Table of ContentsPrepare OpenVPN
Routed static setup
Bridged static setup
Routed PKI setup
Bridged PKI setup
You can use one of two approaches: simple static key (allows to connect single client to single server) or complex public key infrastruction (or PKI, which allows to connect multiple clients to a server).
Choose your method and generate the keys now.
# cd /usr/local/etc/openvpn # openvpn --genkey --secret static.key
That's it. Now copy static.key to the client.
You should build OpenVPN with EASY-RSA option turned on.
Create easy-rsa dir for our setup:
# cp -R /usr/local/share/easy-rsa ./officelan-rsa # cd ./officelan-rsa
# ./easyrsa.real init-pki # ./easyrsa.real build-ca # ./easyrsa.real gen-dh
Create certificate and key for server:
# ./easyrsa.real build-server-full server.host.name nopass
Create certificate and key for a client:
# ./easyrsa.real build-client-full client.host.name nopass
Copy files to the server and to the clients
Copy the following files to /usr/local/etc/openvpn:
- Save pki/ca.crt as openvpn_officelan.ca.crt there.
- Save pki/dh.pem as openvpn_officelan.dh.pem there.
- Save pki/issued/<hostname-here>.crt as openvpn_officelan.crt there.
- Save pki/private/<hostname-here>.key as openvpn_officelan.key there.
In order to add another client rerun build-client-full command