Follow

How to configure Linux OpenVPN client with certificate authentication

Applies to Platform: Linux OS
Updated on: 18th of April, 2012

Scenario

This lessons illustrates how to configure a Linux OpenVPN client to use certificate authentication.


Prerequirites

PC with Linux OS.
Root privileges to install openvpn community package
Internet connectivity to download openvpn community package.
 

CLIENT INSTALLATION

If you have a debian-based linux distribution on your PC to install openvpn run from root:

root@linux:~# aptitude install openvpn



Otherwise you can consult the man page of the package manager of your linux distribution.
For more information about installation go to http://openvpn.net/index.php/open-source/documentation/install.html

Note

When you install openvpn is enabled on boot. If you don't want this, remember to disable the service.

Client Configuration

In your OpenVPN config folder, /etc/openvpn, create a folder called ACME-vpn, then go to /etc/openvpn/ACME-vpn, create a client configuration file called e.g., ACME-vpn.conf, and insert the text below.

client
dev tap                          
proto udp         #only if you use udp protocol
remote IP 1194  #1194 only if your VPN server port is default port     
resolv-retry infinite
nobind
persist-key
persist-tun
pkcs12 john.p12   #this is the p12 client certificate
#auth-user-pass   #uncomment this row to use two factors authentication
verb 3
comp-lzo
ns-cert-type server

Replace IP above with the public IP of the server.

To create john.p12 client certificate, please follow this guide, then copy .p12 file into /etc/openvpn/ACME-vpn/.
Now go to /etc/openvpn/ACME-vpn/ and run as root:

root@linux:~# openvpn ACME-vpn.conf

Note

If you want to generate the certificates using an external host, please follow this guide.

Note

If you use a two-factors authentication when you run the above command, you will be asked to insert username and password of your VPN user created on Endian UTM Appliance. If something goes wrong check if you are able to connect to OpenVPN server Port, default is <REDIP>:1194 with UDP protocol.
Have more questions? Submit a request

Comments