide to Setting Up OpenVPN Server and Client on Linux

VPN stands for Virtual Private Network. It enables computers to send and receive data between private networks over a public network (Internet), which is useful for remote workers, branch connectivity, and secure access to internal servers.

VPN Types

Remote Access

Site-to-Site

Remote Access connects individual computers to a network, while Site‑to‑Site links two networks together.

What is OpenVPN

OpenVPN is an open‑source VPN daemon created by James Yonan. It is a powerful and highly flexible VPN solution that supports SSL/TLS security, Ethernet bridging, TCP/UDP tunneling through proxies or NAT, dynamic IP and DHCP, scalability for thousands of users, and portability across major operating systems.

This tutorial explains how to set up and configure an OpenVPN server and client for remote access.

1. Configure OpenVPN – Server

1. Install OpenVPN

$ sudo apt-get install openvpn

Use the appropriate package manager for your distribution. For yum‑based systems:

$ yum install openvpn

2. Create directory and set environment variables

Create /etc/openvpn/easy-rsa and copy the easy‑rsa contents into it so that script changes are preserved during package upgrades. Change ownership to the current user.

$ sudo mkdir /etc/openvpn/easy-rsa
$ sudo cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
$ sudo chown -R $USER /etc/openvpn/easy-rsa/

Edit /etc/openvpn/easy-rsa/vars to match your environment:

export KEY_COUNTRY="IN"
export KEY_PROVINCE="TN"
export KEY_CITY="CHN"
export KEY_ORG="tgs"
export KEY_EMAIL="[email protected]"

3. Create CA – Certificate Authority (root certificate)

Build the public‑key infrastructure so the server and clients can authenticate each other.

$ cd /etc/openvpn/easy-rsa/
$ source vars
$ . /clean-all
$ ln -s openssl-1.0.0.cnf openssl.cnf
$ . /build-ca

After ./build-ca finishes, you will find ca.key and ca.crt in /etc/openvpn/easy-rsa/keys/. Keep the .key file secret.

4. Create server certificate

Generate a certificate and key for the OpenVPN server (replace vpnserver with your server’s hostname).

$ /etc/openvpn/easy-rsa/build-key-server vpnserver
... (sign the request with "y")

5. Create client certificate

Each client needs its own certificate. Example for a client named vpnclient1:

$ . /build-key vpnclient1
... (sign the request with "y")

6. Generate Diffie‑Hellman parameters

$ . /build-dh

After completing the above steps, the /etc/openvpn/easy-rsa/keys directory contains all necessary keys and certificates.

7. Copy certificates to appropriate locations

$ cd /etc/openvpn/easy-rsa/keys/
$ sudo cp ca.crt vpnserver.crt vpnserver.key dh1024.pem /etc/openvpn/
$ scp ca.crt vpnclient1.key vpnclient1.crt root@vpnclient1:/etc/openvpn

Remember to transfer key files securely (e.g., using scp).

8. Configure the server

Copy the sample server.conf and edit it.

$ sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
$ sudo gzip -d /etc/openvpn/server.conf.gz

Edit /etc/openvpn/server.conf to include:

ca ca.crt
cert vpnserver.crt
key vpnserver.key
dh dh1024.pem

Start the OpenVPN server:

$ sudo /etc/init.d/openvpn start
$ ifconfig tun0

By default, OpenVPN logs errors to the syslog file.

2. Configure OpenVPN – Client

9. Set up client configuration file

Copy the sample client.conf to /etc/openvpn and edit it.

$ sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/
# Specify that this is an OpenVPN client
client
remote vpnserver 1194
ca ca.crt
cert vpnclient1.crt
key vpnclient1.key

10. Start the client

$ /etc/init.d/openvpn start
$ ifconfig tun0

11. Test the VPN setup

Ping the server from the client to verify connectivity:

$ ping 10.8.0.1

If the ping succeeds, the VPN is correctly configured.

12. Important notes

Ensure the client and server use the same protocol and port.

Both sides must share identical parameters such as key size and compression.

If problems arise, increase log verbosity in the configuration and check the syslog for troubleshooting.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

LinuxVPNClient ConfigurationOpenVPN
MaGe Linux Operations
Written by

MaGe Linux Operations

Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment