Setup OpenVPN with any VPN of choice
Setup OpenVPN on Linux with any VPN provider. SurfShark is used in this post as an example
I finally decided to get a VPN, just to try out a few things (ahem, torrents). I looked through a few options and saw that Surfshark was offering a nice value for a 24 month pack so I decided to go with them. They also boast of things like unlimited device support on their site. Since that is a deal breaker for me, I decided to give it a try.
As you might know, my primary machine runs on Linux which means I had to set it up with OpenVPN. To be specific I am using Arch Linux. I checked Surfsharks site to see how they support Linux and they have a deb package for Ubuntu but nothing for AUR!
However when I searched on AUR, turns out there is a package for SurfShark. I did try this package. I don't know the specifics but it seems like it is just a wrapper around OpenVPN and honestly it didn't work too well for me so I decided to use OpenVPN instead.
In my case it was really simple to install OpenVPN. Just enter the following command:
yay -S openvpn # Yes I use yay!
However this command will vary based on the distribution. For Ubuntu it should be installable by using
Download the opvn file and rename it to something that makes more sense.
Like any other VPN provider, SurfShark also provides users with openvpn config files. Those can be found over here, just go to the locations tab.
In my case, I went with Netherlands as the location.
This config file will be filled with useful information that
openvpn will be able to use.
The config file, by default will have a pretty long name, just rename it to something like
Make sure that it has the
However, if anyone can just download this file and use it, it won't be cool right? Like, we paid to get this access. Yeah, so all VPN providers handle that by allowing access only to those who have a certain credentials.
In order to connect to the vpn, we will have to get our credentials.
The credentials can be found at the above page as well. There would be an
username and a
We need to copy this two values and write them in a
Contents of the file should be like the following:
Now, in order to let
openvpn know that we have access to the location, we will have to pass the
auth through the config. We can do that by just changing a line.
Opening the config, we can see that it contains the following:
client dev tun proto udp ... reneg-sec 0 remote-cert-tls server auth-user-pass ...
In the above file, we have the value
auth-user-pass. We need to pass the
auth file along with this. So change that line to the following:
Make sure to pass an absolute path instead of a relative one since openvpn won't run from the same directory as the config.
Now that we have the a
auth taken care of, we can test the connection.
Just run the following command:
You should see a lot of verbose on the commandline, however the end line should be like this:
Initialization Sequence Completed
This line indicates that the connection was success and that OpenVPN was able to use your credentials along with the other files to make a connection.
You can cross check if the VPN is working by going to a site like What is my IP from Surfshark or something similar from your VPN provider.
Now that we know that our VPN works, we need to make sure that it starts whenever we boot our machine.
To start OpenVPN at boot, we need to move the
vpn.conf file to
/etc/openvpn/client/. It needs to be in this directory in order to be seen by OpenVPN.
Along with the
conf, move the
vpn.auth file as well and update the absolute path in the
NOTE: Change the permission of the
vpn.conffile after moving it to the
clientdirectory by running
chmod 755 vpn.conf. This is important because otherwise it is not accessible by openvpn.
Now that we have our files in place and the paths and permissions taken care of, we can start the service. Start the service with the following command:
systemctl start openvpn-client@vpn
Note that in the above command
vpnis used because the name of the config is
vpn.conf. If it is something else like
openvpn.confthen change the command to something like
systemctl start openvpn-client@openvpn.
If everything went well, you should see nothing. Check the status of the service by using the following command:
systemctl status openvpn-client@vpn
You should see it as active if it is running all right.
Starting the service was just running it through
systemd. Enabling it is what will make sure that it runs on boot. We can enable the service with the following command:
systemctl enable openvpn-client@vpn
If everything goes well, there should be no output from systemd. This indicates that it is enabled succesfully.
You can try testing the connection by rerunning the tests done above.
With that, the VPN should be enabled through OpenVPN. It is pretty fun to enable it through such a lightweight package rather than installing a whole package from the VPN provider just to connect to the service. So far, I'm enjoying my experience with OpenVPN and SurfShark!