How to set up a simple routed VPN - Multi-client setup

 

Multi-client setup

In this section we explain how to set up a VPN that supports multiple clients. You have the option to isolate individual clients and let them only communicate with the server at 10.8.0.1 or to allow them connect to one another using the VPN server as a router. If you want to allow your clients to see each other, then append this line into your server.conf file (on the VPN server):

client-to-client

Now for each client you have to create different keys. We will use the script pkitool provided by openvpn which we already have used previously. On the server side run:

cd /etc/openvpn/easy-rsa
source ./vars
./pkitool your-server-0.org

This will create the certificate file named:

your-server-0.org.crt
your-server-0.org.ke

which you will hand to the client. Do the same for each client you need to allow to connect to your VPN. You should create files with a different name for each client !!!

Give the VPN keys (files your-server-0.crt and your-server-0.key) to your client along with the files ca.crt and ta.key. Best practice is to transfer these files with a flash disk or other removable storage device and not over the Internet. Each client now will be able to connect to the VPN using their (different) keys. Under the aforementioned configuration, the clients will acquire static IP addresses.

In particular the directive:

ifconfig-pool-persist ipp.txt

tells the server to reserve an IP once it is acquired by a client. Therefore the same client will get the same VPN IP the second time it connects to the server. You can actually test it... On the client side, connect to the VPN server:

sudo /etc/init.d/openvpn restart

Check your VPN IP using ifconfig:

ifconfig tun0

Then restart openvpn and check your IP again. It should be the same!