I'm trying to get OpenVPN to start automatically at boot. Today I have to manually type in
sudo openvpn --client --config $HOME/openvpn/anonine.ovpn --ca $HOME/openvpn/anonine.ca.crt
followed by username and password. Is there a good way to make this automatic at boot?
If you're on systemd (16.04) , configured AUTOSTART="all" and it's still not starting pay attention to this:
> # If you're running systemd, changing this variable will
> # require running "systemctl daemon-reload" followed by
> # a restart of the openvpn service (if you removed entries
> # you may have to stop those manually)
Just do a
systemctl daemon-reload
and then restart the service
sudo service openvpn restart
You can put auth-user-pass filename in your anonine.ovpn where filename is the file with username/password on 2 lines.
Make sure that filename is properly secured, because it will contain plain username/password.
This is from openvpn --help:
Client options (when connecting to a multi-client server):
--auth-user-pass [up] : Authenticate with server using username/password.
up is a file containing username/password on 2 lines,
or omit to prompt from console.
You also can add your certificate to your anonine.ovpn adding it this way:
<ca> -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- </ca>
If a username / password is not required in order to connect, then rename the .ovpn files to have an extension of .conf.
OpenVPN should connect on boot, even without autostart=all.
If a username/password is required,
edit the .conf file
edit auth-user-pass user-password-filename
Create a file containing:
username
password
If you want to connect with Network Manager, make sure you first do:
sudo apt-get install network-manager-openvpn
Make sure your Ubuntu is at least 14.04. This doesn't work on 12.04.
If you don't have your ca.crt, client.crt, etc, extract them from .conf.
With Network Manager, create a new VPN connection or import your conf.
Add the certificates and ta.key.
Routes, use connection only for resources on its network.
Edit your Internet connection with network manager. Choose connect with VPN, then choose your VPN connection.
While it might not be of interest to the OP, I was frustrated by this service not starting until login--either graphical, or one of the Ctrl+Alt+F# TTYs. I eventually realized that my machine would only connect to wifi when I logged in. Combining the other answers here with the standard advice to run sudo update-rc.d openvpn defaults, and with the first answer at this other question worked for me. Perhaps this might help another Googler.
For me the
auth-user-pass filename
did not work
use
askpass /etc/openvpn/filename
And only have the password on the top line
It worked and now openvpn starts at boot
commands to check if openvpn is working:
systemctl status openvpn@"your vpn user name"
wget -qO- http://ipecho.net/plain ; echo
to check your ip (it must be different than the external ip of your router)
sudo service openvpn stop
sudo service openvpn start
to check your config without rebooting all the time.
The better way is to embed the CA file into the .ovpn file.
At first, you need to copy your config to the OpenVPN directory and register this config as a service:
sudo cp $HOME/openvpn/anonine.ovpn /etc/openvpn/client.conf
sudo systemctl enable openvpn@client.service
After these actions, you can simply start the VPN session with the next command(and this session also will start at system reboot):
sudo service openvpn@client start
To configure the start of the VPN session on system launch requred to edit file /etc/default/openvpn - you need to find the line AUTOSTART="all" and uncomment it, or uncomment and change the word "all" to "client", for example("client" because /etc/openvpn/client.conf), or simply add the line AUTOSTART="$name_of_your_conf_file".
