How to configure Linux OpenVPN client with certificate authentication

Applies to Platform: Linux OS
Updated on: 18th of April, 2012

Scenario

This lessons illustrates how to configure a Linux OpenVPN client to use certificate authentication.

Prerequirites

PC with Linux OS.
Root privileges to install openvpn community package
Internet connectivity to download openvpn community package.
 

CLIENT INSTALLATION

If you have a debian-based linux distribution on your PC to install openvpn run from root:

root@linux:~# aptitude install openvpn

Otherwise you can consult the man page of the package manager of your linux distribution.
For more information about installation go to http://openvpn.net/index.php/open-source/documentation/install.html

Client Configuration

In your OpenVPN config folder, /etc/openvpn, create a folder called ACME-vpn, then go to /etc/openvpn/ACME-vpn, create a client configuration file called e.g., ACME-vpn.conf, and insert the text below.

client
dev tap                          
proto udp         #only if you use udp protocol
remote IP 1194  #1194 only if your VPN server port is default port     
resolv-retry infinite
nobind
persist-key
persist-tun
pkcs12 john.p12   #this is the p12 client certificate
#auth-user-pass   #uncomment this row to use two factors authentication
verb 3
comp-lzo
ns-cert-type server

Replace IP above with the public IP of the server.

To create john.p12 client certificate, please follow this guide, then copy .p12 file into /etc/openvpn/ACME-vpn/.
Now go to /etc/openvpn/ACME-vpn/ and run as root:

root@linux:~# openvpn ACME-vpn.conf