Connect to a VPN automatically on booth with a service.
This will work on almost any Linux distribution.
A working Linux install with root privileges and a VPN subscription.
- # – requires given linux commands to be executed with root privileges either directly as a root user or by use of
- $ – requires given linux commands to be executed as a regular non-privileged user
VPNs are great. They protect people from all sorts of threats and snooping online. Sometimes, they can be a real pain to set up, or the set up procedure doesn’t exactly fit the way you use your computer. That’s why it’s a great solution to run a VPN connection as a service at startup. You don’t need to remember to turn it on, and it will keep running even if you don’t have a desktop environment up. Plus, it will usually run before your desktop and any of your other connections, helping to keep your data from leaking.
The OpenVPN client is designed to run as a service for just this reason. You only need to set it up that way. What’s even better; the configuration is usually provided for you by your VPN service.
First, you need to install OpenVPN on your system. It’s a very popular piece of software, so it’s available on most distributions.
$ sudo apt install openvpn
# dnf -y install openvpn
# zypper install openvpn
# pacman -S openvpn
# emerge --ask openvpn
Get VPN Configuration Files
Most quality VPN services provide OpenVPN configuration files so that you can use them to set up your own connection. It’s not possible to cover every VPN, but here are the locations of the OpenVPN files for several popular ones. If you’re using a different VPN look around your user dashboard or their documentation. They should be available.
AirVPN generates OpenVPN files for your from your customer dashboard. These files are unique to you, so there isn’t a universal link.
ExpressVPN provides the OpenVPN files through the “Downloads” page in your dashboard.
IVPN provides their files publicly here.
NordVPN provides their OpenVPN configuration files publicly here.
Private Internet Access
Private Internet Access also releases their configurations publicly. You can find them here.
Modify The Configuration
There isn’t a whole lot of modification that needs to be done. Most of the time, these files are designed to be turn-key. There are just a couple of things that are better to do for convenience.
Select a server that you want to connect to. The files should all end in the
.ovpn extension. That’s perfect for running them manually from the command line, but wont work when running them as a service. Copy the file in the OpenVPN service directory and rename it.
$ sudo cp ~/Downloads/vpn-configs/'USA New_York-1194.ovpn' /etc/openvpn/openvpn.conf
That name is made up, but they usually look something like that, so make sure that you have the right one for your VPN.
Now that the file is in the right place, there are a few more things that you probably want to do. Since you’re running this as a service, entering your login info isn’t really possible. You need to put that in a file. If you’re using AirVPN, this doesn’t apply. The generated file contains your login info. Create a file in
auth.txt. Put your username on the first line and password on the second. You should change the permissions of the file to restrict access.
$ sudo chmod 400 auth.txt
In this case the owner is root, so only root(the user running OpenVPN) can read the file with your password.
Next, open the
openvpn.conf file. Find the line that contains
auth-user-pass and add
auth.txt after it.
Most of these don’t including logging. You can add a couple of lines to the file so it logs to a predictable location.
status /etc/openvpn/openvpn-status.log log /etc/openvpn/openvpn.log
That’s all you need. If you’re comfortable messing around with it, feel free.
Start The Service
You’re finally ready to start up the service and test it out.
$ sudo systemctl start openvpn
# /etc/init.d/openvpn start
If everything looks good, enable OpenVPN at startup.
$ sudo systemctl enable openvpn
# rc-update add openvpn default
Running OpenVPN as a service is ultimately more convenient and more secure than running it through a VPN client or even your desktop environment. It’s not something a regular user can set up and do, and it does apply system-wide, so you need to be absolutely committed to that VPN and that server.