Setting up Linux and Windows Clients to Connect to OpenVPN Server
To set up a client (regardless of the distribution or operating system) you will need to copy the ca.crt, server.crt, and server.key files from /etc/openvpn/rsa/keys.
You can do this using sftp in Linux or another FTP client and place them in a directory within your /home (in Linux) or in the config folder (its exact location depends on where you installed the client, most likely in another folder called OpenVPN inside Program Files):
Let’s take a look at the contents of the configuration directory in the Linux client. You will note that there’s a file named client.ovpn. This is the main configuration file for the client. If you did not change the default port (1194), you will only need to indicate the IP address of your VPN server. The paths for the certificate and key files are relative to the same directory where client.ovpn is located:
The configuration folder in the Windows client:
To start OpenVPN in the client:
# sudo nohup openvpn --config client.ovpn &
As Administrator, start OpenVPN GUI from Start –> All programs –> OpenVPN, and it will be launched in the background.
Now fire up a browser and open http://whatismyip.org/ and you should see the IP of your OpenVPN server instead of the public IP provided by your ISP:
Although in this article we used the generic name server for our VPN server, you can use another name if you want. If that is the case, you will need to rename the configuration file (server.conf) to somethingelse.conf and edit the following lines in the that file:
ca somethingelse.crt cert somethingelse.crt key somethingelse.key # This file should be kept secret
In addition, you can have the VPN service start automatically on boot in the Linux client by adding the following line as a crontab entry:
@reboot /usr/bin/openvpn --config /path/to/client.ovpn
Finally, to set up the required routing as shown in the first image of this article (to enable communication with another machine on the other end of the VPN server), we will need to enable IP forwarding by setting in /etc/sysctl.conf (for future reboots).
net.ipv4.ip_forward = 1
# sysctl -w net.ipv4.ip_forward=1
for the setting to take effect immediately.
In this article we have explained how to set up and configure a VPN server using OpenVPN, and how to set up two remote clients (a Linux box and a Windows machine). You can now use this server as a VPN gateway to secure your web browsing activities. With a little extra effort (and another remote server available) you can also set up a secure file / database server, to name a few examples.
We look forward to hearing from you, so feel free to drop us a note using the form below. Comments, suggestions, and questions about this article are most welcome.