Install openvpn and create keys.

Use aptitude to download and install openvpn and required software.

apt-get install bridge-utils openvpn easy-rsa

Create easy-rsa key creating directory.

make-cadir /etc/openvpn/easy-rsa

Edit vars file with commonname etc. for your certficate.

nano /etc/openvpn/easy-rsa/vars

Edit the following to your needs.

export KEY_COUNTRY="NO"
export KEY_PROVINCE="Somewhere"
export KEY_CITY="somecity"
export KEY_ORG="somename"
export KEY_EMAIL="example@example.com"

Vars file is also where you specify key strenght, you can set this to 4096 for increased security.

Start creating keys for server

cd /etc/openvpn/easy-rsa/
source vars
./clean-all
./build-dh
./pkitool --initca
./pkitool --server server
cd keys
openvpn --genkey --secret ta.key

Copy keys to openssl config folder.

cp server.crt server.key ca.crt dh4096.pem /etc/openvpn/

create keys for client, in this example we will call this client for bob.

cd ..
source vars
./pkitool bob

Download bobs keys to your computer as we will need them when creating bobs openvpn config file.

Configure openvpn on server.

Edit /etc/openvpn/openvpn.conf in this example i have ip range 192.168.0.20-44.

dev tap
proto udp
port 1194
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh4096.pem
user nobody
group nogroup
server-bridge 192.168.0.45 255.255.255.0 192.168.0.20 192.168.0.44
duplicate-cn
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
keepalive 10 120
log-append /var/log/openvpn
auth SHA1
cipher AES-256-CBC
comp-lzo

start openvpn server

/etc/init.d/openvpn start

If something doesnt work check /var/log/openvpn and consult comment field below or google.

Create config file for openvpn client.

for simplicity i will still use bob as an example, and now we need to create a file called bob.ovpn and fill it with the following.

dev tap
proto udp
remote example.com 1194

#  cipher: [NULL-CIPHER] NULL AES-128-CBC AES-192-CBC AES-256-CBC BF-CBC
#          CAST-CBC CAST5-CBC DES-CBC DES-EDE-CBC DES-EDE3-CBC DESX-CBC
#          RC2-40-CBC RC2-64-CBC RC2-CBC
#  auth:   SHA SHA1 MD5 MD4 RMD160

cipher AES-256-CBC
auth SHA1

resolv-retry 1
nobind
persist-key
persist-tun
client
comp-lzo
verb 3

<ca>

</ca>

<cert>

</cert>

<key>

</key>

Now we need to chance domain name from example.com to your domain name or ip adress.

As you can see in the config above there are some fields called and and so forth, this is where we will copy inn the certificated we created for bob and stored on our computer.
in between the and we will enter everyting between “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” also including those two from the ca.crt which you can find in /etc/openvpn/ca.crt

The procedure is the same for and although bob.crt will fill out and bob.key will fill out

 

And thats all, copy config file into openvpn config file folder and start openvpn and you will connect to your lan via vpn.