How to set up a simple routed VPN - VPN client

Set up a VPN client

We will explain here how to set up a VPN client that connects to the VPN server. First of all you have to copy the following files from the server to the client. The best way to do so is to use an external storage device such as a flash disk or a CD. These files should be kept private and is not recommendable to transfer them over the Internet. The files that need to be transfered lie within /etc/openvpn/easy-rsa/keys and are the following:

serverName.crt
serverName.key
ta.key
ca.crt

On the client side, you should have openvpn installed. Like before run:

sudo apt-get install openvpn

Create the folders /etc/openvpn/easy-rsa and /etc/openvpn/easy-rsa/keys and transfer the above mentioned files in the folder /etc/openvpn/easy-rsa/keys. Once you have the certificates copied to the correct destination, edit the file server.conf (on the client side)

sudo vim /etc/openvpn/server.conf

and write the following (don't forget to replace remote.org with your server's domain name) :

client
remote remote.org 1194
resolv-retry infinite
nobind
pull
ns-cert-type server
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/opentox.ntua.gr.crt
key /etc/openvpn/easy-rsa/keys/opentox.ntua.gr.key
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 1
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

Restart openvpn on the client side:

sudo /etc/init.d/openvpn restart

and try to ping the VPN server at 10.8.0.1 - it should respond! Now if you want to find out which is your local IP run an ifconfig (client side):

$ ifconfig tun0
tun0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
      inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
      UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
      RX packets:1356 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1967 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:100
      RX bytes:344776 (344.7 KB)  TX bytes:232198 (232.1 KB)

From which we see that our IP (IP of the client on the VPN) is 10.8.0.6. You can now try for example to connect to the VPN server using SSH through the VPN network. This should be as simple as:

ssh username@10.8.0.1

On the server side you can try to ping your client node which should respond. Your VPN client and your VPN server now are actually on the same network and exchange information securely (using encryption). Enjoy!