{"id":26910,"date":"2016-11-20T11:05:19","date_gmt":"2016-11-20T09:05:19","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=26910"},"modified":"2016-11-20T11:05:19","modified_gmt":"2016-11-20T09:05:19","slug":"automate-openvpn-client-on-centos-7","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2016\/11\/20\/automate-openvpn-client-on-centos-7\/","title":{"rendered":"Automate OpenVPN client on CentOS 7"},"content":{"rendered":"<!-- google_ad_section_start -->\n<p>I need to setup OpenVPN client to start automatically on a CentOS 7 server for one of our recent projects at work. \u00a0I&#8217;m not well versed in VPN technology, but the majority of the time was spent on something that I didn&#8217;t expect.<\/p>\n<p>I go the VPN configuration and all the necessary certificates from the client, installed OpenVPN and tried it out. \u00a0It seemed to work just fine. \u00a0But the setting it up to start automatically and without any human intervention took much longer than I though it would.<\/p>\n<p>The first issue that I came across was the necessary input of username and password for the VPN connection to be established. \u00a0The solution to that is simple (thanks to <a href=\"http:\/\/askubuntu.com\/a\/596074\">this comment<\/a>):<\/p>\n<ol>\n<li>Create a new text file (for example, <em>\/etc\/openvpn\/auth<\/em>) with the username being the first line of the file, and the password being the second. \u00a0Don&#8217;t forget to limit the permissions to read-only by root.<\/li>\n<li>Add the following line to the VPN configuration file (assuming <em>\/etc\/openvpn\/client.conf<\/em>): &#8220;<em>auth-user-pass auth<\/em>&#8220;. \u00a0Here, the second &#8220;<em>auth<\/em>&#8221; is the name of the file, relative to the VPN configuration.<\/li>\n<\/ol>\n<p>With that, the manual startup of the VPN (<em>openvpn client.conf<\/em>) was working.<\/p>\n<p>Now, how do we start the service automatically? \u00a0The old-school knowledge was suggesting &#8220;service openvpn start&#8221;. \u00a0But that fails due to openvpn being an uknown service. \u00a0Weird, right?<\/p>\n<p>&#8220;rpm -ql openvpn&#8221; pointed to the direction of the systemd service (&#8220;systemctl start openvpn&#8221;). \u00a0But that failed too. \u00a0The name of the service was strangely looking too:<\/p>\n<pre class=\"brush: plain; light: true; title: ; notranslate\" title=\"\">\r\n# rpm -ql openvpn | grep service\r\n\/usr\/lib\/systemd\/system\/openvpn@.service\r\n<\/pre>\n<p>A little (well, not that little after all) digging around, revealed something that I didn&#8217;t know. \u00a0Systemd services can be started with different configuration files. \u00a0In this case, you can run &#8220;<em>systemctl start openvpn@foobar<\/em>&#8221; to start the OpenVPN service using &#8220;<em>foobar<\/em>&#8221; configuration file, which should be in &#8220;<em>\/etc\/openvpn\/foobar.conf<\/em>&#8220;.<\/p>\n<p>What&#8217;s that config file and where do I get it from? \u00a0Well, the OpenVPN configuration sent from our client had a &#8220;<em>account@host.ovpn<\/em>&#8221; file, which is exactly what&#8217;s needed. \u00a0So, renaming &#8220;<em>account@host.ovpn<\/em>&#8221; to &#8220;<em>client.conf<\/em>&#8221; and moving it together with all the other certificate files into &#8220;<em>\/etc\/openvpn<\/em>&#8221; folder allowed me to do &#8220;<em>systemctl start openvpn@client<\/em>&#8220;. \u00a0All you need now is to make the service start automatically at boot time and you are done.<\/p>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>I need to setup OpenVPN client to start automatically on a CentOS 7 server for one of our recent projects at work. \u00a0I&#8217;m not well versed in VPN technology, but the majority of the time was spent on something that I didn&#8217;t expect. I go the VPN configuration and all the necessary certificates from the &hellip; <a href=\"https:\/\/mamchenkov.net\/wordpress\/2016\/11\/20\/automate-openvpn-client-on-centos-7\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Automate OpenVPN client on CentOS 7<\/span><\/a><\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Automate OpenVPN client on CentOS 7 #Linux #CentOS #VPN #security #SysAdmin","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_links_to":"","_links_to_target":""},"categories":[1,6,133,62],"tags":[3246,200,3410,2289],"keyring_services":[],"class_list":["post-26910","post","type-post","status-publish","format-standard","hentry","category-general","category-linux","category-sysadmin","category-technology","tag-centos-linux","tag-security","tag-vpn","tag-web-hosting"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":28247,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/11\/27\/ssh-vs-openvpn-for-tunneling\/","url_meta":{"origin":26910,"position":0},"title":"SSH vs OpenVPN for Tunneling","author":"Leonid Mamchenkov","date":"November 27, 2017","format":false,"excerpt":"I have never particularly liked Virtual Private Networking (VPN).