Deploy Server and Client

Install OpenVPN and EasyRSA

apt install -y openvpn easy-rsa

Create CA

cd /etc/openvpn

Create EasyRSA dir.

make-cadir ~/easy-rsa

cd easy-rsa

Init PKI

./easyrsa init-pki

Create CA(Self Sign): Input CA nama and password.

./easyrsa build-ca

Create Server Cert

Create server cert and key.

./easyrsa gen-req server nopass

./easyrsa sign-req server server

Create Diffie-Hellman Params.

./easyrsa gen-dh

Create TLS Key.

openvpn --genkey --secret ta.key

Create Client Cert

cname=kuga

./easyrsa gen-req $cname nopass

./easyrsa sign-req client $cname

Setup Server

sname=cmajorrocks

mkdir -p /etc/openvpn/server/$sname

cp ./easy-rsa/pki/issued/server.crt /etc/openvpn/server/$sname
cp ./easy-rsa/pki/private/server.key /etc/openvpn/server/$sname
cp ./easy-rsa/pki/dh.pem /etc/openvpn/server/$sname
cp ./easy-rsa/ta.key /etc/openvpn/server/$sname