Whether you’re securing traffic between servers, accessing private infrastructure, or tunneling deployments through a trusted gateway, this guide will walk you through a professional and secure OpenVPN client setup on your VPS.
π€ Why Set Up an OpenVPN Client on a VPS?
Using your VPS as a VPN client opens up a ton of possibilities:
- Access Private Networks: Reach internal infrastructure (like dev servers, databases, or private APIs) without exposing them publicly.
- Secure Your Backups or Deployments: Encrypt traffic when syncing data to storage or deploying code to sensitive environments.
- Enable Remote Monitoring: Access logs and metrics from private systems, securely.
This is particularly useful if you’re working with hybrid cloud setups, multiple environments (prod/staging/dev), or you just want an extra layer of control and security.
π οΈ Step 1: Install OpenVPN on the VPS
Start by installing OpenVPN via your package manager:
sudo apt update && sudo apt install openvpn -y
π‘ This guide assumes you’re on a Debian-based distro like Ubuntu. Adjust commands for other distros (e.g., use
yumordnfon CentOS/RHEL).
π Step 2: Prepare the Configuration Files
OpenVPN config files often come in the .ovpn format. Move and rename it appropriately:
sudo mkdir -p /etc/openvpn/client
sudo mv ~/Downloads/client.ovpn /etc/openvpn/client/client.conf
π Systemd expects the config to be named according to the service pattern
openvpn-client@<name>.service, soclient.confmakes sense.
π Step 3: Securely Store Your VPN Credentials
Never pass your username and password directly on the command line.Create the auth.txt File:
sudo nano /etc/openvpn/client/auth.txt
Add:
your_vpn_username
your_vpn_password
Lock it down:
sudo chmod 600 /etc/openvpn/client/auth.txt
sudo chown root:root /etc/openvpn/client/auth.txt
Update your OpenVPN config to use the credentials:
auth-user-pass /etc/openvpn/client/auth.txt
π Step 4: Start the OpenVPN Client Service
Enable and start the service:
sudo systemctl enable openvpn-client@client
sudo systemctl start openvpn-client@client
Check the status:
sudo systemctl status openvpn-client@client
π If it’s not running, check the logs in the troubleshooting section below.
π§ͺ Step 5: Verify That the VPN Is Working
Check for the VPN interface (tun0):
ip a show tun0
Then ping something through the tunnel:
ping 8.8.8.8 -I tun0
If that works, you’re officially connected! π
π Step 6: Add Custom Routes (Optional but Very Useful)
If you want only specific traffic to route through the VPN, you can add custom routes.
Letβs say the internal network is 192.168.99.0/24:
sudo ip route add 192.168.99.0/24 via <vpn_gateway_ip> dev tun0
To find the VPN gateway:
ip route show dev tun0
For persistence across reboots, either:
- Add to
/etc/rc.local(create the file if it doesn’t exist and make it executable), or - Create a systemd service to apply routes on boot.
π§Ή Troubleshooting Tips
π View Logs:
journalctl -xeu [email protected]
π§ͺ Run OpenVPN in Foreground for Testing:
sudo openvpn --config /etc/openvpn/client/client.conf --verb 4
π οΈ Inspect Tunnel Traffic:
sudo tcpdump -i tun0
This is especially useful if you suspect DNS leaks or routing issues.
β Conclusion: You’re Now VPN-Enabled
Your VPS is now securely connected to your OpenVPN network. You can:- Use it to access internal services remotely
- Route automated jobs or monitoring through a private network
- Or just have the peace of mind that your traffic is encrypted and authenticated
This setup is clean, robust, and production-ready. Youβve done it the right way.
