{"id":10825,"date":"2021-10-26T22:13:01","date_gmt":"2021-10-26T19:13:01","guid":{"rendered":"https:\/\/kifarunix.com\/?p=10825"},"modified":"2024-03-18T13:24:39","modified_gmt":"2024-03-18T10:24:39","slug":"install-openvpn-server-on-debian-11-debian-10","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-openvpn-server-on-debian-11-debian-10\/","title":{"rendered":"Install OpenVPN Server on Debian 11\/Debian 10"},"content":{"rendered":"\n<p>In this guide, we are going to learn how to install <a href=\"https:\/\/openvpn.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">OpenVPN<\/a> Server on Debian 11\/Debian 10.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Installing OpenVPN Server on Debian<\/h2>\n\n\n\n<p>Run system update<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt update<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Install OpenVPN on Debian 11\/Debian 10<\/h3>\n\n\n\n<p>OpenVPN package is available on the default Debian 11\/Debian 10 repos.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt install openvpn -y<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Create OpenVPN Public Key Infrastructure<\/h3>\n\n\n\n<p>Initialize the OpenVPN PKI. The PKI consists of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>a public key and private key for the server and each client<\/li>\n\n\n\n<li>a master Certificate Authority (CA) certificate and key which is used to sign each of the server and client certificates.<\/li>\n<\/ul>\n\n\n\n<p>Thus, copy the easy-rsa configuration directory to a different location to ensure that that future OpenVPN package upgrades won\u2019t overwrite your modifications.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cp -r \/usr\/share\/easy-rsa \/etc\/<\/code><\/pre>\n\n\n\n<p>Next, initialize the PKI.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd \/etc\/easy-rsa\/<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>.\/easyrsa init-pki<\/code><\/pre>\n\n\n\n<p>Sample command output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>init-pki complete; you may now create a CA or requests.\nYour newly created PKI dir is: \/etc\/easy-rsa\/pki<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Create the Certificate Authority (CA) Certificate and Key<\/h4>\n\n\n\n<p>Next, generate the CA certificate and key for signing OpenVPN server and client certificates.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd \/etc\/easy-rsa\/\n.\/easyrsa build-ca<\/code><\/pre>\n\n\n\n<p>This will prompt you for the CA key passphrase and the server common name.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>Using SSL: openssl OpenSSL 1.1.1d  10 Sep 2019\n\nEnter New CA Key Passphrase: \nRe-Enter New CA Key Passphrase: \nGenerating RSA private key, 2048 bit long modulus (2 primes)\n.............................................+++++\n...................................+++++\ne is 65537 (0x010001)\nCan't load \/etc\/easy-rsa\/pki\/.rnd into RNG\n139670192284800:error:2406F079:random number generator:RAND_load_file:Cannot open file:..\/crypto\/rand\/randfile.c:98:Filename=\/etc\/easy-rsa\/pki\/.rnd\nYou are about to be asked to enter information that will be incorporated\ninto your certificate request.\nWhat you are about to enter is what is called a Distinguished Name or a DN.\nThere are quite a few fields but you can leave some blank\nFor some fields there will be a default value,\nIf you enter '.', the field will be left blank.\n-----\nCommon Name (eg: your user, host, or server name) [Easy-RSA CA]:Kifarunix-demo CA\n\nCA creation complete and you may now import and sign cert requests.\nYour new CA certificate file for publishing is at:\n\/etc\/easy-rsa\/pki\/ca.crt\n\n<\/code><\/pre>\n\n\n\n<p>The CA certificate is generated and stored at&nbsp;<code>\/etc\/easy-rsa\/pki\/ca.crt<\/code>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Generate Diffie Hellman Parameters<\/h4>\n\n\n\n<p>Generate Diffie-Hellman keys used for key exchange during the TLS handshake between OpenVPN server and the connecting clients. This command has be executed within the Easy-RSA directory;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>.\/easyrsa gen-dh<\/code><\/pre>\n\n\n\n<p>DH parameters of size 2048 will be created at&nbsp;<code><strong>\/etc\/easy-rsa\/pki\/dh.pem<\/strong><\/code>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Generate OpenVPN Server Certificate and Key<\/h3>\n\n\n\n<p>To generate a certificate and private key for the OpenVPN server, run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd \/etc\/easy-rsa<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>.