ObjectiveConnect to a VPN automatically on booth with a service.
DistributionsThis will work on almost any Linux distribution.
RequirementsA working Linux install with root privileges and a VPN subscription.
- # - requires given linux commands to be executed with root privileges either directly as a root user or by use of
- $ - requires given linux commands to be executed as a regular non-privileged user
IntroductionVPNs are great. They protect people from all sorts of threats and snooping online. Sometimes, they can be a real pain to set up, or the set up procedure doesn't exactly fit the way you use your computer. That's why it's a great solution to run a VPN connection as a service at startup. You don't need to remember to turn it on, and it will keep running even if you don't have a desktop environment up. Plus, it will usually run before your desktop and any of your other connections, helping to keep your data from leaking.
The OpenVPN client is designed to run as a service for just this reason. You only need to set it up that way. What's even better; the configuration is usually provided for you by your VPN service.
Install OpenVPNFirst, you need to install OpenVPN on your system. It's a very popular piece of software, so it's available on most distributions. Ubuntu/Debian
$ sudo apt install openvpnFedora
# dnf -y install openvpnOpenSUSE
# zypper install openvpnArch Linux
# pacman -S openvpnGentoo
# emerge --ask openvpn
Get VPN Configuration FilesMost quality VPN services provide OpenVPN configuration files so that you can use them to set up your own connection. It's not possible to cover every VPN, but here are the locations of the OpenVPN files for several popular ones. If you're using a different VPN look around your user dashboard or their documentation. They should be available.
AirVPN AirVPN generates OpenVPN files for your from your customer dashboard. These files are unique to you, so there isn't a universal link.
ExpressVPN ExpressVPN provides the OpenVPN files through the "Downloads" page in your dashboard.
IVPN IVPN provides their files publicly here.
NordVPN NordVPN provides their OpenVPN configuration files publicly here.
Private Internet Access Private Internet Access also releases their configurations publicly. You can find them here.
Modify The ConfigurationThere isn't a whole lot of modification that needs to be done. Most of the time, these files are designed to be turn-key. There are just a couple of things that are better to do for convenience.
Select a server that you want to connect to. The files should all end in the
.ovpnextension. That's perfect for running them manually from the command line, but wont work when running them as a service. Copy the file in the OpenVPN service directory and rename it.
$ sudo cp ~/Downloads/vpn-configs/'USA New_York-1194.ovpn' /etc/openvpn/openvpn.confThat name is made up, but they usually look something like that, so make sure that you have the right one for your VPN.
Now that the file is in the right place, there are a few more things that you probably want to do. Since you're running this as a service, entering your login info isn't really possible. You need to put that in a file. If you're using AirVPN, this doesn't apply. The generated file contains your login info. Create a file in
auth.txt. Put your username on the first line and password on the second. You should change the permissions of the file to restrict access.
$ sudo chmod 400 auth.txtIn this case the owner is root, so only root(the user running OpenVPN) can read the file with your password.
Next, open the
openvpn.conffile. Find the line that contains
Most of these don't including logging. You can add a couple of lines to the file so it logs to a predictable location.
status /etc/openvpn/openvpn-status.log log /etc/openvpn/openvpn.logThat's all you need. If you're comfortable messing around with it, feel free.
Start The ServiceYou're finally ready to start up the service and test it out. Systemd
$ sudo systemctl start openvpnOpenRC
# /etc/init.d/openvpn startIf everything looks good, enable OpenVPN at startup. Systemd
$ sudo systemctl enable openvpnOpenRC
# rc-update add openvpn default