Client setup for OpenVPN on Raspbian

In my previous post I explained how to setup an OpenVPN server on Raspbian (April 2018 release) on any model Raspberry Pi. Here’s how to setup the client certificates that you can import in your OpenVPN client app on your desktop or mobile. All these commands are to be entered in the console as root user.

cd /etc/openvpn/certs
source ./vars
./build-key client
mkdir /etc/openvpn/client
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/client/client.ovpn

Edit the client configuration file client.ovpn and make sure the options as shown below are set.

nano /etc/openvpn/client/client.ovpn

client
proto udp
dev tun
persist-key
persist-tun
nobind
:user openvpn
:group openvpn
remote-cert-tls server
auth SHA512
verb 3
ca ca.crt
cert client1.crt
key client1.key
tls-crypt ta.key
comp-lzo
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA

tar cJf /etc/openvpn/client/client.tar.xz -C /etc/openvpn/certs/keys ca.crt client.crt client.key ta.key -C /etc/openvpn/client/ client.ovpn

You should now have a zipped file called client.tar.xz in the directory /etc/openvpn/client. This is the file you need to download or copy using a flash USB drive or whatever means, and import it on the device that has the OpenVPN app and from where you want to connect to your OpenVPN server.