We have checked that we can create a point-to-point network with a TUN device manually. Now is the time for all good system administrators to use configuration files for their deployments.

If you haven’t already stopped the point-to-point network, do it now.

Key generation

We will generate a key in the server and copy it to the client.

Server

(server)_$: mkdir /etc/openvpn/certs
(server)_$: openvpn --genkey --secret /etc/openvpn/certs/static.key

Client

(client)_$: mkdir /etc/openvpn/certs
(client)_$: scp user@server:/etc/openvpn/certs/static.key /etc/openvpn/certs/

Configuration files

Server

/etc/openvpn/proxy-vpn.conf:
----------------------------
# Networking
dev tun
ifconfig 10.200.0.1 10.200.0.2

# Security
secret /etc/openvpn/certs/static.key

Client

/etc/openvpn/proxy-vpn.conf:
----------------------------
# Server
remote <server IP address>

# Networking
dev tun
ifconfig 10.200.0.2 10.200.0.1

# Security
secret /etc/openvpn/certs/static.key

Point-to-point network

(server)_$: openvpn --config /etc/openvpn/proxy-vpn.conf

(client)_$: openvpn --config /etc/openvpn/proxy-vpn.conf

Check

At this point check once again that you can ping:

  • The client from the server
  • The server from the client