Server Side

Install Packages.

apt-get install openvpn easy-rsa

Copy Server’s Config.

gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf

Edit It.

dh dh1024.pem to dh dh2048.pem

uncomment these line

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS"
push "dhcp-option DNS"
user nobody
group nogroup

Enable ip_forward ipv4

echo 1 > /proc/sys/net/ipv4/ip_forward`

Or Edit Uncomment /etc/sysctl.conf


In This Case Firewall Is Disable

Copy easy-rsa To Openvpn Folder

cp -r /usr/share/easy-rsa/ /etc/openvpn

Create keys Folder In /etc/openvpn/easy-rsa/

mkdir -p /etc/openvpn/easy-rsa/keys`

Edit vars And Change These

export KEY_CITY="Dallas"
export KEY_ORG="My Company Name"
export KEY_EMAIL=""
export KEY_OU="MYOrganizationalUnit"
export KEY_NAME="server"

Create pem

openssl dhparam -out /etc/openvpn/dh2048.pem 2048

Run cert Flow

cd /etc/openvpn/easy-rsa
. ./vars

Create server key

./build-key-server server
cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt} /etc/openvpn

Create client conf&cert

./build-key client1
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/client.ovpn

Edit client.conf Change remote To Your Server

remote 'my-server-1' 1194

Comment These

#ca ca.crt
#cert client.crt
#key client.key

Add These

(insert ca.crt here)
(insert client1.crt here)
(insert client1.key here)

Make Sure Your FireWall Port Forward Is Currect.

Forward All Traffic To Outside.

iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE`

Client Side

Install VPN Software In Your Device.

Then Copy client.ovpn From Server To Your Devices And Import It.