Home / Tutorials / How to configure a VPN on Linux
OpenVPN XOR Patch on Centos 7

How to configure a VPN on Linux

VPN services are a good way of ensuring internet security and unlimited access to any website. With a good VPN connection, you can be sure that no one can hack into your systems. A VPN connection protects everything that you do on the internet; you are free from any monitoring and censorship.

VPN services grant access to all websites, even the websites that have been geographically restricted like iTunes and Netflix. All this freedom and security for just a few dollars per month!


Linux is not a very common operating system to come across. However, its minimal popularity does not mean that it is substandard. On the contrary, Linux is a good choice when it comes to operating systems.

This operating system is extremely stable and has a higher level of security compared to other operating systems. The fact that Linux is not a common has already been highlighted. For this reason, once you install this operating system you might be wondering how you will configure your computer to a virtually private network.

VPN options

With VPN, there are two options that a client has. There is Open VPN and there PTTP VPN. Both of these options can be configured with Linux operating system to provide you with the full services of the VPN plan you subscribed. The method covered in this article will work with the derivatives of Linux OS such as Linux Mint and Ubuntu.

Configuration for Linux with Open VPN

Open VPN is a very versatile VPN plan. This VPN plan is compatible with all major operating systems, and it can be shared with a huge number of clients. Like in any other operating system, you have to configure both the client side and the server side.

Configure a VPN on Linux

Server-side configuration

Step 1 – Install the package for the Open VPN. You will have to provide the name of the package distributor.

$ sudo apt-get install openvpn

Step 2 – You should then come up with a directory in ‘etc/openvpn’. Paste the contents of ‘easy-rsa’ to this directory; this is a precautionary measure that will protect any update on the package will not result in loss of script changes. Make the owner the current user.

$ sudo mkdir /etc/openvpn/easy-rsa

$ sudo cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa

$ sudo chown -R $USER /etc/openvpn/easy-rsa/

Step 3 – Specify your locality in the directory- ‘etc/openvpn/easy rsa/vars.

export KEY_CITY="CHN"
export KEY_ORG="tgs"
export KEY_EMAIL="admin@findvpn.com"

Step 4 – Come up with the root certificate.

$ cd /etc/openvpn/easy-rsa/

$ source vars

$ ./clean-all

$ ln -s openssl-1.0.0.cnf openssl.cnf

$ ./build-ca

Generating a 1024 bit RSA private key
unable to write 'random state'
writing new private key to 'ca.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [IN]:
State or Province Name (full name) [TN]:
Locality Name (eg, city) [CHN]:
Organization Name (eg, company) [tgs]:
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [changeme]:
Name [changeme]:lakshmanan
Email Address [mail@host.domain]:admin@findvpn.com

Step 5 – Then create the certificate for Open VPN for the server.

$ /etc/openvpn/easy-rsa/build-key-server vpnserver

Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y

Step 6 – Come up with the certificate for the client. Certificates have to be created for all clients. This command will prompt the creation of key files for the client.

$ ./build-key vpnclient1

Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y

Step 7 – After the creation of client certificates, Diffie-Hellman parameters follow.

$ ./build-dh

Step 8 – Copy all certificates (the server, client and root certificates) from directory to their respective locations.

$ cd /etc/openvpn/easy-rsa/keys/

$ sudo cp ca.crt vpnserver.crt vpnserver.key dh1024.pem /etc/openvpn/

$ scp ca.crt vpnclient1.key  vpnclient1.crt root@vpnclient1:/etc/openvpn

Step 9 – After copying the certificates, you will be given a server.conf that will allow you to make the necessary changes to configure the server.

$ sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/

$ sudo gzip -d /etc/openvpn/server.conf.gz

Step 10 – Edit the directory accordingly; /etc/openvpn/server/conf.

ca ca.crt
cert vpnserver.crt
key vpnserver.key
dh dh1024.pem

Step 11 – You can now launch the Open VPN server.

$ sudo /etc/init.d/openvpn start
 * Starting virtual private network daemon(s)... 
 * Autostarting VPN 'server'

$ ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:  P-t-P:  Mask:

Client side configuration

Step 1 – On the client’s side, the configuration files have to setup; this is achieved by first copying the client.conf to the directory; /etc/openvpn.

$ sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/

Step 2 – You will then make the necessary changes to the /etc/openvpn/client.conf.

# Specify that this is openvpn client

remote vpnserver 1194

ca ca.crt

cert vpnclient1.crt

key vpnclient1.key

Step 3 – You can now launch the Open VPN on the client’s side.

$ /etc/init.d/openvpn start
 * Starting virtual private network daemon(s)... 
 * Autostarting VPN 'client'

$ ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:  P-t-P:  Mask:

Step 4 – To test if the VPN is working, ping the vpnserver. If the ping is a success, the configuration has been done the right way, and you can enjoy the VPN connection and its array of benefits.

$ ping

PING ( 56(84) bytes of data.
64 bytes from icmp_req=1 ttl=64 time=2.14 ms

To add other clients

If you have the intention to add other users to the server, you only have to repeat the procedure. Connecting one user does not mean that there will be a shorter procedure for connecting other users.


The procedure outlined above will have a Linux computer configured to an Open VPN. It will work for Debian based operating systems including Ubuntu. VPN connections are important for unblocking restricted websites without anyone noticing.

Check Also

Protect Online Privacy

How to Protect your Online Security

Online security is a trending topic in many online columns these days. This is due …

Leave a Reply

Your email address will not be published. Required fields are marked *