1. Install the openvpn package.
  2. In the server's /etc/openvpn directory, run the following command to generate a static key:
    • openvpn --genkey --secret static.key
  3. Copy this static key to the clients /etc/openvpn directory using a secure channel like scp or sftp.
  4. On the server, create a new /etc/openvpn/tun0.conf file and add the following:
    • dev tun0
    • ifconfig 10.9.8.1 10.9.8.2
    • secret static.key
  5. On the client, create a new /etc/openvpn/tun0.conf file and add the following:
    • remote 10.15.108.(servers's X)
    • dev tun0
    • ifconfig 10.9.8.2 10.9.8.1
    • secret static.key
  6. On the server's firewall, open up UDP 1194.
  7. On both devices, add a new VPN zone to represent tun0 and create a default policy for it. This means adding something to the following files in /etc/shorewall:
    • zone
    • interfaces
    • policy
  8. Bear in mind that 90% of all connection problems encountered by new OpenVPN users are firewall-related.
  9. Start OpenVPN by hand on both sides with the following command:
    • openvpn --config /etc/openvpn/tun0.conf
  10. To verify that the VPN is running, you should be able to ping 10.9.8.2 from the server and 10.9.8.1 from the client.

HowTo/openvpn (last edited 2009-03-16 03:30:08 by localhost)