DEV Community

Arseny Zinchenko
Arseny Zinchenko

Posted on • Originally published at rtfm.co.ua on

1 1

OpenVPN – auto-start on Linux

I have an OpenVPN AS server running on EC2 in AWS and the openvnp client on my Arch Linux (см.OpenVPN: настройка OpenVPN Access Server и AWS VPC peering).

Need to have it started and connection established after OS start.

Will use the systemd, documentation is here>>>, will work with any other Linux-system.

Client’s configs has to be stored in the /etc/openvpn/client/ (check the WorkingDirectory in the systemd unit file below), now here is nothing:

$ sudo ls -l /etc/openvpn/client/
total 0
Enter fullscreen mode Exit fullscreen mode

Copy your file and save it with the *.conf(because of the --config %i.conf below) extension:

$ sudo cp Dropbox/OpenVPN-AS/setevoy-client.ovpn /etc/openvpn/client/setevoy-ovnas.conf
Enter fullscreen mode Exit fullscreen mode

Check client’s status now – use the openvpn-client@ + filename without extension:

systemctl status openvpn-client@setevoy-ovnas.service
● openvpn-client@setevoy-ovnas.service - OpenVPN tunnel for setevoy/ovnas
Loaded: loaded (/usr/lib/systemd/system/openvpn-client@.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Enter fullscreen mode Exit fullscreen mode

Unit-file’s config:

$ systemctl cat openvpn-client@setevoy-ovnas.service
/usr/lib/systemd/system/openvpn-client@.service
[Unit]

Description=OpenVPN tunnel for %I
After=syslog.target network-online.target
Wants=network-online.target
Documentation=man:openvpn(8)
Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO

[Service]
Type=notify
PrivateTmp=true
WorkingDirectory=/etc/openvpn/client
ExecStart=/usr/bin/openvpn --suppress-timestamps --nobind --config %i.conf
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NE_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
ProtectSystem=true
ProtectHome=true
KillMode=process

[Install]
WantedBy=multi-user.target
Enter fullscreen mode Exit fullscreen mode

Start its service:

$ systemctl start openvpn-client@setevoy-ovnas.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ====
Authentication is required to start 'openvpn-client@setevoy-ovnas.service'.
Authenticating as: setevoy
Password:
==== AUTHENTICATION COMPLETE ====
Enter fullscreen mode Exit fullscreen mode

Check:

20:23:12 [setevoy@setevoy-arch-pc ~]
$ ps aux | grep vpn
root     26477  0.1  0.0  24676 10732 ?        Ss   20:23   0:00 /usr/bin/openvpn --suppress-timestamps --nobind --config setevoy-ovnas.conf
Enter fullscreen mode Exit fullscreen mode

Enable on boot:

$ systemctl enable openvpn-client@setevoy-ovnas.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-unit-files ====
Authentication is required to manage system service or unit files.
Authenticating as: setevoy
Password:
==== AUTHENTICATION COMPLETE ====

Created symlink /etc/systemd/system/multi-user.target.wants/openvpn-client@setevoy-ovnas.service → /usr/lib/systemd/system/openvpn-client@.service.
Enter fullscreen mode Exit fullscreen mode

Check DNS:

$ cat /etc/resolv.conf
Generated by resolvconf
nameserver 172.31.26.29
nameserver 1.1.1.1
Enter fullscreen mode Exit fullscreen mode

(read the Arch Linux: OpenVPN – resolv.conf is not updated post if your /etc/resolv.conf still has old DNS)

Check Yandex.ru (it’s blocked in Ukraine and available via VPN only):

$ curl -LI ya.ru
...
HTTP/1.1 200 Ok
...
Enter fullscreen mode Exit fullscreen mode

Done.

Similar posts

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Explore a sea of insights with this enlightening post, highly esteemed within the nurturing DEV Community. Coders of all stripes are invited to participate and contribute to our shared knowledge.

Expressing gratitude with a simple "thank you" can make a big impact. Leave your thanks in the comments!

On DEV, exchanging ideas smooths our way and strengthens our community bonds. Found this useful? A quick note of thanks to the author can mean a lot.

Okay