Generating certificates and keys for a client is very similar to the process used for generating server certificates. It is assumed that you have already set up the /etc/openvpn/easy-rsa/ directory and updated the /etc/openvpn/easy-rsa/vars file as described above. You should have already setup your Certificate Authority and created a server certificate and keys.
cd /etc/openvpn/easy-rsa/
source ./vars
./pkitool client
Note: You can change the name of your client certificate like your name Ex: ./pkitool Juan
Then you will need the following files to be placed on the client PC...
- client.ovpn (config file. extension is conf if using linux)
- ca.crt
- client.crt
- client.key
- ta.key
client
dev tap
proto tcp
remote server1 1194
#remote server2 1194
#remote server 3 8080
nobind
persist-key
comp-lzo
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
ns-cert-type server
cipher BF-CBC
verb 3
ping 10
ping-restart 120
# uncomment below if Vista or higher is the client
#route-method exe
#route-delay 2
#uncomment this if you wish to prevent the client to get route info from server
#route-nopull
=== End of file
Extra windows settings:
Edit the registry value below to enable LAN Routing in Vista and higher
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value: IPEnableRouter
Type: REG_DWORD
Data: 0x00000001 (1)
To start OpenVPN in Windows just load the OpenVPN GUI
Note: make sure the config file extension name is ovpn and all the certificates are inside the config directory
To start OpenVPN in linux just type the ff. below...
# /etc/init.d/openvpn restart
Note: make sure the extension name is conf and all the certificates are inside the OpenVPN directory
No comments:
Post a Comment