How to configure Linux OpenVPN client with certificate authentication

Applies to Platform: Linux OS
Updated on: 18th of April, 2012


This lessons illustrates how to configure a Linux OpenVPN client to use certificate authentication.


PC with Linux OS.
Root privileges to install openvpn community package
Internet connectivity to download openvpn community package.


If you have a debian-based linux distribution on your PC to install openvpn run from root:

root@linux:~# aptitude install openvpn

Otherwise you can consult the man page of the package manager of your linux distribution.
For more information about installation go to


When you install openvpn is enabled on boot. If you don't want this, remember to disable the service.

Client Configuration

In your OpenVPN config folder, /etc/openvpn, create a folder called ACME-vpn, then go to /etc/openvpn/ACME-vpn, create a client configuration file called e.g., ACME-vpn.conf, and insert the text below.

dev tap                          
proto udp         #only if you use udp protocol
remote IP 1194  #1194 only if your VPN server port is default port     
resolv-retry infinite
pkcs12 john.p12   #this is the p12 client certificate
#auth-user-pass   #uncomment this row to use two factors authentication
verb 3
ns-cert-type server

Replace IP above with the public IP of the server.

To create john.p12 client certificate, please follow this guide, then copy .p12 file into /etc/openvpn/ACME-vpn/.
Now go to /etc/openvpn/ACME-vpn/ and run as root:

root@linux:~# openvpn ACME-vpn.conf


If you want to generate the certificates using an external host, please follow this guide.


If you use a two-factors authentication when you run the above command, you will be asked to insert username and password of your VPN user created on Endian UTM Appliance. If something goes wrong check if you are able to connect to OpenVPN server Port, default is <REDIP>:1194 with UDP protocol.
Have more questions? Submit a request