yuvadm/client.ovpn

## client.ovpn
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server.     #
#                                            #
# This configuration can be used by multiple #
# clients, however each client should have   #
# its own cert and key files.                #
#                                            #
# On Windows, you might want to rename this  #
# file so it has a .ovpn extension           #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one.  On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote my-server-1 1194
;remote my-server-2 1194

# Choose a random host from the remote
# list for load-balancing.  Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nogroup

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here.  See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets.  Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
ca ca.crt
cert client1.crt
key client1.key

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server".  This is an
# important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server".  The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server

# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo

# Set log file verbosity.
verb 3

# Silence repeating messages
;mute 20

## server.sh
# Shamlessly copied from http://greglus.com/blog/2011/11/12/install-openvpn-server-on-ubuntu/

sudo su
# Update the system
apt-get update -y
apt-get upgrade -y
# Install OpenVPN and the iptables firewall
apt-get install openvpn udev iptables
# Copy the default easy-rsa directory
cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn
# Get into this directory
cd /etc/openvpn/easy-rsa/2.0/
# Make the variables
. /etc/openvpn/easy-rsa/2.0/vars
. /etc/openvpn/easy-rsa/2.0/clean-all
# Create the Certificate Authority
. /etc/openvpn/easy-rsa/2.0/build-ca
# Create a certificate/key for your server
. /etc/openvpn/easy-rsa/2.0/build-key-server server
# Create a client:
# you may repeat this step for each client by replacing
# <client1> by the name of your client
. /etc/openvpn/easy-rsa/2.0/build-key client1
# Build the Diffie Hellman parameters
. /etc/openvpn/easy-rsa/2.0/build-dh
# Get into the keys directory
cd /etc/openvpn/easy-rsa/2.0/keys
# Copy the required keys to the /etc/openvpn directory
cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn
# Get into the sample config directory
cd /usr/share/doc/openvpn/examples/sample-config-files
# Unzip the server configuration files
gunzip -d server.conf.gz
# Copy the sample server configuration to /etc/openvpn
cp server.conf /etc/openvpn/
# Copy the sample client configuration to your home directory
cp client.conf ~/
# Get into your home directory
cd ~/
# Start OpenVPN
/etc/init.d/openvpn start
	##############################################
	# Sample client-side OpenVPN 2.0 config file #
	# for connecting to multi-client server. #
	# #
	# This configuration can be used by multiple #
	# clients, however each client should have #
	# its own cert and key files. #
	# #
	# On Windows, you might want to rename this #
	# file so it has a .ovpn extension #
	##############################################

	# Specify that we are a client and that we
	# will be pulling certain config file directives
	# from the server.
	client

	# Use the same setting as you are using on
	# the server.
	# On most systems, the VPN will not function
	# unless you partially or fully disable
	# the firewall for the TUN/TAP interface.
	;dev tap
	dev tun

	# Windows needs the TAP-Win32 adapter name
	# from the Network Connections panel
	# if you have more than one. On XP SP2,
	# you may need to disable the firewall
	# for the TAP adapter.
	;dev-node MyTap

	# Are we connecting to a TCP or
	# UDP server? Use the same setting as
	# on the server.
	;proto tcp
	proto udp

	# The hostname/IP and port of the server.
	# You can have multiple remote entries
	# to load balance between the servers.
	remote my-server-1 1194
	;remote my-server-2 1194

	# Choose a random host from the remote
	# list for load-balancing. Otherwise
	# try hosts in the order specified.
	;remote-random

	# Keep trying indefinitely to resolve the
	# host name of the OpenVPN server. Very useful
	# on machines which are not permanently connected
	# to the internet such as laptops.
	resolv-retry infinite

	# Most clients don't need to bind to
	# a specific local port number.
	nobind

	# Downgrade privileges after initialization (non-Windows only)
	;user nobody
	;group nogroup

	# Try to preserve some state across restarts.
	persist-key
	persist-tun

	# If you are connecting through an
	# HTTP proxy to reach the actual OpenVPN
	# server, put the proxy server/IP and
	# port number here. See the man page
	# if your proxy server requires
	# authentication.
	;http-proxy-retry # retry on connection failures
	;http-proxy [proxy server] [proxy port #]

	# Wireless networks often produce a lot
	# of duplicate packets. Set this flag
	# to silence duplicate packet warnings.
	;mute-replay-warnings

	# SSL/TLS parms.
	# See the server config file for more
	# description. It's best to use
	# a separate .crt/.key file pair
	# for each client. A single ca
	# file can be used for all clients.
	ca ca.crt
	cert client1.crt
	key client1.key

	# Verify server certificate by checking
	# that the certicate has the nsCertType
	# field set to "server". This is an
	# important precaution to protect against
	# a potential attack discussed here:
	# http://openvpn.net/howto.html#mitm
	#
	# To use this feature, you will need to generate
	# your server certificates with the nsCertType
	# field set to "server". The build-key-server
	# script in the easy-rsa folder will do this.
	ns-cert-type server

	# If a tls-auth key is used on the server
	# then every client must also have the key.
	;tls-auth ta.key 1

	# Select a cryptographic cipher.
	# If the cipher option is used on the server
	# then you must also specify it here.
	;cipher x

	# Enable compression on the VPN link.
	# Don't enable this unless it is also
	# enabled in the server config file.
	comp-lzo

	# Set log file verbosity.
	verb 3

	# Silence repeating messages
	;mute 20
	# Shamlessly copied from http://greglus.com/blog/2011/11/12/install-openvpn-server-on-ubuntu/

	sudo su
	# Update the system
	apt-get update -y
	apt-get upgrade -y
	# Install OpenVPN and the iptables firewall
	apt-get install openvpn udev iptables
	# Copy the default easy-rsa directory
	cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn
	# Get into this directory
	cd /etc/openvpn/easy-rsa/2.0/
	# Make the variables
	. /etc/openvpn/easy-rsa/2.0/vars
	. /etc/openvpn/easy-rsa/2.0/clean-all
	# Create the Certificate Authority
	. /etc/openvpn/easy-rsa/2.0/build-ca
	# Create a certificate/key for your server
	. /etc/openvpn/easy-rsa/2.0/build-key-server server
	# Create a client:
	# you may repeat this step for each client by replacing
	# <client1> by the name of your client
	. /etc/openvpn/easy-rsa/2.0/build-key client1
	# Build the Diffie Hellman parameters
	. /etc/openvpn/easy-rsa/2.0/build-dh
	# Get into the keys directory
	cd /etc/openvpn/easy-rsa/2.0/keys
	# Copy the required keys to the /etc/openvpn directory
	cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn
	# Get into the sample config directory
	cd /usr/share/doc/openvpn/examples/sample-config-files
	# Unzip the server configuration files
	gunzip -d server.conf.gz
	# Copy the sample server configuration to /etc/openvpn
	cp server.conf /etc/openvpn/
	# Copy the sample client configuration to your home directory
	cp client.conf ~/
	# Get into your home directory
	cd ~/
	# Start OpenVPN
	/etc/init.d/openvpn start