What is OpenVPN?

OpenVPN is a free and open source virtual private network (VPN) program for creating point-to-point or server-to-multiclient encrypted tunnels between host computers. It is capable of establishing direct links between computers across network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL).

Installing OpenVPN from Zypper Repository:

#zypper in openvpn lzo-devel zlib zlib-devel openssl-devel openvpn-auth-pam-plugin

Creating a OpenVPN Certificate

#cd /usr/share/openvpn/easy-rsa/2.0/
#. ./vars

NOTE:
If you run ./clean-all, I will be doing a rm -rf on /usr/share/openvpn/easy-rsa/2.0/keys

#./clean-all
#./build-ca

Generating a 1024 bit RSA private key
..................................++++++
......++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporatedinto your certificate request. What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:WA
Locality Name (eg, city) [SanFrancisco]:Seattle
Organization Name (eg, company) [Fort-Funston]:Wowtutorial
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) [Fort-Funston CA]:wowtutorial.org
Email Address [me@myhost.mydomain]:admin@wowtutorial.org

#./build-key-server wowtutorial.org

Generating a 1024 bit RSA private key
.........................................++++++
......++++++
writing new private key to 'wowtutorial.org.key'
-----
You are about to be asked to enter information that will be incorporatedinto your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:WA
Locality Name (eg, city) [SanFrancisco]:Seattle
Organization Name (eg, company) [Fort-Funston]:Wowtutorial
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) [wowtutorial.org]:
Email Address [me@myhost.mydomain]:admin@wowtutorial.org

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:
Using configuration from /usr/share/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'US'
stateOrProvinceName   :PRINTABLE:'WA'
localityName          :PRINTABLE:'Seattle'
organizationName      :PRINTABLE:'Wowtutorial'
organizationalUnitName:PRINTABLE:'IT'
commonName            :PRINTABLE:'wowtutorial.org'
emailAddress          :IA5STRING:'admin@wowtutorial.org'
Certificate is to be certified until Jan 12 02:37:21 2020 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

#./build-dh

Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
..........................................+........................................................................+........................................................+.................+.................................................+...+......+..........................................................................................................+................................................................................................+.........................+....................................+...............................................................................................................................................................................................................................+......++*++*++*

Copying OpenVPN CRT and KEY to /etc/openvpn

#cd keys/
#cp ca.crt dh1024.pem wowtutorial.org.key wowtutorial.org.crt /etc/openvpn/

Copying OpenVPN server.conf to /etc/openvpn

#cp /usr/share/doc/packages/openvpn/sample-config-files/server.conf /etc/openvpn/

Modify  /etc/openvpn/server.conf

#vi /etc/openvpn/server.conf

port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/wowtutorial.org.crt
key /etc/openvpn/wowtutorial.org.key
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#### make direct gateway and use google dns public server
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
max-clients 100
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
mute 20
### Enable OpenVPN to used PAM account system
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name

Natting and IP Forwarding Function

#iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 10.10.10.10
#echo '1' > /proc/sys/net/ipv4/ip_forward

NOTE :
10.10.10.10 is OpenVPN server interface

Starting daemon

#/etc/init.d/openvpn start

Create a OpenVPN login User

#yast
- Security and Users
- User and Group Management
- Press TAB to [Add user] and Press ENTER
- Input Username and Password. 

Example :
user : testing
pass : testing123

- Press TAB to [ OK ] and Press Enter
- Press F10 and Press F9 to quit from Yast screen
 
Note :
We will using user testing to connect to OpenVPN server then.
Please click this URL below for How To Open Connection from OpenVPN client to OpenVPN Server.