OpenVPN client configuration
Now we need to configure a client. The server setup above is configured to allow a client to connect as long as it has the proper certificate (the remote1.crt). This does not require a username or password, unless you chose to enter a password when creating the certificate. However, even if the server does not require a password, you can still choose to require a username and password to connect from your client, and this can be configured with or without a client certificate requirement.
The most secure of these methods would be to require a username and password in addition to the client certificate; we will detail the steps to do that later on. If you prefer to require usernames and passwords, you may want to read the steps near the end before continuing; it may save you some time.
For now, we'll configure a client to use only the client certificate.
On your client system, you will need to create an OpenVPN configuration file that you can then import into your VPN client. You can use a simple text editor. You should name it myvpn.ovpn or something similar, and make sure that the file is saved as plain text and the extension is .ovpn.
remote <your server's public IP address goes here>
port 10000
proto udp
dev tun
comp-lzo
client
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
verb 3
ca ./ca.crt
cert ./remote1.crt
key ./remote1.key
ping 10
ping-restart 60
Place this file and the ca.crt, remote1.crt, and remote1.key files in a new directory, perhaps called openvpn, under your Documents folder. Now that we have our OpenVPN config file, we need a VPN client that can put it to use.
Windows clients. For Windows systems, we'll use the OpenVPN Windows client. Install the client, and bring up the main window. Click the + sign next to Connection Profiles and click Local File, as we're going to import the configuration we just created and stored in the directory where our certificates and key live. Click Import, navigate to this directory (I named it openvpn), and select the myvpn.ovpn file. Give it a friendly name if you like, and check "Completely trust this profile." Click Save, then double-click the new connection profile. In a few seconds, you should be connected to your new VPN server.
Mac clients. For the Mac, you should download Tunnelblick, which is a very capable VPN client that supports OpenVPN. Install it, and you'll see a new icon in your menu bar that looks like a dark arch. Click that and select VPN Details. Click the + sign at the bottom left of the VPN Details window, followed by "I have configuration files," then "OpenVPN Configurations," then "Open Private Configurations Folder." A new Finder window will pop up showing the folder where our certificates and key live. Copy all of the files from the folder (I named it openvpn), including the certificates, key, and myvpn.ovpn file.
Now you can close the VPN Details window. Click the Tunnelblick icon in the upper right, and you should see your new VPN connection there. Select "Connect myvpn," and within a few seconds you should be connected.
