Step 3: Edit the Config Files

Objective: Modify the configuration files so they will work correctly.

Let’s make a minor config change to the OpenVPN config file. Then, we’ll correct the comp-lzo error in the client configuration file.

6.3.1. Edit openvpn.conf

To start, edit openvpn.conf.

nano ~/vpn-data/openvpn.conf
openvpn.conf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
server 192.168.255.0 255.255.255.0
verb 3
key /etc/openvpn/pki/private/10.10.235.128.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/10.10.235.128.crt
dh /etc/openvpn/pki/dh.pem
tls-auth /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 60
persist-key
persist-tun

proto udp
# Rely on Docker to do port mapping, internally always 1194
port 1194
dev tun0
status /tmp/openvpn-status.log

user nobody
group nogroup
comp-lzo no

### Route Configurations Below
route 192.168.254.0 255.255.255.0

### Push Configurations Below
push "block-outside-dns"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "comp-lzo no"
  1. Change openvpn-status.log to the OpenVPN configuration directory on line 17.

  • Changing the directory let’s us view the status-log in vpn-data instead of having to enter the container.

  • Recall that OpenVPN stores the configuration data in /etc/openvpn, which is a defined volume in our Docker container.

# status /tmp/openvpn-status.log
status /etc/openvpn/status.log

We can now view the status of the VPN connection using this command:

tail -n 20 ~/vpn-data/status.log
  1. Now is a good time to change the DNS server to other public DNS providers if you don’t want to use 8.8.8.8 or if you want a country-specific DNS provider.

We recommend that you chose an Anycast DNS server so that your VPN connection uses one closest to the server. Here is a list of public DNS servers. If security is important to you, then you should choose a DNS server that supports DNSSEC.

Here are our favorite ones:

Address

Operator

1.1.1.1
1.0.0.1

Cloudflare

9.9.9.9

Quad9

8.8.8.8
8.8.4.4

Google Public Free DNS

84.200.69.80
84.200.70.40

DNS.Watch

  1. Restart the OpenVPN docker container and check the logs for errors.

docker restart openvpn
docker logs openvpn

6.3.2. Edit user.ovpn

Now, we will correct the comp-lzo configuration error.

  1. Edit file user1.ovpn.

  2. Add comp-lzo no anywhere in the configuration file, such as under the remote-cert-tls directive

    1
    2
    3
    4
    5
    6
    7
    client
    nobind
    dev tun
    remote-cert-tls server
    comp-lzo no
    
    remote x.x.x.x 12345 udp