Enable Routing and NAT on Linux
/etc/openvpn/server.conf
port 1194
proto tcp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh.pem
server 10.0.2.0 255.255.255.0
keepalive 1 5
verb 3
data-ciphers none
topology subnet
duplicate-cn
/etc/openvpn/client.conf
port 1194
proto tcp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client.crt
key /etc/openvpn/client.key
client
remote <host> 1194
verb 3
data-ciphers none
Create the OpenVPN credentials with easy-rsa.
# Create server credentials
/usr/share/easy-rsa/easyrsa init-pki
/usr/share/easy-rsa/easyrsa build-ca nopass
/usr/share/easy-rsa/easyrsa gen-req server nopass
/usr/share/easy-rsa/easyrsa --days=36525 sign-req server server
/usr/share/easy-rsa/easyrsa gen-dh
# Create client credentials
/usr/share/easy-rsa/easyrsa gen-req client nopass
/usr/share/easy-rsa/easyrsa --days=36525 sign-req client client
# Move server credentials
sudo cp pki/ca.crt /etc/openvpn/ca.crt
sudo cp pki/issued/server.crt /etc/openvpn/server.crt
sudo cp pki/private/server.key /etc/openvpn/server.key
sudo cp pki/dh.pem /etc/openvpn/dh.pem
# Move client credentials
sudo cp pki/ca.crt /etc/openvpn/ca.crt
sudo cp pki/issued/client.crt /etc/openvpn/client.crt
sudo cp pki/private/client.key /etc/openvpn/client.key
easy-rsa/doc/EasyRSA-Readme.md at master ยท OpenVPN/easy-rsa