Skip to main content

Install OpenVPN 2.4 and 2.6 on Alma / Rocky Linux

 To install OpenVPN on AlmaLinux 9.5, you can follow these steps:

1. Update the System:

Before installing any software, it's a good idea to update your system:


sudo dnf update -y

2. Install EPEL Repository:

OpenVPN is available in the EPEL (Extra Packages for Enterprise Linux) repository. First, install the EPEL repository:


sudo dnf install epel-release -y

3. Install OpenVPN:

After enabling the EPEL repository, install OpenVPN:


sudo dnf install openvpn -y

4. Install NetworkManager (Optional):

If you are using NetworkManager for managing network connections, you can install the OpenVPN plugin for NetworkManager:


sudo dnf install NetworkManager-openvpn -y

5. Configure OpenVPN:

Once installed, you need to configure OpenVPN by copying your .ovpn configuration file to the /etc/openvpn/ directory:


sudo cp /path/to/your/config.ovpn /etc/openvpn/

6. Start OpenVPN:

You can start OpenVPN by specifying the configuration file directly:


sudo openvpn --config /etc/openvpn/your_config.ovpn

If you want OpenVPN to run as a service, you can create a systemd service file as described in previous steps, or use the provided openvpn-client service unit with a slight modification to ensure it starts with the correct .ovpn file.

sudo chmod 644 /etc/openvpn/your_config.ovpn


In the [Install] section, add the WantedBy directive to ensure the service is started on boot. You can use multi-user.target, which is commonly used for services that should be started after the network is up.


Here's what the updated service file should look like:

sudo nano /etc/systemd/system/openvpn.service

[Unit]

Description=OpenVPN connection to %i

After=network.target

[Service]

Type=simple

ExecStart=/usr/sbin/openvpn --config /etc/openvpn/your_config.ovpn

Restart=on-failure

User=root

Group=root

[Install]

WantedBy=multi-user.target

Save and exit

This configuration ensures that OpenVPN starts when the system reaches the multi-user.target, which is the normal operating state for most systems.


Reload Systemd and Enable the Service:

After modifying the service file, reload the systemd configuration and enable the service to start at boot:

sudo systemctl daemon-reload

sudo systemctl enable openvpn.service

Start the Service:

If you haven't already started the service, use the following command to start it:


sudo systemctl start openvpn.service

Verify the Service is Enabled:

To confirm that the service is now enabled and will start on boot, run:

sudo systemctl is-enabled openvpn.service

7. Verify Connection:

You can verify if OpenVPN is running by checking the status:


sudo systemctl status openvpn.service

If you used a service file, make sure to reload systemd and restart the service:


sudo systemctl daemon-reload
sudo systemctl restart openvpn.service

8. Troubleshooting:

If the OpenVPN service is not starting, you can check logs for any issues:


sudo journalctl -u openvpn.service

You can also check /var/log/messages or /var/log/openvpn.log (if logging is enabled in the configuration) for more detailed error information.

By following these steps, you should be able to install and configure OpenVPN on AlmaLinux 9.5. If you encounter any issues, let me know, and I'll help you troubleshoot further.




======================================================


OFFICIAL & RELIABLE UPGRADE METHOD (Source Build)
Because:


Rocky 8 repos stop at 2.4


OpenVPN repo URLs change


Source build always works and is stable


This is the most future-proof method.


🟒 Step 1 — Install build dependencies (one time)
dnf groupinstall -y "Development Tools"

dnf install -y \
openssl-devel \
lzo-devel \
lz4-devel \
pam-devel \
systemd-devel \
libcap-ng-devel \
iproute \
pkgconfig


🟒 Step 2 — Download OpenVPN 2.6 source (official)
cd /usr/src
curl -LO https://swupdate.openvpn.org/community/releases/openvpn-2.6.10.tar.gz
Verify size (must be several MB):
ls -lh openvpn-2.6.10.tar.gz


🟒 Step 3 — Compile and install
tar -xzf openvpn-2.6.10.tar.gz
cd openvpn-2.6.10

./configure \
--prefix=/usr/local \
--enable-systemd \
--enable-iproute2

make -j$(nproc)
make install
This installs OpenVPN here:
/usr/local/sbin/openvpn


🟒 Step 4 — Verify new OpenVPN (MANDATORY)
/usr/local/sbin/openvpn --version
You must see:
OpenVPN 2.6.x
If not → stop here.


