Step 3: Edit the Config Files

Objective: Modify the configuration files so they will work correctly.

Let’s make a minor config change to the OpenVPN config file. Then, we’ll correct the comp-lzo error in the client configuration file.

6.3.1. Edit openvpn.conf

To start, edit openvpn.conf.

nano ~/vpn-data/openvpn.conf
openvpn.conf
 1server 192.168.255.0 255.255.255.0
 2verb 3
 3key /etc/openvpn/pki/private/10.10.235.128.key
 4ca /etc/openvpn/pki/ca.crt
 5cert /etc/openvpn/pki/issued/10.10.235.128.crt
 6dh /etc/openvpn/pki/dh.pem
 7tls-auth /etc/openvpn/pki/ta.key
 8key-direction 0
 9keepalive 10 60
10persist-key
11persist-tun
12
13proto udp
14# Rely on Docker to do port mapping, internally always 1194
15port 1194
16dev tun0
17status /tmp/openvpn-status.log
18
19user nobody
20group nogroup
21comp-lzo no
22
23### Route Configurations Below
24route 192.168.254.0 255.255.255.0
25
26### Push Configurations Below
27push "block-outside-dns"
28push "dhcp-option DNS 8.8.8.8"
29push "dhcp-option DNS 8.8.4.4"
30push "comp-lzo no"

  1. Change openvpn-status.log to the OpenVPN configuration directory on line 17.

  • Changing the directory let’s us view the status-log in vpn-data instead of having to enter the container.

  • Recall that OpenVPN stores the configuration data in /etc/openvpn, which is a defined volume in our Docker container.

# status /tmp/openvpn-status.log
status /etc/openvpn/status.log

We can now view the status of the VPN connection using this command:

tail -n 20 ~/vpn-data/status.log

  1. Now is a good time to change the DNS server to other public DNS providers if you don’t want to use 8.8.8.8 or if you want a country-specific DNS provider.

We recommend that you chose an Anycast DNS server so that your VPN connection uses one closest to the server. Here is a list of public DNS servers. If security is important to you, then you should choose a DNS server that supports DNSSEC.

Here are our favorite ones:

Address

Operator

1.1.1.1
1.0.0.1

Cloudflare

9.9.9.9

Quad9

8.8.8.8
8.8.4.4

Google Public Free DNS

84.200.69.80
84.200.70.40

DNS.Watch

  1. Restart the OpenVPN docker container and check the logs for errors.

docker restart openvpn
docker logs openvpn

6.3.2. Edit user.ovpn

Now, we will correct the comp-lzo configuration error.

  1. Edit file user1.ovpn.

  2. Add comp-lzo no anywhere in the configuration file, such as under the remote-cert-tls directive

    1client
2nobind
3dev tun
4remote-cert-tls server
5comp-lzo no
6
7remote x.x.x.x 12345 udp