This document should be used by a Technical Support Engineer(TSE) to generate required keys and client-certificates for OpenVPN clients.
This document does not mention the steps required to generate a CA certificate (ca.crt) and other details of configuration of OpenVPN server. Also make sure that OpenVPN GUI client is installed correctly on Windows XP/2000. On a Linux based system, OpenVPN software must be installed properly. Generally the configuration directory of it is in /etc/openvpn. On Windows it is in C:\Program Files\OpenVPN\config.
/etc/openvpnto prevent unauthorized access from others. The security of VPN server can be compromised by obtaining the contents of this directory.
cd /etc/openvpn/easy-rsa
tar -C /etc/openvpn/easy-rsa/keys -cvf /root/vpn-client-1.tar client-vpn-1.key client-vpn-1.crt ca.crt ta.key
This will create a tar file vpn-client-1.tar in the home directory of root (/root). If you have logged in a a non-root user, then use the home directory of that account to store this tar file. This file should be copied to the Windows or Linux system on which the OpenVPN client is running. As soon as this task is over, delete the copy of this tar file on the server.
C:\Program Files\OpenVPN\config on Windows based client.
Make sure that following parameters are set correctly in the configuration file of OpenVPN (server.conf or client.conf).
Generally proto is udp and dev is tun. Value of ca should be ca.crt, key should be client-vpn-1.key and cert should be client-vpn-1.crt. Value of server should be the IP or host name of OpenVPN server. Value of tls-auth should be ta.key and tun-mtu should match with the same set on server side (generally 1500).
Now restart the OpenVPN software on client system. In case of Windows, use the GUI to connect to the server.