Installing OpenVPN on Debian Linux (part2)

Order a server with this operating system; submit a ticket to the technical support to enable the module (if necessary) and support the NAT.

With the server activated, log in using the SSH-protocol, for example the PuTTY SSH-client.

Run the command

apt-get install -y openvpn

If everything went well, you need to establish key authorization to gain access to the OpenVPN server.

Copy the files (key utility) into the folder of the  openvpn configuration files

cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/

Go to

cd /etc/openvpn/

and run

. ./vars
source ./vars

Initiate the directory using the keys (WARNING! The command will delete the old keys, if any):


Set up a Certificate Authority


Create a certificate and server key

./build-key-server server

Provide all the required information. Make sure you have specified the server for the Common name.

Build the Diffie-Hellman parameters. Run the build-dh script without parameters:


Create the keys and certificates for the users’ connection.

Specify a user name (i.e. client1) while creating the certificate by running the command:

./build-key client1

I recommend backing up the /etc/openvpn/keys folder.

In the/etc/openvpn/keys directory locate the files:


Copy them to the machine from which you want to connect:

Configuration files

After you have created the keys, you should configure the server. Copy the example of configuration files into


and unpack it

cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn
cd /etc/openvpn
gunzip server.conf.gz

The server.conf configuration file is located in the /etc/openvpn directory

Edit it (specify the paths to the keys’ files)

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem

Leave other parameters by default.
To deploy the logs (after customizing you should disable them) that will search for errors, you can add the following line into the OpenVPN server configuration file

log /var/log/openvpn.log

Start the server and make sure that it really does.

/etc/init.d/openvpn start

Starting virtual private network daemon: server.

ps ax|grep openvpn
5175 ? Ss 0:00 /usr/sbin/openvpn –writepid /var/run/ –daemon ovpn-server –cd /etc/openvpn –config /etc/openvpn/server.conf

Configuring network address translation to connect to the Internet through the OpenVPN server

After you have configured the server, you still won’t be able to connect to the Internet (you can install VPN_tunnel to the server only). You need to specify the required routes in the /etc/openvpn/server.conf configuration file (to redirect the client’s default gateway to the server):

push “redirect-gateway”

Change the DNS-servers, because the servers of internet providers may deny recursive requests from unknown addresses, for example, by specifying server (DNS server should be configured on VPS) or any public DNS, e.g. Google Public DNS. Add the following lines into the /etc/openvpn/server.conf configuration file

push “dhcp-option DNS″
push “dhcp-option DNS″

To enable NAT you need to set up the rules in firewall by using iptables

Specify the following lines in the /etc/rc.local file

/sbin/iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
/sbin/iptables -A FORWARD -i venet0 -o tun0 -m state –state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i tun0 -o venet0 -j ACCEPT

to automatically use them when booting a VPS.

Run these commands manually to apply the required rules or restart your VPS to make sure that openvpn services and iptables rules run automatically (you may review them using the iptables-save command)

You have successfully configured the OpenVPN server on Debian Linux VPS.

Installing and configuring OpenVPN (part1)
Installing OpenVPN on CentOS Linux (part3)

  • Facebook
  • Digg
  • Google Gmail
  • MySpace
  • Yahoo Mail
  • WordPress
  • Reddit
  • Google Reader
  • Yahoo Bookmarks
  • Windows Live Spaces
  • Blogger Post
  • MyStuff
  • Mixx
  • StumbleUpon
  • LinkedIn
  • Google Bookmarks
  • AOL Mail
  • Twitter
  • Share/Bookmark
Posted on March 23, 2010