Running OpenVPN Client With systemd

Photo by FLY:D on Unsplash

Running OpenVPN Client With systemd

In the era of remote work, a lot of us work over OpenVPN (a bit unfortunate naming, by the way). On Linux, it has a command-line client. Keeping a terminal around all day can be impractical, but you can configure OpenVPN to run as a systemd service, and systemd will keep it running for you.

To do so, copy your OpenVPN configuration file to /etc/openvpn/client, and make sure that the filename ends with .conf:

$ cp your-company-openvpn-configfile /etc/openvpn/client/your-company.conf

If the VPN requires a username and password, make sure that the configuration file points to a file with the credentials. This means that your-company.conf has to contain the following line:

auth-user-pass your-company.auth

And create your-company.auth file in /etc/openvpn/client with username and password separated by a newline. If you're sharing the machine with anyone, it's a good idea to make the file readable only by root and nobody else.

Now you should be able to start the new OpenVPN service like so:

$ systemctl start openvpn-client@your-company

Note that this grabs the part after the @, appends .conf, and then searches for a configuration file with that name in /etc/openvpn/client/. Therefore, make sure you got the naming right. Also, note that thanks to the @ you can have multiple configurations for multiple clients. This is a handy feature of systemd, called "templates", and you can use it with any systemd service. If you're feeling inquisitive, you can open /usr/lib/systemd/system/openvpn-client@.service on your machine and take a look at how this is actually implemented for OpenVPN.

You can of course use all the systemctl commands with your VPN client now. For example, you can check the status using

$ systemctl status openvpn-client@your-company

Or configure the VPN client to start at boot via

$ systemctl enable openvpn-client@your-company

... and so on. Enjoy!