Install OpenVPN

This will allow you to connect to your vpn server

sudo apt install openvpn resolvconf

Get your VPN services’ config files

Your VPN service will need to provide you with credentials to connect to their servers. Search from your VPNs name followed by “openvpn”.

Example, Express VPN

After you download your config files, SCP them to the Pi (if they are on your local machine) then move them into /etc/openvpn and rename to a .conf file so it can be started via sysctl

scp expressvpn_config.ovpn pi@pi1.local:~/

sudo mv expressvpn_config.ovpn /etc/openvpn/
sudo cp /etc/openvpn/expressvpn_config.ovpn /etc/openvpn/expressvpn.conf

Run the VPN client

sudo openvpn --config expressvpn_config.ovpn --script-security 2 --up /etc/openvpn/update-resolv-conf --down /etc/openvpn/update-resolv-conf

via system service (recommended):
systemctl start openvpn@CONF_NAME.service

where CONF_NAME is the name of your .conf file in /etc/openvpn directory. In this example the command would be systemctl start openvpn@expressvpn.service. You could have multiple openvpn services running if you have more than one .conf file.

Verify your OpenVPN connection

Ensure that traffic is indeed being routed through your VPN service providers endpoint.

Verify via the command line

Check your public IP address


Check your ip address geolocation


Check that OpenVPN successfully created a tunnel interface

ifconfig tun0 &> /dev/null && echo -e "\033[1;32m" "-- VPN is active --" "\033[0m"

Verify in your browser

Check your public IP addresses on your local browser using:

Autostart OpenVPN on load

If everything works enable your OpenVPN service to run at startup

systemctl enable openvpn@CONF_NAME.service

more notes:

Open VPN Troubleshooting

These steps may help if you’re finding Open VPN is not connecting, slow, or can’t access the internet.

Check that the OpenVPN service is running

Lists all the openvpn services currently running

systemctl list-units | grep openvpn

You should see something like this.

openvpn@expressvpn.service     loaded active running   OpenVPN connection to client
system-openvpn.slice     loaded active active    system-openvpn.slice

If you see an openvpn.service active exited kill the openvpn.service and restart systemctl start openvpn@expressvpn.service because openvpn.service is just a template service. Unload the openvpn.service from autostarting at load sudo systemctl status openvpn.service

To get more in depth details on any of those services run:

systemctl status openvpn@expressvpn.service

“active (exited)” error

If you see “active (exited)” as the status code when you ran the above command, see this ServerFault post

Check the OpenVPN logs

OpenVPN outputs logs to the syslog since it’s normally a system service.

tail -f syslog
grep 'ovpn' syslog

Reload the system manager config

sudo systemctl daemon-reload

More here

TUN/TAP dev error: “Cannot open TUN/TAP”

If you see this error Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)

It could mean your kernal modules are out of sync. Check by running these two commands:

rpdom@raspi5 ~ $ uname -r
rpdom@raspi5 ~ $ ls /lib/modules
3.18.11+  3.18.11-v7+

They should produce the same numbers, if not it means you probably did an upgrade recently without rebooting. In that case (if they are different), run sudo reboot and the kernal should upgrade itself to match the modules and you should be good to go.