# OpenVPN

## Адаптация старых OpenVPN конфигов к новым релизам OpenVPN

### 2.3 → 2.4

При переходе часто встречается ошибка. Текстового примера под рукой нет

Добавить

```plaintext
tls-cipher "DEFAULT:@SECLEVEL=0"
```

в начало .conf файла, вот так:

<figure class="image" id="bkmrk-">![](https://book.accounter.org/uploads/images/gallery/2023-07/embedded-image-rn8nyxou.png)</figure>### tls-remote Unrecognized option

Options error: Unrecognized option or missing or extra parameter(s) in lala.ovpn:95: tls-remote (2.5.7)  
Use --help for more information.  
  
tls-remote упразднён:

```plaintext
tls-remote lala.my.com
```

Вместо него:

```plaintext
verify-x509-name lala.my.com name
```

Варианты синтаксиса:

```plaintext
verify-x509-name 'C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=uk1.vpn.giganews.com'
```

### Add the server's cipher ('BF-CBC') to --data-ciphers

OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('BF-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM') if you want to connect to this server.

Надо добавить в конфиг:

```plaintext
cipher BF-CBC
```

# Autostart OpenVPN systemd

In order to configure OpenVPN to autostart for systemd, complete the following steps:

Run the command:

```plaintext
# sudo nano /etc/default/openvpn
```

and uncomment, or remove, the “#” in front of

```plaintext
AUTOSTART="all"
```

then press ‘Ctrl X’ to save the changes and exit the text editor.

Move the .ovpn file with the desired server location to the ‘/etc/openvpn’ folder:

```plaintext
# sudo cp /location/whereYouDownloadedConfigfilesTo/Germany.ovpn /etc/openvpn/
```

Edit the .ovpn file you copied in the previous step and change the line ‘auth-user-pass’ to ‘auth-user-pass pass’:

```plaintext
# sudo nano /etc/openvpn/Germany.ovpn
```

then press ‘Ctrl X’ to save the changes and exit the text editor.

In the ‘/etc/openvpn’ folder, create a text file called pass:

```plaintext
# sudo nano /etc/openvpn/pass
```

and enter your IVPN Account ID (starts with ‘ivpn’) on the first line and any non-blank text on the 2nd line, then press ‘Ctrl X’ to save the changes and exit the text editor.

(Optional) Change the permissions on the pass file to protect the credentials:

```plaintext
# sudo chmod 400 /etc/openvpn/pass
```

Rename the .ovpn file to ‘client.conf’:

```plaintext
# sudo cp /etc/openvpn/Germany.ovpn /etc/openvpn/client.conf
```

On Ubuntu 16.04 LTS, OpenVPN installs and initiates a service by default. If you are using Ubuntu 16.04 LTS, skip to step 10.  
For Ubuntu 18.04 LTS and up, enable the OpenVPN service to run while booting:

```plaintext
# sudo systemctl enable openvpn@client.service
```

Reload the daemons:

```plaintext
# sudo systemctl daemon-reload
```

Start the OpenVPN service:

```plaintext
# sudo service openvpn@client start
```

Reboot and test if it is working by checking the external IP:

```plaintext
# curl ifconfig.co
```

If curl is not installed:

```plaintext
# sudo apt install curl
```

https://www.ivpn.net/knowledgebase/linux/linux-autostart-openvpn-in-systemd-ubuntu/