I will quickly describe how I managed to get a VPN ready for my needs.
Note: at this point I was not able to bypass NAT setups but I will find some tweaks for that.
First if your fainthearted you should probably not mess that much with config files and try the solution explained here which provides a more user friendly approach.
The journey starts by installing the server on your VPS, from now on I assume you have a yum-based server (I run CentOS 6).
First enable RMP Forge repo, to get the latest OpenVPN packages:
yum localinstall –nogpgcheck http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm (for x86)
Then trigger the installation
yum install openvpn
Enable TUN/TAP from your VPS Control Panel and check if it’s working by:
# cat /dev/net/tun
You should get:
Now go ahead and take the key and certificate generators and start building keys and certificates:
# cd /usr/share/doc/openvpn-2.0.9
# cp -av easy-rsa /etc/openvpn/
# cd /etc/openvpn/easy-rsa/
Fill the requested info or type a dot (".") to leave it empty:
# . ./vars # sh clean-all # sh build-ca # sh build-key-server server
Now that you have the server key and the certificate, build some client keys:
# sh build-key client1 # sh build-key client2
And fire up the security policies:
# sh build-dh
When you have the certificates and keys generated get the client .crt and .key plus the ca.crt files and transfer them to your clients.
Now take a configuration template and edit the configuration file:
# cd /etc/openvpn/ # cp /usr/share/doc/openvpn-2.2.2/sample-config-files/server.conf . // be aware of the version number as it will increase in the future # nano server.conf
My working configuration is as follows:
local <public IP of the local server>
key server.key # This file should be kept secret
server 10.8.0.0 255.255.255.0
push "route 127.0.0.0 255.255.255.0"
push "dhcp-option DNS 18.104.22.168"
push "dhcp-option DOMAIN <domain name>"
keepalive 10 120
Adjust the configuration to your needs.