[[PageOutline]]

 = OpenVPN with no "server-bridge" =
 * OpenVPN 2.1.0 with Ubuntu lucid


 = making certs =
 * vpnserver:~$ sudo aptitude install -R openvpn bridge-utils -y
 * vpnserver:~$ sudo cp -av /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/easy-rsa

 * vpnserver:~$ sudo vim /etc/openvpn/easy-rsa/vars

 * root@vpnserver:/etc/openvpn/easy-rsa# . ./vars
 * root@vpnserver:/etc/openvpn/easy-rsa# ./clean-all
 * root@vpnserver:/etc/openvpn/easy-rsa# ./build-ca
{{{
writing new private key to 'ca.key'
-----

The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'JP'
stateOrProvinceName   :PRINTABLE:'Ibraki'
localityName          :PRINTABLE:'Tsukuba'
organizationName      :PRINTABLE:'example.org'
organizationalUnitName:PRINTABLE:'OpenVPN Server'
commonName            :PRINTABLE:'vpnserver'
emailAddress          :IA5STRING:'vpn@example.org'
}}}
 * root@vpnserver:/etc/openvpn/easy-rsa# ./build-key vpnclient
{{{
writing new private key to 'vpnclient.key'
-----

The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'JP'
stateOrProvinceName   :PRINTABLE:'Ibraki'
localityName          :PRINTABLE:'Tsukuba'
organizationName      :PRINTABLE:'example.org'
organizationalUnitName:PRINTABLE:'OpenVPN Client'
commonName            :PRINTABLE:'vpnclient'
emailAddress          :IA5STRING:'vpn@example.org'
}}}
 * root@vpnserver:/etc/openvpn/easy-rsa# ./build-dh

 == copy files for server ==
 * root@vpnserver:/etc/openvpn/easy-rsa# cp -a keys/ca.crt keys/dh1024.pem keys/vpnserver.crt keys/vpnserver.key /etc/openvpn/

 == copy files for client ==
 * root@vpnserver:/etc/openvpn/easy-rsa# mkdir ~/client
 * root@vpnserver:/etc/openvpn/easy-rsa# cp -a keys/ca.crt keys/vpnclient.crt keys/vpnclient.key ~/client/

 * root@vpnserver:~# tar czf client.tar.gz client/
   * client.tar.gz => vpnclient with sftp