This page covers common configuration steps for OpenVPN deployments.
If you followed the setup guide, your main configuration file is typically /etc/openvpn/server.conf.
Also common:
/etc/openvpn/server/server.conf
server.conf)port 1194
proto udp
dev tun
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/server.crt
key /etc/openvpn/pki/private/server.key
dh /etc/openvpn/pki/dh.pem
tls-crypt /etc/openvpn/pki/ta.key
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 9.9.9.9"
keepalive 10 120
persist-key
persist-tun
user nobody
group nogroup
topology subnet
cipher AES-256-GCM
auth SHA256
data-ciphers AES-256-GCM:AES-128-GCM
verb 3
status /var/log/openvpn/status.log
tls-crypt to protect control channel metadata.AES-256-GCM family).topology subnet for simpler client routing behavior.600 on private keys).1194/udp).Restart the service or reload the configuration using your init system or container manager.
Typical service names:
sudo systemctl restart openvpn-server@server
or
sudo systemctl restart openvpn
Confirm the service is healthy, then test connectivity from a client.
sudo systemctl status openvpn-server@server
sudo ss -u -lpn | rg 1194
sudo journalctl -u openvpn-server@server -n 100 --no-pager
Client-side checks: