Anyone connected to the internet would like to hide identity from malicious users of the internet. We normally use the internet to perform our day-to-day activities such as online shopping, transaction, communication, and even teleconferencing. Behind the internet are users with malicious intentions such as eavesdropping, spoofing, denial of service, cybersecurity, and even man-in-the-middle attack.

Imagine of data center running on a public network. This place is hosting servers with data of various companies and used to run the day-to-day business. This puts all these companies at risk since their data is fully exposed to the internet and can be accessed from anywhere by anyone. VPN is necessary to such places and working areas to ensure privacy and security of organization data.

Uses of VPN

1. Security. VPN plays a critical role in the confidentiality of organization data and information. VPN creates a private network when organization data can only be accessed while on that private network. Only authorized employees or users can get access to data via a VPN connection.

2. Ensure privacy. VPN lets you hide your identity while connected to public wifi. This prevents hackers from gaining access to computers on public networks.

3. Unlocking Geo-restricted contents. For instance, you want to access a website or TV Channel and Geo-locked to the USA only, with a VPN connection to the USA you can bypass the security measure and access it as if you are located in the USA.

4. Bypass ISP restrictions. Some ISP may tend to monitor your network and sometimes end up slowing down your network or even blocking some of the ports on your router when doing port forwarding. With VPN, ISP will no longer know sites you are visiting nor traffic passing in your network.

5. Remote access. WithVPN, you can be able to connect to your home or office network and be in a position to use office resources as if you are there physically.

Introduction to OpenVPN

OpenVPN is a Virtual Private Network protocol that is used in implementing techniques to establish secure point-to-point or site-site connections. This can be bridged or routed in mode. Also supports remote access. OVPN server is configured and client files are generated which are configured to the user’s computer. To ensure maximum security, for authentication OVPN uses Pre-shared Key, client certificates, and also username and password.

Benefits of OpenVPN.

1.Cross-Platform. Openvpn runs on all operating systems; windows, Linux/UNIX, MacOS, Android and even iOS.

2. Cost-effective. OpenVPN is an open sources product that is freely available. You only need to download and configure at a zero fee cost.

3. Very secure. OpenVPN provide a high network privacy. Uses 256-bit encryption keys and high end ciphers.

4. Very powerful. OpenVPN can easily bypass firewalls with deep packet inspection tools. Makes use of UDP and TCP thus modifying traffics from VPN to simulate regular HTTPS traffics.

Install OpenVPN on Rocky Linux 8

Now that we have learned what is a VPN, OVPN protocol and some of its benefits, we are going to install OpenVPN Client on Rocky Linux which later can help us in uploading OVPN file and connect to OVPN sever with Rocky Linux 8.

First install epel-release which is very essential dependency for openvpn.

$ sudo dnf install epel-release

Run command below in terminal to update and install OPenVPN network manager in rock linux.

sudo dnf update
sudo dnf install NetworkManager-openvpn

Accept installation prompts:

Dependencies resolved.
==========================================================================
 Package                   Arch      Version                Repo     Size
==========================================================================
Installing:
 NetworkManager-openvpn    x86_64    1:1.8.10-1.el8.1       epel    265 k
Installing dependencies:
 openvpn                   x86_64    2.4.11-1.el8           epel    543 k
 pkcs11-helper             x86_64    1.22-7.el8             epel     64 k

Transaction Summary
==========================================================================
Install  3 Packages

Total download size: 873 k
Installed size: 2.5 M
Is this ok [y/N]: y


Dependencies resolved.
==========================================================================
 Package                   Arch      Version                Repo     Size
==========================================================================
Installing:
 NetworkManager-openvpn    x86_64    1:1.8.10-1.el8.1       epel    265 k
Installing dependencies:
 openvpn                   x86_64    2.4.11-1.el8           epel    543 k
 pkcs11-helper             x86_64    1.22-7.el8             epel     64 k

Transaction Summary
==========================================================================
Install  3 Packages

Total download size: 873 k
Installed size: 2.5 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): pkcs11-helper-1.22-7.el8.x86_64.rp 100 kB/s |  64 kB     00:00    
(2/3): NetworkManager-openvpn-1.8.10-1.el  85 kB/s | 265 kB     00:03    
(3/3): openvpn-2.4.11-1.el8.x86_64.rpm    100 kB/s | 543 kB     00:05    
--------------------------------------------------------------------------
Total                                     134 kB/s | 873 kB     00:06     
warning: /var/cache/dnf/epel-d3bdf2f3b42fc441/packages/NetworkManager-openvpn-1.8.10-1.el8.1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 2f86d6a1: NOKEY
Extra Packages for Enterprise Linux 8 - x 1.6 MB/s | 1.6 kB     00:00    
Importing GPG key 0x2F86D6A1:
 Userid     : "Fedora EPEL (8) <[email protected]>"
 Fingerprint: 94E2 79EB 8D8F 25B2 1810 ADF1 21EA 45AB 2F86 D6A1
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
Is this ok [y/N]: y

Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                  1/1 
  Installing       : pkcs11-helper-1.22-7.el8.x86_64                  1/3 
  Running scriptlet: openvpn-2.4.11-1.el8.x86_64                      2/3 
  Installing       : openvpn-2.4.11-1.el8.x86_64                      2/3 
  Running scriptlet: openvpn-2.4.11-1.el8.x86_64                      2/3 
  Running scriptlet: NetworkManager-openvpn-1:1.8.10-1.el8.1.x86_64   3/3 
  Installing       : NetworkManager-openvpn-1:1.8.10-1.el8.1.x86_64   3/3 
  Running scriptlet: NetworkManager-openvpn-1:1.8.10-1.el8.1.x86_64   3/3 
  Verifying        : NetworkManager-openvpn-1:1.8.10-1.el8.1.x86_64   1/3 
  Verifying        : openvpn-2.4.11-1.el8.x86_64                      2/3 
  Verifying        : pkcs11-helper-1.22-7.el8.x86_64                  3/3 
Installed products updated.

