Bobcares

Quick way to install OpenVPN client in Debian

by | Feb 18, 2019

Can you please help me to setup Debian server as VPN client?  Some of my user data can only be transferred using VPN.

That was a recent support request received in our Managed VPN Services help desk. Customer was looking to install OpenVPN in his Debian server.

Often, wrong OpenVPN client configuration can result in VPN connection errors.

Today, we’ll see how our Dedicated Engineers helped the customer to install OpenVPN client in Debian server.

 

Steps to install OpenVPN client in Debian

In general, to connect to an OpenVPN server, there are 2 options. One is to install a browser extension for VPN or to setup a VPN client. Unlike browser extension, configuring OpenVPN client gives great flexibility. That’s why, many users prefer to setup VPN client on their computers. But, the steps to install the client varies depending on the server type.

Here, we’ll primarily focus on the steps to install OpenVPN client in Debian server.

 

1. Install OpenVPN client package

Firstly, our Support Engineers update the packages on the Debian server. Then, we install the OpenVPN client package using the following commands.

apt-get update
apt-get install openvpn

 

2. Configure the client

As the next step, we configure the OpenVPN client.

OpenVPN server creates certificates for each VPN client machine. These certificates should be available on the client computer at the /etc/openvpn directory. Normally, we use the scp command and copy these files from the OpenVPN server to the Debian machine.

scp root@vpnserver.com:/etc/openvpn/clients/clientname.tar.gz
tar -xzvf clientname.tar.gz

This would fetch all the client certificates from the OpenVPN server.

Going further, our Dedicated Engineers copy the sample OpenVPN configuration file using the command:

cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn

Now, it’s time to make a few edits in the client specific configuration file at /etc/openvpn/client.conf.

Here, we set the address of the OpenVPN server, the port configured on the OpenVPN server and the actual name of the certificate and key file names. Usually, the OpenVPN port will be 1194.

 

3. Restart OpenVPN

Finally, to make the changes effective, we restart OpenVPN on Debian machine with the command

service openvpn restart

 

4. Testing VPN connectivity

Now, its time to test the connection to the VPN server from the Debian machine. To ensure the connection, our Support Engineers first do a ping test to the OpenVPN server. When it connects successfully, we use the following command to connect.

openvpn --config clientname.ovpn

And, when OpenVPN shows the message “Initialization Sequence Completed“, then you are connected.

 

Common errors with Debian OpenVPN client

Till now, we saw how to install OpenVPN client on Debian computer. From our experience in managing Debian servers, we often get requests to solve VPN client related errors. Let’s have a look at the typical problems that we see.

 

1. Firewall restriction

Unfortunately, firewall restriction often cause trouble while connecting to servers via VPN. When the OpenVPN server port is not open on the Debian machine, the connection will time out with an error.

Error: Connection activation failed: the connection attempt timed out.

To fix the error, our Support Engineers open the necessary OpenVPN ports on the server and allow connection. And, after this change, VPN connection works successfully.

 

2. TLS version conflict

Similarly, OpenVPN client may refuse to connect to the server due to incompatibility with Transport Layer Security (TLS) protocol.

A typical error message from OpenVPN session will look like:

Mon Dec 24 08:15:15 2018 TLS_ERROR: BIO read tls_read_plaintext error
Mon Dec 24 08:15:15 2018 TLS Error: TLS object -> incoming plaintext read error
Mon Dec 24 08:15:15 2018 TLS Error: TLS handshake failed

This error happens as OpenVPN server do not support the TLS version used on Debian machine. Therefore, to fix the problem, we recommend customers to upgrade Openvpn to newer version which support TLS 1.2.

[Need help in installing OpenVPN client in Debian? Our VPN experts can setup it for you.]

 

Conclusion

Using OpenVPN is one of the methods to ensure online privacy. But, it requires configuration changes at the client computer. Today, we saw how our Support Engineers install OpenVPN client in Debian machine and fix common errors with it.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.