Client instructions
See:Set up Easy-RSA as CA
- Copy easy-rsa dir to location, usually in /etc so it can be backed up... Ubuntu openvpn packages include easy-rsa at /usr/share/doc/openvpn/examples/easy-rsa
- cd into easy-rsa/
- Edit vars as follows:
- * KEY_COUNTRY
- * KEY_PROVINCE
- * KEY_CITY
- * KEY_ORG
- * KEY_EMAIL
- Run following commands:
. vars
./clean-all
./build-ca (Put company name in Common Name)
./build-dh
chmod +x make-crl
./make-crl crl.pem
Create a server certificate
Server certificates are normal client certificates, except that we don't build them with a passphrase, and we mark the certificate with a server flag..../build-key-server server (name for files to generate. Provide server DNS name for Common Name, sign and commit)
Create client certificates
Each client gets a unique certificate, that must be signed by this CA to be recognized by the server.
. vars
./build-key personname
(name for files to generate--make them unique, we usually use the person's name or a numbered system like client1, client2, etc. Use ./build-key-pass for passphrase-encrypted keys.)
Configure OpenVPN Server-Routed
- cd /etc/openvpn
- Copy server.conf from docs, and unpack.
- cp /etc/capath/keys/ca.crt .
- cp /etc/capath/keys/server.* .
- cp /etc/capath/keys/dh1024.pem .
- Edit server.conf as follows:
- * server - set to unique subnet if you connect to multiple OpenVPN tunnels at the same time
- * push "route 192.168.1.0 255.255.255.0" ; set the route for the subnet to use
- * push "dhcp-option DNS 192.168.1.2" ; set the DNS server via DHCP
- * push "dhcp-option WINS 192.168.1.2" ; set a WINS server over DHCP
- * push "dhcp-option DOMAIN freelock.lan" ; set a default DNS suffix
- * client-to-client ; see other clients at once
- * mode server
- * tls-server
Configure firewall to allow traffic
Configure OpenVPN Linux Client
- Copy client.key, client.crt, ca.crt, and client.conf from docs into a tarball and transfer to client.
- Edit client.conf as follows:
-
- remote servername 1194
- crt crtname.crt
- key crtkey.crt
- ca ca.crt
- up /etc/openvpn/client.up
- down /etc/openvpn/client.down
- Copy client.up and client.down from /usr/share/doc/openvpn/examples/sample...
Configure OpenVPN Windows Client
Set up OpenVPN on Windows- Download the latest stable Installation Package for Windows OpenVPN GUI from here:
- * http://openvpn.se/download.html
- Run through the installer, accept all defaults
- Copy these configs to your laptops that need to connect remotely.
- Unzip your zip file, putting the contents in c:\Program Files\Openvpn\config.
Notes:
- The VPN will not work when you're already connected to your LAN. It should work via external networks.