One file for configuration is always a good thing. We can pack everything needed for a openvpn client configuration in one single file, when using certificate authorization. If you use password authorization it is not possible, because the username and password must be in another file, but with certificate we can inline everything in one configuration file. Below is the template of such file:
client dev tun proto tcp comp-lzo verb 3 remote [IP] [PORT] resolv-retry infinite nobind persist-key persist-tun <ca> -----BEGIN CERTIFICATE----- [CA_CERTIFICATE] -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- [CLIENT_CERTIFICATE] -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- [CLIENT_KEY] -----END PRIVATE KEY----- </key> #uncomment to route these IP/Networks requested by the client #route [IP1] [MASK1] #route [IP2] [MASK2]
To get it working you should change the
- Remote IP and port – replace [IP] [PORT] with your IP and PORT of the openvpn server you use.
- copy everything between “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” from the certificate authority (CA) file and replace with [CA_CERTIFICATE]
- copy everything between “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” from the certificate file and replace with [CLIENT_CERTIFICATE]
- copy everything between “—–BEGIN PRIVATE KEY—–” and “—–END PRIVATE KEY—-” from the certificate file and replace with [CLIENT_KEY]
You can also uncomment the route lines to enable specific routes through the VPN, such routes are probably not included in the server configuration, but the user could add them, too.
Save the above file (best with extension .ovpn) and then import it in any openvpn client under Linux, Windows and Android. The file contains everything the openvpn client needs to establish a vpn connection