Install

• sudo apt install openvpn

Server

Create DH Key

• cd /etc/openvpn
• openssl dhparam -out dh2048.pem 2048

Place also openvpn-ca.crt openvpn-linux.crt openvpn-linux.key in this directory

Server Config

• vi /etc/openvpn/server.conf

dev tun
mode server
tls-server
port 5000
topology subnet
server 172.31.2.0 255.255.255.0
push "route 192.168.191.0 255.255.255.0"
cipher AES-256-CBC
link-mtu 1542
status /tmp/cool-vpn.status
keepalive 10 30
client-to-client
max-clients 150
verb 3
dh /etc/openvpn/dh2048.pem
ca /etc/openvpn/openvpn-ca.crt
cert /etc/openvpn/openvpn-linux.crt
key /etc/openvpn/openvpn-linux.key
comp-lzo
persist-key
persist-tun
duplicate-cn
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so /etc/pam.d/login

Client

Client Config

port 5000
dev tun0
remote neo.harirbo.net
tls-client
cipher AES-256-CBC
link-mtu 1542
mssfix 1450
pull
comp-lzo
verb 3
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
place your cacert here
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
place your cert here
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
place your private key here
-----END RSA PRIVATE KEY-----
</key>