INSTRUCTIONS to Setup LibremONE Tunnel for Headless Debian Variant
Assumptions: Debian variant 18.04LTS
==Step 0==
SSH into the target server/system where you want to use OpenVPN client.
==Step 1==
Install openvpn client.
Open a terminal and execute
sudo apt update
sudo apt install openvpn
==Step 2==
Configure openvpn client to use the LibremONE Tunnel credentials.
Follow the instructions at docs.puri.sm/Librem_One/Generic.html.
You will need the certificate.ovp. You need this on the TARGET system.
Get the lengthy username and password generated by:
librem.one/api/v1/user/tunnel_account on the SSH from system.
DO NOT use your regular LibremONE login credentials to setup openvpn.
Thus, on the TARGET, sudo cd /etc/openvpn
Download the https://librem.one/public/certificate.ovpn to the TARGET system using
sudo wget https://librem.one/public/certificate.ovpn
Rename certficate.ovpn to /etc/openvpn/client.conf USE EXACTLY this name.
sudo mv ./certificate.ovpn /etc/openvpn/client.conf .
The client name will be used later to configure systemctl so use exactly this name.
Now we need to edit some files to setup OpenVPN.
sudo cd /etc/openvpn
Create a username and password file using the lengthy user name and password generated by:
https://librem.one/ api/v1/user/tunnel_account.
This should be available on the SSH computer.
sudo nano /etc/openvpn/pass.txt
Paste the username (just the username string, NOTHING ELSE)
on the first line. Hit RETURN.
Paste the password (just the password string, NOTHING ELSE)
on the second line.
DO NOT ADD ANYTHING ELSE.
CTRL-X and save YES.
ls -la to verify that pass.txt was created.
Now set the permissions on the newly created password file to
sudo chmod 400 ./pass.txt
Now we will edit the /etc/openvpn/client.conf file to use the newly created password file and to select an optimal VPN node.
Using the SSH computer check
https://www.privateinternetaccess.com/pages/network/ for closer VPN servers. Note the server name on the SSH System.
Open /etc/openvpn/client.conf using
sudo nano /etc/openvpn/client.conf
and check the line
remote us-california.privacy.network 1198
Carefully change the us-california to a closer server.
Now look for the line auth-user-pass
Carefully change this line to
auth-user-pass pass.txt
CTRL-X and yes to save.
==Step 3==
This step enables the autoload of openvpn client on boot.
sudo systemctl enable openvpn@client
sudo systemctl daemon-reload
sudo systemctl start openvpn@client
The client name here specifically references the client.conf file created earlier in /etc/openvpn/ , which is why we used that exact name.
You can also test the vpn connection with:
sudo openvpn /etc/openvpn/client.conf
To restart the openvpn client,
sudo systemctl restart openvpn