Strona na różne notatki.
Najpierw należy wygenerować klucz oraz certyfikat na serwerze OpenVPN.
Na systemie-kliencie należy utworzyć plik /etc/openvpn/client/vpn_siec_pl.conf o treści:
client dev tun proto udp remote vpn.siec.pl 1194 nobind persist-key persist-tun mute-replay-warnings remote-cert-tls server verb 3 explicit-exit-notify route-delay 2 <ca> -----BEGIN CERTIFICATE----- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -----END PRIVATE KEY----- </key>
Systemd czyta pliki w tym katalogu i potrafi przetłumaczyć je sobie na „unit”:
systemctl enable openvpn-client@siec_vpn_pl systemctl start openvpn-client@siec_vpn_pl systemctl status openvpn-client@siec_vpn_pl