OpenVPN Checklist Guide

From ArchWiki
Revision as of 20:35, 16 August 2012 by Chrisl (talk | contribs) (First version of the checklist guide. Right now, is pretty much a copy of the old Openvpn guide. Still need more info, but it should be in a summary format! For detailed or handholding instructions, use the Openvpn article)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This article summarizes the install process required for OpenVPN. See OpenVPN instead for a walkthrough.


Install the package openvpn from the official repositories.

Prepare data

  • Copy /usr/share/openvpn/easy-rsa to /etc/openvpn/easy-rsa and cd there
  • Edit vars with the information you want, then source it.
 . ./vars
  • Clean up any previous keys:

Generate the certificates

  • Create the "certificate authority" key
  • Create certificate and private key for the server
 ./build-key-server <server-name>
  • Create the Diffie-Hellman pem file for the server. Don't enter a challenge password or company name when you set these up.
  • Create a certificate for each client.
./build-key <client-name>

All certificates are stored in keys directory. If you mess up, you can start all over by doing a ./clean-all

Copy to each client the ca.crt, and their respective crt and key files.

Setting up the Server

  • Create /etc/openvpn/openvpn.conf with a content like this:
port <port>
proto tcp
dev tun0

ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/<server-name>.crt
key /etc/openvpn/easy-rsa/keys/<server-name>.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem

server <desired base ip>
ifconfig-pool-persist ipp.txt
keepalive 10 120
user nobody
group nobody
status /var/log/openvpn-status.log
verb 3

log-append /var/log/openvpn
status /tmp/vpn.status 10
  • Start the openvpn daemon

Setting up the Clients

  • Create a .conf file for each client like this:
remote <server> <port>
dev tun0
proto tcp
resolv-retry infinite
verb 2
ca ca.crt
cert <client crt file>
key <client key file>
  • Start the conection with
openvpn <client conf file> &

or copy it to /etc/openvpn/openvpn.conf and start the openvpn daemon.