\/easyrsa build-server-full server nopass<\/code><\/pre>\n\n\n\n<p>Enter the CA key passphrase create above to generate the certificates and keys.<\/p>\n\n\n\n<p><strong><code>nopass<\/code><\/strong>&nbsp;disables the use of passphrase.<\/p>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>Using SSL: openssl OpenSSL 1.1.1d  10 Sep 2019\nGenerating a RSA private key\n........................................+++++\n.......................................+++++\nwriting new private key to '\/etc\/easy-rsa\/pki\/private\/server.key.MMFHTTtpKD'\n-----\nUsing configuration from \/etc\/easy-rsa\/pki\/safessl-easyrsa.cnf\nEnter pass phrase for \/etc\/easy-rsa\/pki\/private\/ca.key:\nCheck that the request matches the signature\nSignature ok\nThe Subject's Distinguished Name is as follows\ncommonName            :ASN.1 12:'server'\nCertificate is to be certified until Oct 10 18:23:08 2024 GMT (1080 days)\n\nWrite out database with 1 new entries\nData Base Updated\n\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Generate Hash-based Message Authentication Code (HMAC) key<\/h3>\n\n\n\n<p>TLS\/SSL pre-shared authentication key is used as an additional HMAC signature on all SSL\/TLS handshake packets to avoid DoS attack and UDP port flooding. This can be generated using the command;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>openvpn --genkey secret \/etc\/easy-rsa\/pki\/ta.key<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Generate OpenVPN Revocation Certificate<\/h3>\n\n\n\n<p>To invalidate a previously signed certificate, you need to generate a revocation certificate.<\/p>\n\n\n\n<p>Run the script within the Easy-RSA directory;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>.\/easyrsa gen-crl<\/code><\/pre>\n\n\n\n<p>The revocation certificate is generated and stored at&nbsp;<code>\/etc\/easy-rsa\/pki\/crl.pem<\/code>.<\/p>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>Using SSL: openssl OpenSSL 1.1.1d  10 Sep 2019\nUsing configuration from \/etc\/easy-rsa\/pki\/safessl-easyrsa.cnf\nEnter pass phrase for \/etc\/easy-rsa\/pki\/private\/ca.key:\n\nAn updated CRL has been created.\nCRL file: \/etc\/easy-rsa\/pki\/crl.pem\n\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Copy Server Certificates and Keys to Server Config Directory<\/h3>\n\n\n\n<p>Copy all generated server certificates\/keys to OpenVPN server configuration directory.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cp -rp \/etc\/easy-rsa\/pki\/{ca.crt,dh.pem,ta.key,crl.pem,issued,private} \/etc\/openvpn\/server\/<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Generate OpenVPN Client Certificates and Keys<\/h3>\n\n\n\n<p>OpenVPN clients certificates and private keys can be generated as follows<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd \/etc\/easy-rsa<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>.\/easyrsa build-client-full koromicha nopass<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>where&nbsp;<strong><code>koromicha<\/code><\/strong>&nbsp;is the name of the client for which the certificate and keys are generated.<\/li>\n\n\n\n<li>Always use a unique common name for each client that you are generating certificate and keys for.<\/li>\n<\/ul>\n\n\n\n<p>Sample command output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>Using SSL: openssl OpenSSL 1.1.1d  10 Sep 2019\nGenerating a RSA private key\n...........................+++++\n...........................................................................................................................+++++\nwriting new private key to '\/etc\/easy-rsa\/pki\/private\/koromicha.key.saAaE6L0tX'\n-----\nUsing configuration from \/etc\/easy-rsa\/pki\/safessl-easyrsa.cnf\nEnter pass phrase for \/etc\/easy-rsa\/pki\/private\/ca.key:\nCheck that the request matches the signature\nSignature ok\nThe Subject's Distinguished Name is as follows\ncommonName            :ASN.1 12:'koromicha'\nCertificate is to be certified until Oct 10 18:25:37 2024 GMT (1080 days)\n\nWrite out database with 1 new entries\nData Base Updated\n\n<\/code><\/pre>\n\n\n\n<p>To generate for the second client,<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>.\/easyrsa build-client-full janedoe nopass<\/code><\/pre>\n\n\n\n<p>You can see how to use&nbsp;<code>easyrsa<\/code>&nbsp;command with&nbsp;<code>.