How to Generate OpenVPN Client Configuration Files
A Virtual Private Network (VPN) is a physical trusted network in a remote location that you can virtually connect to and become part of as if you are physically present there. VPN has many use cases but it is mostly used to traverse untrusted networks as if you were on a private network. It gives you the freedom to access the internet safely and securely from your smartphone or laptop when connected to an untrusted network, like the WiFi at a hotel or coffee shop. More information about What is a virtual private network (VPN)?
OpenVPN is open-source commercial software that implements virtual private network (VPN) techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. More information about OpenVPN can be found on wikipedia.
- You need an OpenVPN server setup before you configure clients. Visit our guide on How To Set Up and Configure an OpenVPN Server on Linux.
- Non root sudo user to manage the server
- OpenVPN Client to use for connecting to the OpenVPN server.
Creating the Client Configuration Base File
OpenVPN has no wizard to create user configuration files, and to generate OpenVPN client configuration files for many users can be a hideous task. We will use a script that will simplify the process. These procedures assume that you have used our guide on How To Set Up and Configure an OpenVPN Server on Linux and have respected the location of the files used in the guide.
Build a base file for OpenVPN client configuration files, this file will contain common configuration that will be shared among the client generated files that this script will help us generate.
Copy the sample client configuration file as a starting point and amend it as necessary. You may replace the "*" with the version number. Just make sure you are copying from the latest OpenVPN release directory on your system.
Copy the tls-crypt pre-shared key you created earlier in the guide on How To Set Up and Configure an OpenVPN Server on Linux to the "/home/vpn/easy-rsa" directory because it will be needed by the OpenVPN client configuration generator.
Just to be sure that ownership and permission problems or security leaks do not occur, we need to set the ownership and permissions again. Secure the directory by changing the ownership to the non root sudo user in this example greens247 and restrict access to the directory using chmod.
Open the base config file with the vi text editor. Make sure you change the following variables in the file to match below, any variable having ";" gets disabled. Remember to press the insert button before you paste and the esc button once you complete.
Save the file by pressing "shift+;" or ":" then typing "wq" (write and quit) and hit enter.
Creating the Client Configuration Scripts
In this section, we will build a script to add a new user and compile the base configuration file with the necessary certificates and keys. Create the a file "useradd" with the vi text editor. Remember to press the insert button before you paste and the esc button once you complete.
Save the file by pressing "shift+;" or ":" then typing "wq" (write and quit) and hit enter.
In this section, we will build a script to delete an existing user and revoke the user's existing certificates. Create the a file "userdel" with the vi text editor. Remember to press the insert button before you paste and the esc button once you complete.
Save the file by pressing "shift+;" or ":" then typing "wq" (write and quit) and hit enter.
Creating OpenVPN user and the Client Configuration file
To create a VPN user and generate the configuration file using the script, simply use the command below using the non root sudo user. The configuration file will be generated and saved in "/home/vpn" directory. The below command will generate "mohamed.ovpn"
Revoke OpenVPN user and delete the Client certificates and files
To revoke access to a VPN user and delete files and certificates associated with user account, simply use the command below using the non root sudo user.
Download the OpenVPN Client Configuration Files
To download and import the generated client configuration files, you will need to use SFTP on linux and MacOs. If you are using Windows or prefer a graphical user interface, an SFTP client will be required. Refer to our guide on How to SFTP to a server with a private key.
Congratulations you have successfully generated OpenVPN client configuration files. You can now proceed with importing them and enjoy your OpenVPN.
