OpenVPN (AlmaLinux 8)

OpenVPN (AlmaLinux 8)

  • OS: almalinux 8

Description

OpenVPN is a free and open-source software for creating virtual private networks (VPNs). It is compatible with multiple operating systems including Windows, Linux, and macOS, as well as mobile platforms like Android and iOS. OpenVPN uses encrypted communication to securely connect different networks or computers, providing privacy and protection of user data. It provides a secure connection to the internet and allows access to resources that are only available on certain networks. OpenVPN is a powerful and flexible tool for creating VPN networks and is also easy to configure and use.

Software included

Package Version
Openvpn latest

Initial start of the service

OpenVPN installation and configuration should be completed. Immediately after the first SSH login with an administrative user, the automated installation script will be launched, which will complete the installation for you. When you first log in, you will see the following:

Activate the web console with: systemctl enable --now cockpit.socket

Welcome to the OpenVPN installer!

We need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.

We need to know the IPv4 address of the network interface you want OpenVPN listening to.
Unless your server is behind NAT, it should be your public IPv4 address.
IP address: <IP-address>

The script will automatically detect your primary IP address, you just need to confirm. In the next step, you will be asked whether to enable IPv6 support. By default, every server has IPv6 enabled. You can leave the option on if you wish:

Checking for IPv6 connectivity...

Your host appears to have IPv6 connectivity.

Do you want to enable IPv6 support (NAT)? [y/n]: y

In the next step, you will be asked which port you want the OpenVPN service to run on. You can leave the default setting (port 1194) unless you want something different:

What port do you want OpenVPN to listen to?
   1) Default: 1194
   2) Custom
   3) Random [49152-65535]
Port choice [1-3]: 1

You will then be asked which protocol you want the OpenVPN server to run on. We recommend leaving the UDP option, which is set by default:

What protocol do you want OpenVPN to use?
UDP is faster. Unless it is not available, you shouldn't use TCP.
   1) UDP
   2) TCP

The next step requires you to specify which DNS servers you want OpenVPN to use. If you do not want to use the default option, or do not find a suitable setting for you, you can use custom DNS servers:

What DNS resolvers do you want to use with the VPN?
   1) Current system resolvers (from /etc/resolv.conf)
   2) Self-hosted DNS Resolver (Unbound)
   3) Cloudflare (Anycast: worldwide)
   4) Quad9 (Anycast: worldwide)
   5) Quad9 uncensored (Anycast: worldwide)
   6) FDN (France)
   7) DNS.WATCH (Germany)
   8) OpenDNS (Anycast: worldwide)
   9) Google (Anycast: worldwide)
   10) Yandex Basic (Russia)
   11) AdGuard DNS (Anycast: worldwide)
   12) NextDNS (Anycast: worldwide)
   13) Custom

You will also be asked if you want compression to be turned on:

Do you want to use compression? It is not recommended since the VORACLE attack makes use of it.
Enable compression? [y/n]: n

In the next step, you have the option to set the encryption settings. We recommend leaving the default settings:

Do you want to customize encryption settings?
Unless you know what you're doing, you should stick with the default parameters provided by the script.
Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN's defaults)

Customize encryption settings? [y/n]: n

After confirming all settings, the installation and configuration of the OpenVPN server will begin. One of the last steps is adding a user. In the next step, you need to enter the name of the initial user with whom you want to connect to OpenVPN:

Tell me a name for the client.
The name must consist of alphanumeric character. It may also include an underscore or a dash.
Client name:

The final step will ask if you want to further protect the private key with a password. It is disabled by default, but you can turn it on if you want.

Do you want to protect the configuration file with a password?
(e.g. encrypt the private key with a password)
   1) Add a passwordless client
   2) Use a password for the client
Select an option [1-2]: 1

After completing all these steps, the installation and configuration is complete. You can download the ready generated .ovpn file to use to set up your OpenVPN client. At the end of its execution, the script will indicate exactly where it is.

Adding an OpenVNP user

  1. Run the script /opt/scripts/manage-openvpn.sh via sudo or logged in as root.
  2. From the menu, select option 1
  3. Enter the name of the user you wish to add. Such must not already exist.
  4. Choose whether its private key should be password protected.
  5. The automated script will point to exactly where the finished .ovpn configuration file is located.