First the certificate (key) should be created on the server.
cd /etc/openvpn/easy-rsa/ source vars ./pkitool hostname
Copy the certificate files to the client
* /etc/openvpn/ca.crt
* /etc/openvpn/easy-rsa/keys/hostname.crt
* /etc/openvpn/easy-rsa/keys/hostname.key
Then the client should be setup
apt-get install openvpn cd /etc/openvpn cp /usr/share/doc/openvpn/examples/sample-config/client.conf client.conf
Edit the client.conf file (edit all that you need to fit your config, the following are those I recommend):
The fix for Vista I add (commented out) since I am lazy and usually just copy a old config file to the next client
remote my.domain.com 1194 # a separate .crt/.key file pair # for each client. A single ca # file can be used for all clients. ca ca.crt cert clientName.crt key clientName.key #fix for vista being stuid... ;route-method exe ;route-delay 2
Restart OpenVPN on the client:
/etc/init.d/openvpn restart * Stopping virtual private network daemon(s)... * No VPN is running. * Starting virtual private network daemon(s)... * Autostarting VPN 'myVPN' [ OK ]
Same as with the server, the above means that is went well, a [fail] means that the logs should be read for details.
A word of caution: [ OK ] only means that the OpenVPN was started ok – no errors in config etc.
There might still be issues with firewalls, wrong hostname (to the server) etc.
Check ifconfig and ping the server to make sure it is working.