Client Configuration

Here is an example of the openvpn.conf file for a client system:

#
# Connecting
#
client
nobind
dev tun
proto udp
resolv-retry infinite
remote dangerzone.skullspace.ca 1194

#
# Crypto
#
ca ca.pem
cert client.pem
key client.key
ns-cert-type server

#
# Privilege Separation
#
user openvpn
group openvpn
persist-key
persist-tun

#
# Client Settings
#
comp-lzo

#
# Logging
#
verb 3
mute 20

Other than the above file, you will also need:

1. openvpn.conf
2. ca.pem
3. client.pem
4. client.key

Client Certificate

This is an example of a client.pem file for the user mogigoma:

% openssl x509 -noout -text -in client.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            a3:c7:84:d0:a8:61:42:f4:4f:00:f4:24:14:42:cb:3d:c9:a8:e6:ac:6a:37:f6:5a:ce:f2:be:6a:d4:cf:3d:af
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=CA, ST=MB, L=Winnipeg, O=SkullSpace, OU=DangerZone
        Validity
            Not Before: May 30 04:27:33 2013 GMT
            Not After : Jun 29 04:27:33 2013 GMT
        Subject: C=CA, ST=MB, L=Winnipeg, O=SkullSpace, OU=DangerZone, CN=mogigoma
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b4:cb:bb:43:0a:ce:e6:69:8c:67:e3:dc:de:bd:
                    7d:c5:4f:8b:1f:83:a7:98:64:7e:dc:62:6a:ab:46:
                    52:55:aa:99:7c:a0:22:44:24:40:2e:7d:a1:e8:c6:
                    f8:08:e1:5e:c5:c0:18:9b:da:c0:a6:97:a4:4c:b1:
                    02:7a:b3:e9:f4:92:19:95:1f:74:89:aa:58:80:79:
                    8d:e0:64:7a:5f:0a:10:4e:0f:84:2d:d4:58:84:d1:
                    ee:f6:f9:9a:5e:c0:b4:d9:29:af:54:f3:ad:42:41:
                    1d:a2:3a:17:24:d2:a6:93:40:89:ab:2c:2c:a5:93:
                    f0:9e:6e:e0:f2:0e:79:83:ea:16:b1:4a:74:25:3e:
                    60:74:c5:f0:bc:d4:dc:93:9e:c6:09:c2:c4:23:8a:
                    82:6b:2a:f5:f8:62:d0:65:06:29:c9:bb:05:bf:75:
                    ae:04:27:7a:f4:33:3a:4a:0a:ef:69:85:e5:2e:39:
                    1d:67:5f:4c:1d:82:45:65:89:7b:86:3b:59:9e:a6:
                    e6:c2:a8:1c:86:45:62:bb:92:5f:e8:bd:ac:72:ab:
                    ca:f2:aa:80:e3:32:93:7b:12:34:f2:2d:09:f3:40:
                    8b:a5:df:19:45:61:e3:37:d1:c1:22:1d:2f:13:35:
                    a2:c2:45:29:27:be:39:49:2d:0e:1a:08:86:74:59:
                    f7:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Netscape Comment: 
                DangerZone OpenVPN Client (mogigoma)
            Netscape Cert Type: 
                SSL Client
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
                80:86:BF:2E:D1:3C:33:AB:2D:CB:98:85:ED:DC:A1:A2:AF:95:F5:A5
            X509v3 Authority Key Identifier: 
                keyid:C5:E0:A5:BB:B5:75:2A:15:75:68:72:2A:2B:0F:ED:21:01:38:33:27

    Signature Algorithm: sha1WithRSAEncryption
         b5:87:53:70:62:33:22:ca:fb:da:00:84:7d:2a:9c:b5:be:66:
         30:21:b4:7e:5c:81:83:60:47:4c:34:36:ca:13:08:f1:a5:b3:
         e2:8b:d1:96:3e:a7:e1:d9:0c:33:98:cd:d6:42:2d:09:f4:92:
         74:f2:b9:d4:f3:ed:c5:c3:68:4f:b6:6c:c8:69:e7:f2:75:95:
         cb:7d:84:ea:16:be:85:a7:6a:79:e8:9c:1d:42:d5:5f:9e:e3:
         2b:d9:36:1f:3c:af:76:fa:86:79:74:ff:df:41:d9:33:ca:be:
         11:b9:3f:5d:29:01:2b:a6:f7:48:ab:63:34:55:32:64:f2:09:
         13:af:55:85:b0:bd:e1:26:17:41:12:c5:30:d5:89:5b:ca:fb:
         a3:5d:a8:8f:ad:fd:3e:6b:d4:6e:66:c5:82:cb:c0:c6:30:ff:
         e3:c1:77:f5:b2:e3:42:f5:20:8c:b1:47:79:12:2f:d8:d9:3f:
         d8:01:50:74:82:ee:08:50:4d:9a:75:fa:41:e1:42:87:52:df:
         8a:5e:6b:07:07:b3:cc:62:8a:0d:d3:a2:79:5b:cb:d6:29:46:
         77:fe:de:32:99:64:16:35:8b:4a:a4:58:2d:ab:5d:33:bf:c2:
         9f:f8:69:f1:80:c7:00:3f:88:a6:3c:db:82:60:f4:86:d2:64:
         b5:2c:34:92