Installed:
  NetworkManager-openvpn-1:1.8.10-1.el8.1.x86_64                          
  openvpn-2.4.11-1.el8.x86_64                                             
  pkcs11-helper-1.22-7.el8.x86_64                                         

Complete!

Screen above indicates that OVPN network manager. Therefore we need to go a head and create OVPN connection to Rock Linux 8. There are two options to upload and run your OVPN. Connect via terminal or via GUI.

Connect OpenVPN via Terminal.

NOTE: Make sure you have .ovpn file downloaded on your computer before you continue.

We use openvpn command then followed with path of your VPN file to connect OpenVPN in terminal on Rocky Linux.

$ sudo openvpn /home/techviewleo/Downloads/techviewleo.ovpn
Sun May 30 23:43:30 2021 Unrecognized option or missing or extra parameter(s) in /home/techviewleo/Downloads/techviewleo.ovpn:15: block-outside-dns (2.4.11)
Sun May 30 23:43:30 2021 OpenVPN 2.4.11 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 21 2021
Sun May 30 23:43:30 2021 library versions: OpenSSL 1.1.1g FIPS  21 Apr 2020, LZO 2.08
Sun May 30 23:43:30 2021 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun May 30 23:43:30 2021 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun May 30 23:43:30 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:xxxx
Sun May 30 23:43:30 2021 Socket Buffers: R=[87380->87380] S=[16384->16384]
Sun May 30 23:43:30 2021 Attempting to establish TCP connection with [AF_INET]xx.xx.xx.xx:xxxx [nonblock]
Sun May 30 23:43:31 2021 TCP connection established with [AF_INET]xx.xx.xx.xx:xxxx
Sun May 30 23:43:31 2021 TCP_CLIENT link local: (not bound)
Sun May 30 23:43:31 2021 TCP_CLIENT link remote: [AF_INET]xx.xx.xx.xx:xxxx
Sun May 30 23:43:31 2021 TLS: Initial packet from [AF_INET]xx.xx.xx.xx:xxxx, sid=575e59d6 8c82d550
Sun May 30 23:43:31 2021 VERIFY OK: depth=1, CN=ChangeMe
Sun May 30 23:43:31 2021 VERIFY KU OK
Sun May 30 23:43:31 2021 Validating certificate extended key usage
Sun May 30 23:43:31 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun May 30 23:43:31 2021 VERIFY EKU OK
Sun May 30 23:43:31 2021 VERIFY OK: depth=0, CN=server
Sun May 30 23:43:32 2021 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun May 30 23:43:32 2021 [server] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:xxxxSun May 30 23:43:33 2021 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun May 30 23:43:33 2021 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route-gateway 10.0.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.0.0.3 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Sun May 30 23:43:33 2021 OPTIONS IMPORT: timers and/or timeouts modified
Sun May 30 23:43:33 2021 OPTIONS IMPORT: --ifconfig/up options modified
Sun May 30 23:43:33 2021 OPTIONS IMPORT: route options modified
Sun May 30 23:43:33 2021 OPTIONS IMPORT: route-related options modified
Sun May 30 23:43:33 2021 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun May 30 23:43:33 2021 OPTIONS IMPORT: peer-id set
Sun May 30 23:43:33 2021 OPTIONS IMPORT: adjusting link_mtu to 1627
Sun May 30 23:43:33 2021 OPTIONS IMPORT: data channel crypto options modified
Sun May 30 23:43:33 2021 Data Channel: using negotiated cipher 'AES-256-GCM'
Sun May 30 23:43:33 2021 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun May 30 23:43:33 2021 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun May 30 23:43:33 2021 ROUTE_GATEWAY 192.168.25.1/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:a0:db:25
Sun May 30 23:43:33 2021 TUN/TAP device tun0 opened
Sun May 30 23:43:33 2021 TUN/TAP TX queue length set to 100
Sun May 30 23:43:33 2021 /sbin/ip link set dev tun0 up mtu 1500
Sun May 30 23:43:33 2021 /sbin/ip addr add dev tun0 10.0.0.3/24 broadcast 10.87.0.255
Sun May 30 23:43:33 2021 /sbin/ip route add xx.xx.xx.xx/32 via 192.168.43.1
Sun May 30 23:43:33 2021 /sbin/ip route add 0.0.0.0/1 via 10.0.0.1
Sun May 30 23:43:33 2021 /sbin/ip route add 128.0.0.0/1 via 10.0.0.1
Sun May 30 23:43:33 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun May 30 23:43:33 2021 Initialization Sequence Completed

When you do what is my IP in browser you will notice a change in public IP.

Upload VPN file via GUI

Go to applications then open settings. Scroll down to networks then click.

On the second open, VPN option, click on the plus (+) sign.

Select the last option import file.

Navigate to your computer then locate the location of your OpenVPN client file you downloaded. Select the file then click open on the top left corner.

Click add to create a new VPN profile on Rocky Linux 8.

Your will be able to see a new VPN added. Start VPN connection by switching it on. Just clik on the button labelled off to turn on, colour changes to blue.

Conclusion.

In this guide, we have so far learned how to install and configure OpenVPN on Rocky Linux. By now, you should be in a position to connect OpenVPN via terminal and GUI as demonstrated above. Share, comment and stay tuned for more to come in.

Similar articles:

Install LAMP Stack on Rocky Linux 8 | AlmaLinux 8

Install MySQL 8 on Rocky Linux 8 | AlmaLinux 8

Install PostgreSQL 13 on Rocky Linux 8 | AlmaLinux 8