Configuring the Client Side OpenVPN Machine
Setting up the client OpenVPN machine is Just like the server: create the directories for the certificates and keys; copy them over; and secure them appropriately. The client side OpenVPN configuration is a bit more sparse than the server's, since the server will be responsible for "pushing" the proper configuration settings to the client after connection.
# # SmallNetBuilder OpenVPN Client Configuration # # Instructs OpenVPN to run in client mode, requests IP address and # special instructions (like routes) from the server. client # Interface for tunnel dev tun0 # Remote server to connect to. Can be domain name or IP address. remote smallnetbuilder.com # Certificates and keys required for connection ca /etc/openvpn/certs/ca.crt cert /etc/openvpn/certs/remote_office.crt key /etc/openvpn/keys/remote_office.key # Symmetric cipher - Must be the same as the server's cipher BF-CBC # Protocol and Port - Must be the same on both server and client. proto udp port 1194 # Log to file instead of syslog log-append /var/log/openvpn.log verb 4 # Since the OpenVPN client is acting as a gateway for other machines # on the client-side network, run as a daemon and downgrade user # priviledges. user nobody group nobody daemon # Use a persistent key and tunnel interface. persist-tun persist-key
Configuring the Client Side Router
Just like the server-side setup, all the machines on the OpenVPN client's network also need to know how to reach the server's network (10.1.1.0/24). Add a route that directs all traffic destined for the server's network to the OpenVPN client machine (192.168.1.2). On the WRT54G it's under Setup > Advanced Routing (Figure 4).
Figure 4: Adding a Route to the Client-side Router
Finally, connect the client up to the OpenVPN server with:
~ # openvpn --config /etc/openvpn/client.conf
Related Items:VyprVPN Reviewed
Private WiFi Reviewed
QNAP Betas New NAS Firmware
PrivateWiFi Launches VPN Service For Free WiFi Users