Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
98 lines (81 sloc) 3.98 KB


This is my configuration and setup for my OpenVPN client on my Linux box. My goal is to setup a specific user and route all traffic for that user through the VPN I have setup.

I based a lot of my initial setup on this guide over at and made some adjustments for my configuration that works and met my needs.


apt-get install openvpn sudo apt-utils iptables curl resolvconf -y
cd /etc/openvpn
  • Modify the openvpn.conf file and other files to suite your networking needs. My internal network is and my server is rTorrent is configured to port forward on 49234 and my iptables rules are configured for that.
  • Update login.txt with the proper password information
# add the vpn user 
 adduser --disabled-login vpn
 # block the vpn user from using the normal network
iptables -F
iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP
# save the IPV rules as this will make the vpn user on startup unable to access the normal WAN
apt-get install iptables-persistent -y

# add in the extra route
echo "200     vpn" >> /etc/iproute2/rt_tables

# test the vpn service - for me it installed into /etc/init.d/openvpn
systemctl enable openvpn
systemctl start openvpn

# check status
systemctl status openvpn


systemctl status openvpn
● openvpn.service - OpenVPN service
   Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled)
   Active: active (exited) since Tue 2018-09-04 07:39:33 EDT; 1 day 5h ago
  Process: 845 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
 Main PID: 845 (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4915)
   CGroup: /system.slice/openvpn.service

Sep 04 07:39:33 gemini systemd[1]: Starting OpenVPN service...
Sep 04 07:39:33 gemini systemd[1]: Started OpenVPN service.

Other output to confirm

root@gemini:~ netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface         UG        0 0          0 enp1s0 UH        0 0          0 tun0   U         0 0          0 enp1s0
root@gemini:~ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 68:05:ca:4e:fa:a0 brd ff:ff:ff:ff:ff:ff
    inet brd scope global enp1s0
       valid_lft forever preferred_lft forever
3: enp2s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 68:05:ca:4e:f6:fc brd ff:ff:ff:ff:ff:ff
8: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    inet peer scope global tun0
       valid_lft forever preferred_lft forever
root@gemini:~ ip route list
default via dev enp1s0 onlink dev tun0 proto kernel scope link src dev enp1s0 proto kernel scope link src

Checking IP

# This should return your normal WAN IP information
sudo -u vpn -i -- curl
# This should return your VPN provider information

# DNS check
sudo -u vpn -i -- cat /etc/resolv.conf

# This should return your modified DNS setting