Skip to content

Instantly share code, notes, and snippets.

@ahasverus

ahasverus/setup-openvpn.md

Last active December 13, 2022 11:10
Show Gist options
  • Save ahasverus/41f8a99583149534cac08e7b8f13c51b to your computer and use it in GitHub Desktop.
Save ahasverus/41f8a99583149534cac08e7b8f13c51b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
setup-openvpn.md

Setting up OpenVPN under Unix

This tutorial shows the installation and configuration of OpenVPN on both macOS and Ubuntu.

1. Preamble (macOS only)

The easiest way to install OpenVPN on macOS is by using the package manager for macOS Homebrew. But first, you need to install the Xcode Command Line Tools for macOS.

## Install Apple Xcode CLI Tools ----
sudo xcode-select --install

Now let's install Homebrew.

## Install Homebrew ----
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

2. Installation

2.1. macOS

Let's install the formula openvpn.

## Update Homebrew ----
brew update

## Install openvpn formula ----
brew install openvpn

Let's get some information about the formula (version and binaries path):

## Formula information ----
brew info openvpn
# ==> openvpn: stable 2.5.8 (bottled)
# /usr/local/Cellar/openvpn/2.5.8 (87 files, 1.7MB) *
# ...

Unfortunately, Homebrew has installed OpenVPN in a non standard path. So macOS cannot find it.

which openvpn

We need to add the openvpn binary path to the environment variable $PATH.

openvpn_version=2.5.8

## If you are using the ZSH shell ----
## (default since macOS 10.15)
echo 'export PATH="/usr/local/Cellar/openvpn/'$openvpn_version'/sbin:$PATH"' >> ~/.zshrc

## If you are using the BASH shell ----
## (default until macOS 10.14)
echo 'export PATH="/usr/local/Cellar/openvpn/'$openvpn_version'/sbin:$PATH"' >> ~/.bash_profile

Let's close and reopen the shell to update the configuration.

Now let's try to locate the OpenVPN binaries.

which openvpn
# /usr/local/Cellar/openvpn/2.5.8/sbin/openvpn

The installation is completed.

2.2. Ubuntu

Let's install the package openvpn.

## Update apt ----
sudo apt-get update

## Install openvpn package ----
sudo apt-get install openvpn

Let's get the version of the package.

## OpenVPN version ----
sudo openvpn --version
# OpenVPN 2.5.5 x86_64-pc-linux-gnu

3. Configuration

3.1. VPN servers

The next step is to get a list of VPN servers and to locally store their configuration files. We will take the example of NordVPN and download the configuration files as follow:

## Go to user directory ----
cd ~

## Download configuration files of VPN servers ----
wget https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip

Let's extract the content of the compressed file:

## Extract ZIP content ----
unzip ovpn.zip

## Remove ZIP file ----
rm ovpn.zip

We will only use the TCP protocol. So let's delete the folder ovpn_udp and move the folder ovpn_tcp to a hidden location:

## Remove UDP configurations ----
rm -rf ovpn_udp

## Hide config files ----
mv ovpn_tcp .ovpn

3.1. Credentials

As NordVPN requires login information to connect to its servers, we will store these information to avoid having to enter them each time we log in. Let's create a new file:

## Go to user directory ----
cd ~

## Create an empty text file ----
touch ~/.credentials

The first line must contain the NordVPN login (email) and the second line the associated password.

## Store credentials ----
echo "nordvpn_login"  >> ~/.credentials
echo "nordvpn_passwd" >> ~/.credentials

Now we will protect our credentials from other users on the computer (only the owner of this file can read it):

sudo chmod 400 ~/.credentials

This is not the end... Now we need to add the path to the credentials file in each of the 5,287 server configuration files. Of course, we will write a simple Shell script to do this automatically.

In each configuration file, we need to replace the line auth-user-pass by auth-user-pass ~/.credentials.

  • macOS
## Go to servers config files folder ----
cd ~/.ovpn

## Set your session username ----
username="jdoe"

## Add path to credentials file in config files ----
for file in *.ovpn
do
  sed -i '' 's/auth-user-pass/auth-user-pass \/Users\/'$username'\/.credentials/g' "$file";
done
  • Ubuntu
## Go to servers config files folder ----
cd ~/.ovpn

## Set your session username ----
username="jdoe"

## Add path to credentials file in config files ----
for file in *.ovpn
do
  sed -i 's:auth-user-pass:auth-user-pass /home/'$username'/.credentials:' "$file";
done

The configuration is finally completed.

3. Usage

There is two ways to use OpenVPN: the foreground process or the daemon.

Note: You need to launch OpenVPN as a super user (sudo).

3.1. Run as a foreground process

The foreground launch is the follow:

## Connect to a VPN server (foreground) ----
sudo openvpn ~/.ovpn/fr836.nordvpn.com.tcp.ovpn

In a second terminal, get your public IP:

## Get the new public IP ----
curl 'https://api.ipify.org'

Just press CTRL+C to quit the connexion.

3.2. Run as a background process (daemon)

The daemon is a better way of using OpenVPN as it allow you to continue working without opening a new terminal.

## Connect to a VPN server (background) ----
sudo openvpn --config ~/.ovpn/fr836.nordvpn.com.tcp.ovpn --daemon

Get your new public IP:

## Get the new public IP ----
curl 'https://api.ipify.org'

To disconnect from the server and quit OpenVPN you need to use the following command:

sudo killall openvpn

This final line is important: if you forget to disconnect OpenVPN you risk being banned from your VPN provider until you restart your computer.

Enjoy!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment