Setting up an OpenVPN server and clients on Fedora Core

Besides the extensive OpenVPN documentation I couldn't really find a step by step guide on how to setup an OpenVPN server and client.

I want to be able to connect my Fedora Core 10 laptop to the home-network via a Fedora Core 10 server.

Overview of the network setup

The server is 192.168.0.1, running Fedora Core 10 with openvpn 2.1. Newer versions are likely to work as well.
The laptop has a dynamic IP address.

Setting up the server

Please read the OpenVPN documentation if you run into troubles.

First setup the Certificate Authority keys.

cd /usr/share/openvpn/easy-rsa/2.0/
vi vars
# Fill KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL, all at the bottom.
. ./vars
./clean-all
./build-ca
# Press "enter" on each item.

Now setup the Server key and the Diffie Hellman key.

./build-key-server server
# Press enter on each item.
./build-dh

And build the client keys, each client needs its own key, with a unique Common Name. The IP address assigned to the client is related to the Common Name, so if you use non-unique Common Names, you will have conflicting IP addresses.

./build-key client1
./build-key client2
./build-key client3
mv keys /etc/openvpn

cp /usr/share/doc/openvpn-2.1/sample-config-files/roadwarrior-server.conf /etc/openvpn/server.conf
vi /etc/openvpn/server.conf
# Check the ca, cert, key and dh variables.

Start the server by issuing:

chkconfig openvpn on
service openvpn start

Setting up the client

Move the ca.cert, client1.crt and client1.key to the client, in /etc/openvpn/keys and copy the configuration. You will need to modify the client.conf a little bit.

/usr/share/doc/openvpn-2.1/sample-config-files/roadwarrior-client.conf /etc/openvpn/client.conf
vi /etc/openvpn/client.conf
# Find "remote" and set it to the internet address of your VPN server.

Start the client:

chkconfig openvpn on
service openvpn start

Checking if it worked

On both server and client issue ifconfig tun0 to see what IP-address is assigned to the entry of the tunnel. From the either end of the tunnel you should be able to ping the other end. Also tcpdump -n -i tun0 should work.

Hope this works for you as well, check out /var/log/messages for information. /etc/init.d/openvpn status dump a status of all connected clients to /var/log/messages.