\/easyrsa --help<\/code>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Copy Client Certificates and Keys to Client Directory<\/h3>\n\n\n\n<p>Create OpenVPN clients directories. For example, we have generated certificates and key files for two clients, koromicha and janedoe, hence we create directories as;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/etc\/openvpn\/client\/{koromicha,janedoe}<\/code><\/pre>\n\n\n\n<p>After that, copy the client generated certificates\/keys and server CA certificate to OpenVPN client configuration directory. You can<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cp -rp \/etc\/easy-rsa\/pki\/{ca.crt,issued\/koromicha.crt,private\/koromicha.key} \/etc\/openvpn\/client\/koromicha<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cp -rp \/etc\/easy-rsa\/pki\/{ca.crt,issued\/janedoe.crt,private\/janedoe.key} \/etc\/openvpn\/client\/janedoe\/<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Configure OpenVPN Server on Debian 11\/Debian 10<\/h3>\n\n\n\n<p>The next step is to configure OpenVPN server. Copy the sample OpenVPN server configuration to&nbsp;<code>\/etc\/openvpn\/server<\/code>&nbsp;directory as shown below;<\/p>\n\n\n\n<p>On Debian 10;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cp \/usr\/share\/doc\/openvpn\/examples\/sample-config-files\/server.conf.gz \/etc\/openvpn\/server\/<\/code><\/pre>\n\n\n\n<p>Extract the configuration.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd \/etc\/openvpn\/server\/\ngunzip server.conf.gz<\/code><\/pre>\n\n\n\n<p>On Debian 11;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cp \/usr\/share\/doc\/openvpn\/examples\/sample-config-files\/server.conf \/etc\/openvpn\/server\/<\/code><\/pre>\n\n\n\n<p>Modify the configuration file, <strong><code>server.conf<\/code><\/strong>, to suite your needs;<\/p>\n\n\n\n<p>This is how our configurations looks like with no comments.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cp \/etc\/openvpn\/server\/server.conf{,.bak}<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/openvpn\/server\/server.conf << 'EOL'\nport 1194\nproto udp\ndev tun\nca ca.crt\ncert issued\/server.crt\nkey private\/server.key  # This file should be kept secret\ndh dh.pem\ntopology subnet\nserver 10.8.0.0 255.255.255.0\nifconfig-pool-persist \/var\/log\/openvpn\/ipp.txt\npush \"redirect-gateway def1 bypass-dhcp\"\npush \"dhcp-option DNS 208.67.222.222\"\npush \"dhcp-option DNS 8.8.8.8\"\nclient-to-client\nkeepalive 10 120\ntls-auth ta.key 0 # This file is secret\ncipher AES-256-CBC\ncomp-lzo\npersist-key\npersist-tun\nstatus \/var\/log\/openvpn\/openvpn-status.log\nlog-append  \/var\/log\/openvpn\/openvpn.log\nverb 3\nexplicit-exit-notify 1\nauth SHA512\nEOL\n<\/code><\/pre>\n\n\n\n<p>Save and exit the config once done editing.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Configure OpenVPN IP Forwarding<\/h3>\n\n\n\n<p>To ensure that traffic from the client is routed through the OpenVPN server\u2019s IP address (helps masks the the client IP address), you need to enable IP forwarding on the OpenVPN server.<\/p>\n\n\n\n<p>Uncomment the line,&nbsp;<code><strong>net.ipv4.ip_forward=1<\/strong><\/code>, on&nbsp;<code><strong>\/etc\/sysctl.conf<\/strong><\/code>&nbsp;to enable packet forwarding for IPv4<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sed -i 's\/#net.ipv4.ip_forward=1\/net.ipv4.ip_forward=1\/' \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\n<p>Apply the changes without rebooting the server.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sysctl -p<\/code><\/pre>\n\n\n\n<p>Allow OpenVPN service port through firewall;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ufw allow 1194\/udp<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Configure IP Masquerading on UFW<\/h3>\n\n\n\n<p>Find your default interface through which your packets are sent.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ip route get 8.8.8.8<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>8.8.8.8 via 10.0.2.2 dev <strong>enp0s3<\/strong> src 10.0.2.15 uid 0<\/code><\/pre>\n\n\n\n<p>Next, update UFW rules;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/ufw\/before.rules<\/code><\/pre>\n\n\n\n<p>Add the following highlighted lines just before the&nbsp;<strong><code>*filter<\/code><\/strong>&nbsp;table settings. Note the interface used shoud match the interface name above.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>...\n<strong>*nat\n:POSTROUTING ACCEPT &#91;0:0]\n-A POSTROUTING -s 10.8.0.0\/8 -o enp0s3 -j MASQUERADE\nCOMMIT<\/strong>\n# Don't delete these required lines, otherwise there will be errors\n*filter\n...<\/code><\/pre>\n\n\n\n<p>Save and exit the config.