OpenVPN : Configure VPN Client (Debian)2025/10/08 |
|
Configure VPN Client. This example is on Debian.
This example is based on the environment like follows. On this example, it needs to set IP Masquerading on Router, too.
+----------------------+
| [ OpenVPN Server ] |172.16.100.1
| dlp.srv.world +--------+
| |tun |
+-----------+----------+ |
enp1s0|10.0.0.30 |
| |
| Local Network |
10.0.0.1| |
+------+-----+ |
-------| Router |-------------|-----
+------+-----+ |
| |
| Internet |
--------------+-------------------|-----
| |
| Local Network |
192.168.0.31| |
+-----------+----------+ |
| |tun |
| VPN Client +--------+
| |172.16.100.x
+----------------------+
|
| [1] |
Transfer the [ca.crt], [client1.crt], [client1.key], and [ta.key] created on the server side in advance to the client to be configured. |
| [2] | Install OpenVPN. |
|
root@client:~# apt -y install openvpn
|
| [3] | Configure OpenVPN client. |
|
# copy sample configuration root@dlp:~# cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/client/
root@dlp:~#
vi /etc/openvpn/client/client.conf # line 36 : protocol which you specified in the server's config ;proto tcp proto udp # line 42 : OpenVPN server's global IP and port (replace to your own environment) remote 172.16.2.1 1194 # line 54 : retry resolving resolv-retry infinite # line 58 : no bind for local port nobind # line 65 : enable persist options persist-key persist-tun # line 88 : path to certificates you copied from server ca ca.crt cert client1.crt key client1.key # line 114 : path to TLS-Auth key you copied from server tls-auth ta.key 1 # line 117 : log level verb 3 # start VPN interface # * openvpn-client@(name of the configuration file without the [.conf] extension) root@client:~# systemctl enable --now openvpn-client@client
ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:54:51:f0 brd ff:ff:ff:ff:ff:ff
altname enx5254005451f0
inet 192.168.0.30/24 brd 192.168.0.255 scope global enp1s0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe54:51f0/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
link/none
inet 172.16.100.2/24 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::f93d:3c86:89e7:fe1b/64 scope link stable-privacy proto kernel_ll
valid_lft forever preferred_lft forever
|
| [4] | Once the VPN connection is established, try to check whether the client can access the local network on the server side. |
|
root@client:~# ping -c 3 10.0.0.30 PING 10.0.0.30 (10.0.0.30) 56(84) bytes of data. 64 bytes from 10.0.0.30: icmp_seq=1 ttl=64 time=1.29 ms 64 bytes from 10.0.0.30: icmp_seq=2 ttl=64 time=1.36 ms 64 bytes from 10.0.0.30: icmp_seq=3 ttl=64 time=1.35 ms --- 10.0.0.30 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 1.147/1.245/1.304/0.069 msroot@client:~# ping -c 3 10.0.0.10 PING 10.0.0.10 (10.0.0.10) 56(84) bytes of data. 64 bytes from 10.0.0.10: icmp_seq=1 ttl=63 time=1.36 ms 64 bytes from 10.0.0.10: icmp_seq=2 ttl=63 time=1.40 ms 64 bytes from 10.0.0.10: icmp_seq=3 ttl=63 time=1.29 ms --- 10.0.0.10 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 1.286/1.349/1.398/0.046 ms |
| Sponsored Link |
|
|