Install Librem ONE Tunnel on NAS Headless Linux CLI

INSTRUCTIONS to Setup LibremONE Tunnel for Headless Debian Variant

Assumptions: Debian variant 18.04LTS

==Step 0==
SSH into the target server/system where you want to use OpenVPN client.

==Step 1==
Install openvpn client.
Open a terminal and execute
sudo apt update
sudo apt install openvpn

==Step 2==
Configure openvpn client to use the LibremONE Tunnel credentials.

Follow the instructions at
You will need the certificate.ovp. You need this on the TARGET system.
Get the lengthy username and password generated by: on the SSH from system.

DO NOT use your regular LibremONE login credentials to setup openvpn.

Thus, on the TARGET, sudo cd /etc/openvpn

Download the to the TARGET system using
sudo wget

Rename certficate.ovpn to /etc/openvpn/client.conf USE EXACTLY this name.
sudo mv ./certificate.ovpn /etc/openvpn/client.conf .
The client name will be used later to configure systemctl so use exactly this name.

Now we need to edit some files to setup OpenVPN.
sudo cd /etc/openvpn

Create a username and password file using the lengthy user name and password generated by: api/v1/user/tunnel_account.
This should be available on the SSH computer.

sudo nano /etc/openvpn/pass.txt

Paste the username (just the username string, NOTHING ELSE)
on the first line. Hit RETURN.
Paste the password (just the password string, NOTHING ELSE)
on the second line.
CTRL-X and save YES.

ls -la to verify that pass.txt was created.

Now set the permissions on the newly created password file to
sudo chmod 400 ./pass.txt

Now we will edit the /etc/openvpn/client.conf file to use the newly created password file and to select an optimal VPN node.

Using the SSH computer check for closer VPN servers. Note the server name on the SSH System.

Open /etc/openvpn/client.conf using
sudo nano /etc/openvpn/client.conf

and check the line
remote 1198
Carefully change the us-california to a closer server.

Now look for the line auth-user-pass
Carefully change this line to
auth-user-pass pass.txt

CTRL-X and yes to save.

==Step 3==
This step enables the autoload of openvpn client on boot.

sudo systemctl enable openvpn@client
sudo systemctl daemon-reload
sudo systemctl start openvpn@client

The client name here specifically references the client.conf file created earlier in /etc/openvpn/ , which is why we used that exact name.

You can also test the vpn connection with:
sudo openvpn /etc/openvpn/client.conf

To restart the openvpn client,
sudo systemctl restart openvpn