How to Setup and Configure an OpenVPN Server on Debian 6

This tutorial shows you how to set up and configure OpenVPN server on debian 6.

System Prerequisites

  • You need a user with sudo access to open an SSH connection on your cloud server.
  • Terminal program if you are on Mac
  • PuTTY for Windows

Here we will be considering Mac.

Open up your terminal screen and login using the ssh command:

ssh username@ipaddress

Enter your password and make the connection.


Install OpenVPN

Before installing OpenVPN, we need to update the packages on our system. That can be done using the command:

sudo apt-get update

I assume that Debian’s package manager apt is already present. Now download all updates for any packages that require it.

sudo apt-get upgrade

Once you are done with this step, we can start installing openVPN.

sudo apt-get install openvpn udev

After it gets installed, you need to proceed with the configuration. Copy all the files for encryption from their default directory to the one for cloud server to read:

sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn

Now, you can start generating the RSA algorithm files for VPN. You will need to enter in certain values while generating keys. Make sure you note them down as it has to be included in the certificates too.

Go to the following directory to start generating RSA files:

cd /etc/openvpn/easy-rsa/2.0/

sudo ./vars

sudo ./clean-all

sudo ./build-ca

Once the certificate is generated, you can make the private key for server. Type in the following command:

sudo . /etc/openvpn/easy-rsa/2.0/build-key-server server

In this command, you should replace server with the name of your OpenVPN server.

Now, generate the Diffie Hellman key exchange parameters using the command:

sudo . /etc/openvpn/easy-rsa/2.0/build-dh

You need to generate keys for each of the client this installation of OpenVPN hosts. Here, I will be sharing the command for a single client. However, you should repeat the step for each client this installation will host. Also make sure the key identifier for each client is unique.

sudo . /etc/openvpn/easy-rsa/2.0/build-key client

Move the files for server certificates and keys to /etc/openvpn directory. Here, I have used server.crt and server.key for the certificates and keys. Make sure you replace them with the file names that you have used.

sudo cp /etc/openvpn/easy-rsa/2.0/keys/ca.crt /etc/openvpn

sudo cp /etc/openvpn/easy-rsa/2.0/keys/ca.key /etc/openvpn

sudo cp /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem /etc/openvpn
sudo cp /etc/openvpn/easy-rsa/2.0/keys/server.crt /etc/openvpn
sudo cp /etc/openvpn/easy-rsa/2.0/keys/server.key /etc/openvpn


In case if you want to remove some client’s access to VPN, you can do that using the following commands:

sudo . /etc/openvpn/easy-rsa/2.0/vars
sudo . /etc/openvpn/easy-rsa/2.0/revoke-full client1

Here, I have used client1 for simplicity. You should replace it with the name of the client to be removed.


Configure OpenVPN


Let’s go ahead and configure the OpenVPN server and client.

Retrieve the files using the following commands:

sudo gunzip -d /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf /etc/openvpn

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/

You will have to modify or replace the client configuration file and other values to match with your requirement.

First of all, change the ‘remote’ option to connect to your cloud server’s IP address on whichever port you have configured the OpenVPN.

Now, change the ‘cert’ and ‘key’ values to reflect the names of actual certificates and keys. Once you are done with the changes, save and exit the file.

Copy the client configuration file from /etc/openvpn/easy-rsa/2.0/keys to the local machine of clients. The client configuration files will already have the client keys and certificates in it.

nano ~/client.conf

Now, you will need to make a few more changes to the server configuration file. Change the ‘cert’ and ‘key’ options to match the certificate and key that server is using.

sudo nano /etc/openvpn/server.conf

Restart the OpenVPN.

sudo /etc/init.d/openvpn restart

Now you are done. You have got a working OpenVPN installed on your debian 6.

support2 has written 111 articles

Leave a Reply