I have an OpenVPN AS server running on EC2 in AWS and the openvnp
client on my Arch Linux (см.OpenVPN: настройка OpenVPN Access Server и AWS VPC peering).
Need to have it started and connection established after OS start.
Will use the systemd
, documentation is here>>>, will work with any other Linux-system.
Client’s configs has to be stored in the /etc/openvpn/client/
(check the WorkingDirectory
in the systemd unit file below), now here is nothing:
$ sudo ls -l /etc/openvpn/client/
total 0
Copy your file and save it with the *.conf
(because of the --config %i.conf
below) extension:
$ sudo cp Dropbox/OpenVPN-AS/setevoy-client.ovpn /etc/openvpn/client/setevoy-ovnas.conf
Check client’s status now – use the openvpn-client@ + filename without extension:
systemctl status openvpn-client@setevoy-ovnas.service
● openvpn-client@setevoy-ovnas.service - OpenVPN tunnel for setevoy/ovnas
Loaded: loaded (/usr/lib/systemd/system/openvpn-client@.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Unit-file’s config:
$ systemctl cat openvpn-client@setevoy-ovnas.service
/usr/lib/systemd/system/openvpn-client@.service
[Unit]
Description=OpenVPN tunnel for %I
After=syslog.target network-online.target
Wants=network-online.target
Documentation=man:openvpn(8)
Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
[Service]
Type=notify
PrivateTmp=true
WorkingDirectory=/etc/openvpn/client
ExecStart=/usr/bin/openvpn --suppress-timestamps --nobind --config %i.conf
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NE_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
ProtectSystem=true
ProtectHome=true
KillMode=process
[Install]
WantedBy=multi-user.target
Start its service:
$ systemctl start openvpn-client@setevoy-ovnas.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ====
Authentication is required to start 'openvpn-client@setevoy-ovnas.service'.
Authenticating as: setevoy
Password:
==== AUTHENTICATION COMPLETE ====
Check:
20:23:12 [setevoy@setevoy-arch-pc ~]
$ ps aux | grep vpn
root 26477 0.1 0.0 24676 10732 ? Ss 20:23 0:00 /usr/bin/openvpn --suppress-timestamps --nobind --config setevoy-ovnas.conf
Enable on boot:
$ systemctl enable openvpn-client@setevoy-ovnas.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-unit-files ====
Authentication is required to manage system service or unit files.
Authenticating as: setevoy
Password:
==== AUTHENTICATION COMPLETE ====
Created symlink /etc/systemd/system/multi-user.target.wants/openvpn-client@setevoy-ovnas.service → /usr/lib/systemd/system/openvpn-client@.service.
Check DNS:
$ cat /etc/resolv.conf
Generated by resolvconf
nameserver 172.31.26.29
nameserver 1.1.1.1
(read the Arch Linux: OpenVPN – resolv.conf is not updated post if your /etc/resolv.conf
still has old DNS)
Check Yandex.ru (it’s blocked in Ukraine and available via VPN only):
$ curl -LI ya.ru
...
HTTP/1.1 200 Ok
...
Done.
Similar posts
- 03/02/2019 Arch Linux: OpenVPN – resolv.conf is not updated (0)
- 02/22/2019 OpenVPN: DNS and dnsmasq configuration (0)
- 03/01/2019 Linux: systemd-unit files edit, restart on failure and email notifications (0)
- 02/21/2019 OpenVPN: OpenVPN Access Server set up and AWS VPC peering configuration (0)
Top comments (0)