Configuring OpenVPN to connect as a client to an AirVPN server
OpenVPN is quite detailed as it describes configuration for both servers and clients. If you're interested in simply getting openvpn to work with credentials provided by a third-party VPN service, do this:
Install openvpn with pacman:
# pacman -S openvpn
Airvpn will generates a config for you, if you have an account and are logged in. You can choose a server, port, and proxy settings, and download a zip file with certificates and settings. I downloaded it from their page "Access without a client" on 01.20.2012.
You should now have an archive air.zip containing 4 files:
air.ovpn ca.crt user.crt user.key
Note that user.key is your secret key. Don't share it or let it be compromised.
Open air.ovpn and note the lines
ca "ca.crt" user "user.crt" key "user.key"
Move all four files to /etc/openvpn, set permissions, delete the zip. IF you want to put them somewhere else, set their new absolute paths in air.ovpn; it won't find them by default as shown above
# mv air.ovpn ca.crt user.crt user.key /etc/openvpn # chmod 400 air.ovpn ca.crt user.crt user.key # shred --remove ~/air.zip
Point openvpn at the config file as superuser:
# openvpn --config /etc/openvpn/air.ovpn
You should get a couple dozen verbose connection logs, hopefully ending in something like
Sat Jan 21 02:16:47 2012 Initialization Sequence Completed
Background openvpn if you'd like:
CTRL-Z + Stopped sudo openvpn --config /etc/openvpn/air.ovpn bg sudo openvpn --config /etc/openvpn/air.ovpn &
This won't start automatically as shown. I'm not sure how to do it right, perhaps putting a small script in /etc/rc.conf.d/ would be appropriate.
Sample configs are included in /usr/share/openvpn/examples/
If you have a custom kernel, note that OpenVPN requires TUN/TAP modules enabled as described in OpenVPN. They should already work on default kernels.
I was setting this up on a virtual Arch system running in Virtualbox on a Windows 7 host machine. While testing I already had my Windows client tunnelling all traffic through my Windows AirVPN client. Trying to initialize a second tunnel from within the VM failed with an authentication failure, until I turned off the Windows client.
If the files are chmod 400, you must execute openvpn as superuser or it will fail with "Error opening configuration file."