First, copy the appropriate key sets from the server to the “/etc/openvpn” directory on each of the clients. If the client machines aren’t locally available, then make the transfers via a secure means, such as SFTP. For example, for client 1 copy the following files:
Note: The same “ca.crt” file gets copied to each client. Be sure that you don’t copy the “ca.key” file to any clients, or else server security will be compromised.
On each client, copy the “client.conf” file from the “/usr/share/doc/openvpn-2.0.9/sample-config-files/” directory to the “/etc/openvpn” directory. Open the file for editing. Scroll down until you find the line:
remote my-server-1 1194
Change the “my-server-1” part to the actual IP address of your OpenVPN server. For example, if the IP address of your server’s eth0 interface is 220.127.116.11, then the line will become:
remote 18.104.22.168 1194
Next, scroll down until you find the lines:
Change these lines to match the client-key files that you transferred from the server. For client 1, these would become:
Uncomment the line,
by removing the preceding semi-colon.
line, and change the “x” to match the cryptographic method that you set up in the server configuration. For example, if you chose the “Blowfish” method in the server configuration, then change this line to:
Save the file and exit the text editor. To test, start up OpenVPN on the server, and then start OpenVPN on the client.
Note: Even on the clients, manually starting OpenVPN from the command-line requires root privileges. So, for testing, you will either have to have the appropriate settings made so that you can use “sudo”, or you’ll have to have the root password for the respective client machines.
The command to start the client is:
On the client, open a second command-line terminal window, and ping the private address of the OpenVPN server. In our example, the command would be “ping 10.1.1.1”. If the ping is successful, you’ve achieved coolness. If it isn’t, you may have to reconfigure the client’s firewall to allow proper connectivity.
As on the server, you’ll find that init script have been installed in the appropriate run-level directories. So, OpenVPN will start automatically, and will automatically connect to the OpenVPN server, whenever you reboot the computer.