OpenVPN Configuration

Installing OpenVPN

USE='examples' emerge -av openvpn

Setting up CA and generating certificates and keys

Change the following in "/usr/share/openvpn/easy-rsa/vars"

#export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
export KEY_CONFIG="$EASY_RSA/openssl.cnf"

Initialize the PKI

cd /usr/share/openvpn/easy-rsa
. ./vars
./clean-all
./build-ca

Generate certificate & key for server

./build-key-server server

Generate certificates & keys for a client

./build-key client1

Generate Diffie Hellman parameters

./build-dh

Configuring OpenVPN Server

Copy necessary files to OpenVPN configuration directory

cp keys/ca.crt /etc/openvpn/
cp keys/server.crt /etc/openvpn/
cp keys/server.key /etc/openvpn/
cp keys/dh1024.pem /etc/openvpn/

Generate a sample configuration file

cd /etc/openvpn
bzip2 -dc /usr/share/doc/openvpn-2.0.9/examples/sample-config-files/server.conf.bz2 > openvpn.conf

Run the OpenVPN server

/etc/init.d/openvpn start

Configuring OpenVPN Client

Generate a sample client configuration file

bzip2 -dc /usr/share/doc/openvpn-2.0.9/examples/sample-config-files/client.conf.bz2 > client.conf

OpenVPN client setup

• OpenVPN GUI for Windows
  • Download and install latest build from  http://openvpn.se/download.html
  • Copy ca.crt, client.conf, client1.crt and client1.key to OpenVPN GUI's config folder
  • Rename client.conf to client.ovpn
  • Edit the client.ovpn, specify hostname and certificates and keys' name
  • (For Vista/Windows? 7), add the following to client.ovpn, and run the application as Administrator

    route-method exe
    route-delay 2
    

• OpenVPN for Linux
  • tbd
• OpenVPN for Mac
  • Download and install Tunnelblick from  http://code.google.com/p/tunnelblick/
  • Copy ca.crt, client.conf, client1.crt and client1.key to ~/Library/openvpn/
  • Edit the client.conf, specify hostname and certificates and keys' name

References

•  http://openvpn.net/index.php/open-source/documentation/howto.html#quick
•  http://openvpn.se/