First, copy the appropriate key sets from the server to the “/etc/openvpn” directory on each of the clients. If the client machines aren’t locally available, then make the transfers via a secure means, such as SFTP. For example, for client 1 copy the following files:
client1.crt
client1.key
ca.crt
Note: The same “ca.crt” file gets copied to each client. Be sure that you don’t copy the “ca.key” file to any clients, or else server security will be compromised.
On each client, copy the “client.conf” file from the “/usr/share/doc/openvpn-2.0.9/sample-config-files/” directory to the “/etc/openvpn” directory. Open the file for editing. Scroll down until you find the line:
remote my-server-1 1194
Change the “my-server-1” part to the actual IP address of your OpenVPN server. For example, if the IP address of your server’s eth0 interface is 216.33.19.3, then the line will become:
remote 216.33.19.3 1194
Next, scroll down until you find the lines:
ca ca.crt
cert client.crt
key client.key
Change these lines to match the client-key files that you transferred from the server. For client 1, these would become:
ca ca.crt
cert client1.crt
key client1.key
Uncomment the line,
;ns-cert-type server
by removing the preceding semi-colon.
Uncomment the
;cipher x
line, and change the “x” to match the cryptographic method that you set up in the server configuration. For example, if you chose the “Blowfish” method in the server configuration, then change this line to:
cipher BF-CBC
Save the file and exit the text editor. To test, start up OpenVPN on the server, and then start OpenVPN on the client.
Note: Even on the clients, manually starting OpenVPN from the command-line requires root privileges. So, for testing, you will either have to have the appropriate settings made so that you can use “sudo”, or you’ll have to have the root password for the respective client machines.
The command to start the client is:
cd /etc/openvpn
openvpn client.conf
On the client, open a second command-line terminal window, and ping the private address of the OpenVPN server. In our example, the command would be “ping 10.1.1.1”. If the ping is successful, you’ve achieved coolness. If it isn’t, you may have to reconfigure the client’s firewall to allow proper connectivity.
As on the server, you’ll find that init script have been installed in the appropriate run-level directories. So, OpenVPN will start automatically, and will automatically connect to the OpenVPN server, whenever you reboot the computer.