\u00a0 From the old days, when there were a gadzillion of proprietary implementations, each being super slow, resource hungry, and requiring a mess of versions specific requirements, like Java and Firefox.\u00a0 Secure Shell (SSH) has always been my choice for remote connections\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":17949,"url":"https:\/\/mamchenkov.net\/wordpress\/2013\/04\/05\/accessing-current-username-sudo-scripts-centos\/","url_meta":{"origin":26910,"position":1},"title":"Accessing current username in sudo scripts on CentOS","author":"Leonid Mamchenkov","date":"April 5, 2013","format":false,"excerpt":"I got a bit of a puzzle at work today. \u00a0I had a script that was executed as another user via sudo, but I wanted to access the original username in the script, to know who was executing it. \u00a0Sudoers manual suggest working with \"Defaults env_keep\". \u00a0Looking into the \/etc\/sudoers,\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27100,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/12\/11\/php-microsoft-office-365-and-active-directory\/","url_meta":{"origin":26910,"position":2},"title":"PHP : Microsoft Office 365 and Active Directory","author":"Leonid Mamchenkov","date":"December 11, 2016","format":false,"excerpt":"Disclaimer: I am not the biggest fan of Microsoft. \u00a0On the contrary. \u00a0I keep running into situations, where Microsoft technologies are a constant source of pain. \u00a0If that annoys you, please stop reading this post now and go away. \u00a0I don't care. \u00a0You've been warned. A few recent projects that\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":25956,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/03\/19\/vpn-comparison-chart\/","url_meta":{"origin":26910,"position":3},"title":"VPN Comparison Chart","author":"Leonid Mamchenkov","date":"March 19, 2016","format":false,"excerpt":"Reddit user ThatOnePrivacyGuy compiled this Google sheet with comparison of 130 VPN services. It covers a whole lot of metrics for each - from pricing, encryption and configuration options to additional services, activism and jurisdiction. Enjoy! Updated (May 22, 2017): If you want to learn more about different VPN providers,\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"vpn","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2016\/03\/vpn-500x228.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":27779,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/07\/18\/is-vpn-legal-in-your-country\/","url_meta":{"origin":26910,"position":4},"title":"Is VPN Legal in Your Country?","author":"Leonid Mamchenkov","date":"July 18, 2017","format":false,"excerpt":"TheBestVPN.com published a study of whether or not VPNs are legal in 196 countries around the world. \u00a0There is a summary for each, and some links to details of the research. VPNs are legal, generally. It depends largely on the country you\u2019re physically sitting in while using a VPN. But\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":42452,"url":"https:\/\/mamchenkov.net\/wordpress\/2019\/04\/10\/how-to-disable-ipv6-on-centos-rhel-7\/","url_meta":{"origin":26910,"position":5},"title":"How to disable IPv6 on CentOS \/ RHEL 7","author":"Leonid Mamchenkov","date":"April 10, 2019","format":false,"excerpt":"Sometimes I miss the good old days ... Recently, I had an issue with one of the servers, where a bunch of services were attaching to IPv6 ports instead of the IPv4 ones. Rather than editing the configuration of each of these services, I wanted to simply disabled IPv6 on\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/26910","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=26910"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/26910\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=26910"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=26910"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=26910"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=26910"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}