🟒 Step 5 — Switch systemd to new OpenVPN
Edit the service file:
nano /etc/systemd/system/openvpn.service
Change ExecStart from:
/usr/sbin/openvpn
to:
/usr/local/sbin/openvpn
Save and reload:
systemctl daemon-reload


🟒 Step 6 — Test manually (IMPORTANT)
Before systemd:
/usr/local/sbin/openvpn --config /etc/openvpn/client.ovpn
You should see:
VERIFY OK
Peer Connection Initiated
Initialization Sequence Completed
If manual works → systemd will work.


🟒 Step 7 — Start OpenVPN service
systemctl enable openvpn
systemctl restart openvpn
systemctl status openvpn


✅ Expected SUCCESS logs
Control Channel: TLSv1.3
Peer Connection Initiated
PUSH_REPLY
Initialization Sequence Completed


🧰 Maintenance & Future Use
πŸ”„ Upgrade later (example: 2.6.11)
Just repeat:
cd /usr/src
curl -LO https://swupdate.openvpn.org/community/releases/openvpn-2.6.11.tar.gz
tar -xzf openvpn-2.6.11.tar.gz
cd openvpn-2.6.11
./configure --prefix=/usr/local --enable-systemd --enable-iproute2
make -j$(nproc)
make install
systemctl restart openvpn
No config changes needed.





Comments

Post a Comment

Popular posts from this blog

Vicidial Scratch installation Alma -9/10

Step 1 – Download the dependencies   hostnamectl set-hostname xxxxxx.xxxxx.xxx ### Use YOUR SubDomain vi /etc/hosts ##Change domain name for actual server ip (xxx.xxx.xxx.xxx   complete domain name    subdomain only) timedatectl set-timezone Asia/Kolkata yum check-update yum update -y yum -y install epel-release yum update -y yum install git -y yum install -y kernel* sudo dnf install kernel-devel-$(uname -r) -y # Install english language pack dnf install -y glibc-langpack-en # Configure new locale. This basically just edits /etc/locale.conf localectl set-locale en_US.UTF-8 #Disable SELINUX sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config     reboot Step 2 – Run the Script cd /usr/src/ git clone https://github.com/manish23k/vicidial-install-scripts cd vicidial-install-scripts ####For PHP 7.4 use this script. chmod +x alma-rocky9-ast16.sh ./alma-rocky9-ast16.sh Or the Asterisk 18 version: chmod +x alma-rocky9-ast18.sh ./alma-rock...
Post a Comment
Read more

Alma 9 Vicidial Selfsign Webrtc

I am going to provide step by step guide to integrate, enable and configure the viciphone(a webrtc phone) in vicidial (also applicable to any vicidial based system) using the Self Signed SSL Certificate ,ie without a public-ip and FQDN or accessing the vicidial with internal LAN IP. 1️⃣ Install OpenSSL (if not installed) sudo dnf install -y openssl 2️⃣ Generate a Private Key openssl genpkey -algorithm RSA -out selfsigned.key -pkeyopt rsa_keygen_bits:2048 3️⃣ Create a Certificate Signing Request (CSR) openssl req -new -key selfsigned.key -out selfsigned.csr It will prompt you for details like: Country Name (e.g., IN ) State or Province (e.g., Gujarat ) Locality (City) Organization Name Common Name (Domain, e.g., example.com or your server IP) Email Address You can use localhost or an IP address if needed. 4️⃣ Generate a Self-Signed Certificate openssl x509 -req -days 365 -in selfsigned.csr -signkey selfsigned.key -out selfsigned.crt -days 365 → Valid for 1 year (Adjust as needed) ...
Post a Comment
Read more