Applies to Platform: Linux OS
Updated on: 18th of April, 2012
This lessons illustrates how to configure a Linux OpenVPN client to use certificate authentication.
PC with Linux OS.
Root privileges to install openvpn community package
Internet connectivity to download openvpn community package.
If you have a debian-based linux distribution on your PC to install openvpn run from root:
root@linux:~# aptitude install openvpn
Otherwise you can consult the man page of the package manager of your linux distribution.
For more information about installation go to http://openvpn.net/index.php/open-source/documentation/install.html
In your OpenVPN config folder, /etc/openvpn, create a folder called ACME-vpn, then go to /etc/openvpn/ACME-vpn, create a client configuration file called e.g., ACME-vpn.conf, and insert the text below.
client dev tap proto udp #only if you use udp protocol remote <IP> 1194 #1194 only if your VPN server port is default port resolv-retry infinite nobind persist-key persist-tun pkcs12 john.p12 #this is the p12 client certificate #auth-user-pass #uncomment this row to use two factors authentication verb 3 comp-lzo ns-cert-type server
Replace <IP> above with the public IP of the server.
To create john.p12 client certificate, please follow this guide, then copy .p12 file into /etc/openvpn/ACME-vpn/.
Now go to /etc/openvpn/ACME-vpn/ and run as root:
root@linux:~# openvpn ACME-vpn.conf