Skip to content

Instantly share code, notes, and snippets.

@luiscbr92

luiscbr92/Connect Raspberry Pi to OpenVPN server at boot time.md

Last active December 30, 2025 06:08
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save luiscbr92/be2cce64825c569db7113245f76b4e3b to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save luiscbr92/be2cce64825c569db7113245f76b4e3b to your computer and use it in GitHub Desktop.
Download ZIP
Connect Raspberry Pi to OpenVPN server at boot time
Raw
Connect Raspberry Pi to OpenVPN server at boot time.md

Connect Raspberry Pi to OpenVPN server at boot time

This Gist will guide you through the steps to connect the Raspberry Pi to a OpenVPN server. As a further step I will explain how to connect to the OpenVPN server automatically at boot time.

During this guide I'm using Raspberry Pi OS with the latest updates already installed. I will use the CLI client of OpenVPN

As a prerrequisite, we should create an OpenVPN profile in the VPN server, which results in having a file named like client.ovpn.

⚠️ Important: you should create an auto-login profile that requires no passphrase in order to connect to the VPN at boot time. ⚠️

Installing and connecting with the OpenVPN client

First thing to do is to install the OpenVPN CLI client.

sudo apt install openvpn

Now we have to copy the client.ovpn into our Pi. We can use an FTP client for this and connect via SFTP. I put the file in the home directory of the pi user.

There is a problem with the OpenVPN Command Line Client: it doesn't have the ability to implement the DNS servers that are pushed by the VPN server. The reasons for missing this feature can be found here. TL;DR: There isn't a single way to implement the DNS servers on Linux. It depends on the distribution you are using, among other factors.

Fortunately there is a script for Ubuntu and Debian operating systems that handles the DNS implementation when connecting and disconnecting the VPN automatically, and since Raspberry Pi OS is based on Debian, we can benefit from this script too. This script is located in /etc/openvpn/update-resolv-conf, in case you want to take a look at it.

In order to use the update-resolv-conf script, we must edit the client.ovpn file and add the following lines to the very bottom of the file:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

After this step, we can just connect to the VPN server with one of the following commands:

When Command
Profile requires passphrase openvpn --config client.ovpn --auth-user-pass
Profile requires MFA openvpn --config client.ovpn --auth-user-pass --auth-retry interact
Profile with auto-login openvpn --config client.ovpn

The problem now is that the terminal is blocked by the process. And starting the connection manually doesn't look like a confortable way to implement this. But at least, we checked and know that the connection to the VPN has been made with the messages that are in our terminal.

Connecting to the VPN server at boot time

Good thing is that there is a script that automatically starts the connections that are located in /etc/openvpn/*.conf at boot time. This script is /etc/init.d/openvpn.

So, the only thing we have to do is to move the client.ovpn to the /etc/openvpn/ directory and change its extension to conf.

sudo mv client.ovpn /etc/openvpn/client.conf

Finally, we should verify that our configuration is running as we expected. We reboot the Pi and after login, we execute ifconfig in a terminal. If there is a tun0 or similar network inteface in the list, then our configuration is running correctly.

Bibliography

The above article is based on the following documentation:

Connecting to Access Server with Linux

Written with ❤️ by Luis Alberto Centeno Bragado (@luiscbr92) on 04.07.2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment