Enable Routing and NAT on Linux

• /etc/openvpn/server.conf

  port 1194
  proto tcp
  dev tun
  ca /etc/openvpn/ca.crt
  cert /etc/openvpn/server.crt
  key /etc/openvpn/server.key
  dh /etc/openvpn/dh.pem
  server 10.0.2.0 255.255.255.0
  keepalive 1 5
  verb 3
  data-ciphers none
  topology subnet
  duplicate-cn
  

• /etc/openvpn/client.conf

  port 1194
  proto tcp
  dev tun
  ca /etc/openvpn/ca.crt
  cert /etc/openvpn/client.crt
  key /etc/openvpn/client.key
  client
  remote <host> 1194
  verb 3
  data-ciphers none
  

• Create the OpenVPN credentials with easy-rsa.

  # Create server credentials
  /usr/share/easy-rsa/easyrsa init-pki
  /usr/share/easy-rsa/easyrsa build-ca nopass
  /usr/share/easy-rsa/easyrsa gen-req server nopass
  /usr/share/easy-rsa/easyrsa --days=36525 sign-req server server
  /usr/share/easy-rsa/easyrsa gen-dh
  # Create client credentials
  /usr/share/easy-rsa/easyrsa gen-req client nopass
  /usr/share/easy-rsa/easyrsa --days=36525 sign-req client client
  
  # Move server credentials
  sudo cp pki/ca.crt /etc/openvpn/ca.crt
  sudo cp pki/issued/server.crt /etc/openvpn/server.crt
  sudo cp pki/private/server.key /etc/openvpn/server.key
  sudo cp pki/dh.pem /etc/openvpn/dh.pem
  # Move client credentials
  sudo cp pki/ca.crt /etc/openvpn/ca.crt
  sudo cp pki/issued/client.crt /etc/openvpn/client.crt
  sudo cp pki/private/client.key /etc/openvpn/client.key
  

  easy-rsa/doc/EasyRSA-Readme.md at master · OpenVPN/easy-rsa