How to configure Linux OpenVPN client with certificate authentication

Applies to Platform: Linux OS
Updated on: 18th of April, 2012


This lessons illustrates how to configure a Linux OpenVPN client to use certificate authentication.


PC with Linux OS.
Root privileges to install openvpn community package
Internet connectivity to download openvpn community package.


If you have a debian-based linux distribution on your PC to install openvpn run from root:

root@linux:~# aptitude install openvpn

Otherwise you can consult the man page of the package manager of your linux distribution.
For more information about installation go to


When you install openvpn is enabled on boot. If you don't want this, remember to disable the service.

Client Configuration

In your OpenVPN config folder, /etc/openvpn, create a folder called ACME-vpn, then go to /etc/openvpn/ACME-vpn, create a client configuration file called e.g., ACME-vpn.conf, and insert the text below.

dev tap                          
proto udp         #only if you use udp protocol
remote <IP> 1194  #1194 only if your VPN server port is default port     
resolv-retry infinite
pkcs12 john.p12   #this is the p12 client certificate
#auth-user-pass   #uncomment this row to use two factors authentication
verb 3
ns-cert-type server

Replace <IP> above with the public IP of the server.

Copy your john.p12 (this certtificate is generate from CA Authority in this guide) client certificate in /etc/openvpn/ACME-vpn/.
Now go to /etc/openvpn/ACME-vpn/ and run as root:

root@linux:~# openvpn ACME-vpn.conf



If you use a two-factors authentication when you run the above command, you will be asked to insert username and password of your VPN user created on Endian UTM Appliance. If something goes wrong check if you are able to connect to OpenVPN server Port, default is <REDIP>:1194 with UDP protocol.
Questo articolo ti è stato utile?
Utenti che ritengono sia utile: 0 su 0
Altre domande? Invia una richiesta