If you followed part one of this series, VPNs and You: 1 - Providing secure remote access with OpenVPN, then you should have a ready-to-use OpenVPN server, so all we need now is the client. Fortunately for us the client configuration is even easier than the server configuration, so before you know it you’ll have a fully functioning VPN setup…

As stated before, I am going to assume a windows client as this is the most common scenario, if you are using another OS please adjust instructions as necessary. For windows we need the client itself, and for convenience a nice GUI to go on top of it. The most common package (and the best I’ve seen) is Mathias Sundman’s combined OpenVPN/GUI install, be sure to get the combined package and not the GUI only download. Install it, reboot if necessary.

Once OpenVPN is installed we need to add the SSL certs we created in the first section of this guide. These must be transported securely from the server to the client, if not your VPN’s security is compromised. Assuming the default install directory, copy ca.crt, ta.key, and your client-specific certs (say client.crt and client.key) to the
c:\Program Files\OpenVPN\config directory.

Next, we need to create a config file (client.ovpn) in the same directory with the following contents:

client
dev tun
proto udp
remote vpn.example.com 1194
nobind
persist-key
persist-tun
ca   ca.crt
cert client.crt
key  client.key
ns-cert-type server
tls-auth ta.key 1
cipher BF-CBC
comp-lzo
verb 6
mute 20

replay-window 256
mssfix 1260
;fragment 1260

;Uncomment below if you are using openvpn-auth for two-factor authentication
;auth-user-pass

If you’ve followed the guide carefully, you should now be ready to connect to your VPN server.

Double-clicking the OpenVPN icon in the system tray should automatically launch OpenVPN with the client.ovpn configuration, and before you know it you should be securely connected to the server. If you have been successfully connected you will have a virtual tunnel set up between you and the server. Running ipconfig should show that your virtual tunnel device is connected and has an IP assigned. Try pinging the server on the other end of the tunnel (the default gateway shown from ipconfig) - if you get a response you’re in business.

At this point we have a secure VPN connection, but it can be improved upon, which I will cover in part three of this series, VPNs and You: 3 - Hardening your OpenVPN solution.

Trouble-shooting:

If OpenVPN is having trouble contacting the server, make sure the server name is right in the config file, and that the server is running. If both of these are fine then you probably have a firewall issue (either on the local client, the server, or both). Also, if you are connecting to the server fine, but cannot connect to the machines behind the openvpn server, you may have other firewall issues or routing problems. For any of these (or other similar) issues, please see part four of this series, VPNs and You: 4 - Tweaking firewall and network settings for solutions.

del.icio.us:VPNs and You: 2 - Configuring the OpenVPN clientDEL.ICIO.USdigg:VPNs and You: 2 - Configuring the OpenVPN clientDIGGnewsvine:VPNs and You: 2 - Configuring the OpenVPN clientNEWSVINEblinklist:VPNs and You: 2 - Configuring the OpenVPN clientBLINKLISTreddit:VPNs and You: 2 - Configuring the OpenVPN clientREDDITslashdot:VPNs and You: 2 - Configuring the OpenVPN clientSLASHDOT