Configure openvpn for protonvpn or any other vpn service on Arch Linux using the Terminal
Very simple, first need to install openvpn, right
sudo pacman -S openvpnNow we need to install using yay, two packages that are necessary to configure the whole thing, once we try to connect to a vpn:
One is this,
https://aur.archlinux.org/packages/openvpn-update-resolv-conf-git
yay -S openvpn-update-resolv-conf-gitWhy? because otherwise we will get this:
Options error: –up script fails with ‘/etc/openvpn/update-resolv-conf’: No such file or directory (errno=2)
Options error: Please correct this error.
Use –help for more information.
so we need to install the openresolv package.
Then we need to modify or add actually, this lines at the bottom of the file to update the custom script:
sudo nano /etc/openvpn/update-resolv-confAnd we add:
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Now we have to consider this:
The update-systemd-resolved custom script
Note: Since systemd 229, systemd-networkd has exposed an API through DBus allowing management of DNS configuration on a per-link basis. Tools such as openresolv may not work reliably when /etc/resolv.conf is managed by systemd-resolved, and will not work at all if using resolve instead of dns in /etc/nsswitch.conf.
The update-systemd-resolved script links OpenVPN with systemd-resolved via DBus to update the DNS records.
Copy the script into /etc/openvpn/scripts and mark as executable (or install openvpn-update-systemd-resolvedAUR) and append the following lines into the OpenVPN client configuration file:
/etc/openvpn/client/client.conf
client
remote example.com 1194 udp
script-security 2
setenv PATH /usr/bin
up /etc/openvpn/scripts/update-systemd-resolved
down /etc/openvpn/scripts/update-systemd-resolved
down-pre
In order to send all DNS traffic through the VPN tunnel and prevent DNS leaks, also add the following line (see [7]):
/etc/openvpn/client/client.conf
dhcp-option DOMAIN-ROUTE .
So, according this documentation that is possible to find on the official website of Arch, we install :
https://aur.archlinux.org/packages/openvpn-update-systemd-resolved
yay -S penvpn-update-systemd-resolvedNow we can connect to prontonvpn using the console:
[felipe@SDFCSC protonvpn]$ sudo openvpn –config us-free-20.protonvpn.net.tcp.ovpn
2023-07-24 22:51:27 DEPRECATED OPTION: –cipher set to ‘AES-256-CBC’ but missing in –data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores –cipher for cipher negotiations.
2023-07-24 22:51:27 Note: Kernel support for ovpn-dco missing, disabling data channel offload.
2023-07-24 22:51:27 OpenVPN 2.6.5 [git:makepkg/cbc9e0ce412e7b42+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Jun 13 2023
2023-07-24 22:51:27 library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10
2023-07-24 22:51:27 DCO version: N/A
Enter Auth Username: *************************
Enter Auth Password: *********************
NOTE: For protonvpn proper usage we need the openvpn-IKEv2 password and username, you can get it in the dashboard of the protonvpn site.
For any other connection, use the common user and password to enter a vpn server.
[felipe@SDFCSC protonvpn]$ sudo openvpn --config us-free-20.server.net.tcp.ovpn