<\/p>\n\n\n\n<p>Enable UFW packet forwarding;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sed -i 's\/DEFAULT_FORWARD_POLICY=\"DROP\"\/DEFAULT_FORWARD_POLICY=\"ACCEPT\"\/' \/etc\/default\/ufw<\/code><\/pre>\n\n\n\n<p>Reload UFW;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ufw reload<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Running OpenVPN Server on Debian 11\/Debian 10<\/h3>\n\n\n\n<p>Start and enable OpenVPN server to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now openvpn-server@server<\/code><\/pre>\n\n\n\n<p>Checking the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status openvpn-server@server<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf openvpn-server@server.service - OpenVPN service for server\n   Loaded: loaded (\/lib\/systemd\/system\/openvpn-server@.service; enabled; vendor preset: enabled)\n   Active: active (running) since Tue 2021-10-26 15:06:18 EDT; 9s ago\n     Docs: man:openvpn(8)\n           https:\/\/community.openvpn.net\/openvpn\/wiki\/Openvpn24ManPage\n           https:\/\/community.openvpn.net\/openvpn\/wiki\/HOWTO\n Main PID: 1595 (openvpn)\n   Status: \"Initialization Sequence Completed\"\n    Tasks: 1 (limit: 2359)\n   Memory: 2.4M\n   CGroup: \/system.slice\/system-openvpn\\x2dserver.slice\/openvpn-server@server.service\n           \u2514\u25001595 \/usr\/sbin\/openvpn --status \/run\/openvpn-server\/status-server.log --status-version 2 --suppress-timestamps --config server.conf\n\nOct 26 15:06:18 debian systemd[1]: Starting OpenVPN service for server...\nOct 26 15:06:18 debian systemd[1]: Started OpenVPN service for server.\n<\/code><\/pre>\n\n\n\n<p>When OpenVPN service runs, it will create a tunnelling interface, tun0;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ip add s<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>...\n4: tun0: &lt;POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP&gt; mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100\n    link\/none \n    inet 10.8.0.1\/24 brd 10.8.0.255 scope global tun0\n       valid_lft forever preferred_lft forever\n    inet6 fe80::bf6a:bdf4:58e1:ec24\/64 scope link stable-privacy \n       valid_lft forever preferred_lft forever<\/code><\/pre>\n\n\n\n<p>Also, be sure to check the logs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tail \/var\/log\/openvpn\/openvpn.log<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\/sbin\/ip link set dev tun0 up mtu 1500\n\/sbin\/ip addr add dev tun0 10.8.0.1\/24 broadcast 10.8.0.255\nCould not determine IPv4\/IPv6 protocol. Using AF_INET\nSocket Buffers: R=[212992-&gt;212992] S=[212992-&gt;212992]\nUDPv4 link local (bound): [AF_INET][undef]:1194\nUDPv4 link remote: [AF_UNSPEC]\nMULTI: multi_init called, r=256 v=256\nIFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0\nIFCONFIG POOL LIST\nInitialization Sequence Completed\n<\/code><\/pre>\n\n\n\n<p>The OpenVPN server is now ready to accept and route connections from clients.<\/p>\n\n\n\n<p>That marks the end of our guide.<\/p>\n\n\n\n<p>You can now configure your clients accordingly.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Related Tutorials<\/h3>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/install-and-configure-openvpn-client-on-centos-8-ubuntu-18-04\/\" target=\"_blank\">Install and Configure OpenVPN Client on CentOS 8\/Ubuntu 18.04<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/configure-openvpn-ldap-based-authentication\/\" target=\"_blank\">Configure OpenVPN LDAP Based Authentication<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/how-to-configure-ipsec-vpn-using-strongswan-on-ubuntu-18-04\/\" target=\"_blank\">Configure IPSEC VPN using StrongSwan on Ubuntu 18.04<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, we are going to learn how to install OpenVPN Server on Debian 11\/Debian 10. Installing OpenVPN Server on Debian Run system update<\/p>\n","protected":false},"author":1,"featured_media":9411,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,121,282,321],"tags":[997,4239,4237,4235,4236,4240],"class_list":["post-10825","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-howtos","category-openvpn","category-vpn","tag-debian-10","tag-debian-10-openvpn-debian-10","tag-debian-11-openvpn-server","tag-install-openvpn-on-debian-11","tag-openvpn-server-debian-11","tag-openvpn-setup","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/10825"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=10825"}],"version-history":[{"count":6,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/10825\/revisions"}],"predecessor-version":[{"id":21622,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/10825\/revisions\/21622"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/9411"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=10825"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=10825"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=10825"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}