Installing OpenVPN manually on Linux sucks. This is a guide on how to use the installer and how to run your own OpenVPN service on Rocky Linux 8, since 9 is not supported yet for the installer. I prefer Rocky for this task over Debian because for these types of low maintenance, low interaction servers, the ten years of security updates allows the server to be set up and left alone.
You should have automatic updates and everything that should be necessary for a functioning long-term server. You should also have a swap file created on the server. If not, use my magical swap creation below. This is pretty important for RHEL distributions with low ram as dnf won’t work on minimal amounts of ram.
fallocate -l 0.5G /swapfile && chmod 600 /swapfile && mkswap /swapfile && swapon /swapfile && echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
1. Downloading & Running the Installer
This will grab the installer from the repository and mark it as executable.
curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh && chmod +x openvpn-install.sh
Once ready, we can run the script. Follow the prompts, everything will be automatically given to you and done for you. Ensure that you are using UDP instead of TDP. If you are using TDP, in the firewall section add the TDP protocol instead of UDP.
./openvpn-install.sh
2. Allowing Firewall Access
OpenVPN requires firewall access that this script does not necessarily do very well. It /does/ provide a script for iptables, however it is not adequate enough for our use-case and neither does it actually really work anyways. The script can be found here: /etc/iptables/add-openvpn-rules.sh. You will also need to install iptables-services. We will be using firewalld that is the firewall provided with RHEL distributions and works perfectly fine and well.
We will be assuming that the OpenVPN service is already enabled. If you just ran the installer, it should be enabled and active.
systemctl start firewalld systemctl enable firewalld firewall-cmd --permanent --add-service=openvpn firewall-cmd --add-service=openvpn firewall-cmd --permanent --add-masquerade firewall-cmd --add-masquerade firewall-cmd --permanent --add-port=1194/udp firewall-cmd --reload systemctl restart firewalld systemctl restart [email protected]
After that you should be able to use your script. Run the installer to add new users and take the .ovpn file it generates and move it to your own computer to use it.