thereis a good guide at https://help.ubuntu.com/11.10/serverguide/openvpn.html
apt-get install openvpn openssl cd /usr/share/doc/openvpn/examples/easy-rsa/2.0 nano vars source ./vars ./clean-all ./build-ca ./build-key-server [server-name]
leave password blank and answer yes to sign certificate and to commit.
./build-dh ./build-key [client-name] cd keys/ cp myservername.crt myservername.key ca.crt dh1024.pem /etc/openvpn/ cd /usr/share/doc/openvpn/examples/sample-config-files gzip -d server.conf.gz cp server.conf /etc/openvpn/ cd /etc/openvpn/ nano server.conf
change the line
;push "redirect-gateway"
to
push "redirect-gateway def1"
(notice that there is no ; at the begining anymore!)
and if you feel like having a little more security also uncomment tese two lines and change the group name to “nogroup” rather than “nobody”
user nobody group nogroup
also uncomment the line
client-to-client
if you want your vpn clients to be able to use this server as their internet gateway as well continue here:
apt-get install iptables echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
put the last two lines in your /etc/rc.local if you want this service to be available after the next reboot again
copy the files ca.crt, client.crt and client.key from the server in /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/ to your client. also copy the example config file for the client from /usr/share/doc/openvpn/examples/sample-config-files/client.conf/ to the same directory on your client as the certificates. adjust the name of your server in the client config file and again the nouser, nogroup to help with security.