Setting up OpenVPN

Install the openvpn package on both client and server.

apt-get install openvpn

Server-side, copy key generating script from openvpn example to `/etc/openvpn`:

cd /etc/openvpn
cp -a /usr/share/doc/openvpn/examples/easy-rsa/2.0/ easy-rsa

Edit the bottom of `/etc/openvpn/easy-rsa/vars` according to your organization.

export KEY_COUNTRY="Some country"
export KEY_PROVINCE="Some province/state"
export KEY_CITY="Some City"
export KEY_ORG="Some Organization"
export KEY_EMAIL="some@email.address"

Execute the following commands:

cd easy-rsa/
. ./vars
./clean-all

Generate CERTIFICATE AUTHORITY (CA) CERTIFICATE/KEY.

./build-ca

Generate BUILD AN INTERMEDIATE CERTIFICATE AUTHORITY CERTIFICATE/KEY.

./build-key-server server

Generate BUILD DIFFIE-HELLMAN PARAMETERS (necessary for the server end of a SSL/TLS connection).

./build-dh

Generate key for each client.

./build-key clientname

Copy the files `ca.crt`, `clientname.crt`, `clientname.key` from the server to client into the `/etc/openvpn/easy-rsa/keys/` directory.

On the server create `/etc/openvpn/server.conf` as follows. Make sure empty lines are completely empty, i.e. no spaces. The port and keepalive lines are optional if you want to use a non-standard port or customized keepalive behaviour. You probably want to change the server line to the desired values.

port 12345
proto udp
dev tun

topology subnet

ca      /etc/openvpn/easy-rsa/keys/ca.crt
cert    /etc/openvpn/easy-rsa/keys/server.crt
key     /etc/openvpn/easy-rsa/keys/server.key
dh      /etc/openvpn/easy-rsa/keys/dh1024.pem

server 192.168.100.0 255.255.255.0
ifconfig-pool-persist ipp.txt

keepalive 10 30

comp-lzo
persist-key
persist-tun

status /var/log/openvpn-status.log

verb 3
client-to-client

Server: Restart OpenVPN.

/etc/init.d/openvpn restart

On the client create `/etc/openvpn/client.conf` as follows. Don’t forget to change the port and remote lines to match the server settings.

client
dev tun
port 12345
proto udp

remote server_hostname_or_ip 12345
nobind

ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/clientname.crt
key /etc/openvpn/easy-rsa/keys/clientname.key

comp-lzo
persist-key
persist-tun

status /var/log/openvpn-status.log

verb 3

Client: Restart OpenVPN.

/etc/init.d/openvpn restart

Install the openvpn package on both client and server.

Server-side, copy key generating script from openvpn example to /etc/openvpn:

Edit the bottom of /etc/openvpn/easy-rsa/vars according to your organization.

Execute the following commands:

Generate CERTIFICATE AUTHORITY (CA) CERTIFICATE/KEY.

Generate BUILD AN INTERMEDIATE CERTIFICATE AUTHORITY CERTIFICATE/KEY.

Generate BUILD DIFFIE-HELLMAN PARAMETERS (necessary for the server end of a SSL/TLS connection).

Generate key for each client.

Copy the files ca.crt, clientname.crt, clientname.key from the server to client into the /etc/openvpn/easy-rsa/keys/ directory.

Server: Restart OpenVPN.

On the client create /etc/openvpn/client.conf as follows. Don’t forget to change the port and remote lines to match the server settings.

Client: Restart OpenVPN.

Server-side, copy key generating script from openvpn example to `/etc/openvpn`:

Edit the bottom of `/etc/openvpn/easy-rsa/vars` according to your organization.

Copy the files `ca.crt`, `clientname.crt`, `clientname.key` from the server to client into the `/etc/openvpn/easy-rsa/keys/` directory.

On the client create `/etc/openvpn/client.conf` as follows. Don’t forget to change the port and remote lines to match the server settings.