OpenVPN Server and Client Installation and Configuration on Debian 7

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Michael David

I am an outstanding Technical Writer with exemplary System Administration skills in Linux/FreeBSD. Have over 18+ years in IT and currently work as a Project Manager in Noida.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

13 Responses

  1. Michael says:

    @vmh: fe80 is a localhost IPv6 address. Are you really sure your ISP assigned it? Google ipv6 test and do an ipv6 test to see if you actually have ipv6 and post the result.

    • Vmh says:

      @Michael – you are actually correct. Once I sorted out what was going on: I was looking at the wrong thing – that was actually a loopback IP address. I was assigned a block of IP addresses (from ::f000-f00f).

      These are verifiable. The problem is that in any of the articles I have read on configuring IPv6 VPN’s, it requires (or strongly recommends) a /64 block. It appears that Digital Ocean is assigning me a /112 block of which I need one address for the server itself.

      This won’t work from what I understand. My dilemma is that I cannot find anything that addresses this on Digital Ocean. It seems extreme to open a ticket for this – I am a little astonished that no one seems to have the same problem … almost like I am missing something very obvious.

  2. Vmh says:

    I am still struggling with IPv6 addresses. The author mentioned the “BASE RANGE” above in the configuration that the ISP assigns. For myself, I have been assigned an IP address like this: “fe80::[group]:[group]:[group]“.

    I am stuck trying to understand out of this mess what is the “base range” that I should use for my OpenVPN server configuration. Unfortunately, even a Google search of “IPv6 Base Range” doesn’t give much useful information. Any help would be appreciated.

  3. realware says:

    Key size 2048 would suffice. 4096 makes the tls handshake terribly slow

  4. madnexus says:

    Is there any way to avoid client scripts and pull routes and ips straight away? This is not convenient if you are using openvpn on a phone…

  5. Andy says:

    ca.key on the client? Really? I don’t think so.

  6. Michael David says:

    Dan, it only means your keys on the server and the client do not match. Please check again.

  7. Dan says:

    I did this tutorial on my server exactly step by step, and I have a problem with ta.key file :

    Jun 7 17:03:05 test ovpn-openvpn[5618]: Authenticate/Decrypt packet error: packet HMAC authentication failed
    Jun 7 17:03:05 test ovpn-openvpn[5618]: TLS Error: incoming packet authentication failed from [AF_INET]80.**.**.***:54179

  8. Jeremy Davis says:

    TurnKey Linux offers a pre-installed, pre-configured OpenVPN server (on a Debian 7 base) as a ISO, virtual machine image or in the cloud.

    Have a look here:

  9. Marevoula says:

    There is also an integration for OpenVPN with the Linux Enterprise distribution Univention Corporate Server = OpenVPN4UCS.
    It is available via the Univention App Center at:

Leave a Reply to Andy Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.