The OpenVPN package on Debian comes with some systemd .service files to make VPN connections easier to manage. These (all located in /lib/systemd/system/) are named openvpn-client(a).service openvpn-server(a).service openvpn.service openvpn(a).service Note the @-signs in the names of three of them: these indicate “template” services, each of which can be “instantiated” any number of times, to create multiple service “instances”. There seem to be two alternative ways of defining your OpenVPN services here: the first two .service files let you define and manage client-end and server-end connections individually, and require you to start and stop them separately, while the latter two don’t bother distinguishing between client-end and server-end (this is purely up to the respective OpenVPN configurations), they are all defined by instantiating “openvpn(a).service”. The non-template file, “openvpn.service”, can then be used to start and stop all these instances at once. (It could be that the first two represent an older way of managing connections, while the latter two are a newer, unified, more flexible way. But hey...) To illustrate how template instantiations work, I have been setting up a VPN link between a virtual private server at Rimu Hosting and the Internet router machine in my office. The VPS (with the fixed IP address) is the server end, while my office end is the client. On the server, I create a config file named /etc/openvpn/server/office.conf that appropriately defines the server end of the connection. The name “office” now automatically becomes the name of the instance: to start this, I just type systemctl start openvpn-server(a)office and systemd automatically fills in the name “office” in place of the “%i” placeholder in the contents of the openvpn-server(a).service template file, and executes the appropriate openvpn command. (One of the occurrences of %i is in the name of the config file.) At the client end, I create a config file named /etc/openvpn/client/vps.conf that appropriately defines the client end of the connection. Here the instance name is “vps”, so the systemd command to launch openvpn at the client end is systemctl start openvpn-client(a)vps and as before, instances of “%i” in the template are replaced with the instance name, “vps”. (As before, %i is also used to produce the name of the config file.) Of course, manually starting and stopping OpenVPN instances may be fine for testing, but for production use you want this to happen automatically at boot time. Just change the systemctl “start” commands to “enable”, and it’s done.