Connect your home and company networks with OpenVPN


OpenVPN is an opensource Virtual Private Networking (VPN) solution which can be downloaded freely on the Internet. It also included in almost every Linux distro to-date, so it can be easily installed using your distro’s favourite package manager tools. It uses the SSL/TLS VPN stacks, which makes it different from almost every other VPN solution (which are usually based on IPSec).

This guide will described how OpenVPN can be installed and configured on a Debian system, so that it can be used as a means to connect to your home and company networks.

The Server

First install the openvpn package:

If apt-get suggests extra packages to install, just install them!

Two networks will be created:
* one to create a secure network for servers:
* one to create a secure network of client PC’s, Macbooks, Linux desktops, … :

Next, we will need an OpenVPN configuration file for the OpenVPN we’re about to create:

We will also need some firewall rules allowing our OpenVPN traffic:

Now we need to create a CCD file for each client. The CCD file contains the network settings for the connection OpenVPN clients.

The final thing to do for the OpenVPN server, is to create the x509 certificates.


This will copy the required tools for creating the certificates for both the server as the clients.

Next, specify your information in /etc/openvpn/easy-rsa/vars, only the bottom is of real importance:

Finally we will create the CA and the server certificate (we’re making a 2048 one!):

Finally we just need to start the OpenVPN service and the server is ready!

The Clients

Every client will need his own x509 certificate:

bear is the name of the client host.

Now create a client configuration file, let’s call it bear.conf and we’ll save in it /tmp/client_config/:

Finally grab all the files the client will need

If the client also uses the OpenVPN command line tools, just copy the above files to /etc/openvpn and restart the openvpn service.



Leave a Reply

Your email address will not be published. Required fields are marked *