thereis a good guide at https://help.ubuntu.com/11.10/serverguide/openvpn.html
apt-get install openvpn openssl cd /usr/share/doc/openvpn/examples/easy-rsa/2.0 nano vars source ./vars ./clean-all ./build-ca ./build-key-server [server-name]
leave password blank and answer yes to sign certificate and to commit.
./build-dh ./build-key [client-name] cd keys/ cp myservername.crt myservername.key ca.crt dh1024.pem /etc/openvpn/ cd /usr/share/doc/openvpn/examples/sample-config-files gzip -d server.conf.gz cp server.conf /etc/openvpn/ cd /etc/openvpn/ nano server.conf
change the line
push "redirect-gateway def1"
(notice that there is no ; at the begining anymore!)
and if you feel like having a little more security also uncomment tese two lines and change the group name to “nogroup” rather than “nobody”
user nobody group nogroup
also uncomment the line
if you want your vpn clients to be able to use this server as their internet gateway as well continue here:
apt-get install iptables echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
put the last two lines in your /etc/rc.local if you want this service to be available after the next reboot again
copy the files ca.crt, client.crt and client.key from the server in /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/ to your client. also copy the example config file for the client from /usr/share/doc/openvpn/examples/sample-config-files/client.conf/ to the same directory on your client as the certificates. adjust the name of your server in the client config file and again the nouser, nogroup to help with security.