I've decided to setup OpenVPN on my VPS to save me from having a lot of SSH tunnels to the VPS.

First thing I needed to do was to log into my VPS control panel (vePortal)  and enable "Tun/Tap" this will make the "/dev/net/tun" device visible inside OpenVZ. You may or may not need to do that.

Next thing was to add the RPMForge repo Download the rpm.

# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm">http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

Import the GPG key for the repo

# rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt

Check to see if the downloaded RPM is tampered with.

# rpm -K rpmforge-release-0.5.2-2.el5.rf.*.rpm

Install the RPM

# rpm -i rpmforge-release-0.5.2-2.el5.rf.*.rpm

Now you can install OpenVPN.

# yum install openvpn.x86_64

Now we need to configure the server.

Find where the easy-rsa files are located

# find / -name easy-rsa

That should return a full path to where the easy-rsa directory and tools are, we need to copy them to "/etc/openvpn"

# cp -R /usr/share/doc/openvpn-2.1.4/easy-rsa /etc/openvpn

Change into the following directory and edit the "vars" file

# cd /etc/openvpn/easy-rsa/2.0

Edit the vars file

# vim vars

You must change at last the following to match your setup :

export KEY_CITY=
export KEY_ORG=
export KEY_EMAIL=

Source the vars file :

# source ./vars

Clean any existing builds :

# ./clean-all

Build the CA :

# ./build-ca

Next we need to build the server keys :

# ./build-key-server server

Then we build the client key :

# ./build-key client

(you can call this what eve you want)

Lastly we build the Diffie Hellman key :

# ./build-dh

Lets relocate the keys we just made. Copy the following three files to your client "ca.crt client.crt client.key"

Copy the following server keys to "/etc/openvpn"

# cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn

Now we need to configure the server. Copy over a template.

# cp /usr/share/doc/openvpn-2.1.4/sample-config-files/server.conf /etc/openvpn/

This is what my config looks like, its very smilar to the example config.

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
ifconfig-pool-persist ipp.txt
keepalive 10 120
status openvpn-status.log
verb 3
tun-mtu 1500
mssfix 1400
cipher AES-128-CBC

Start the server

# /etc/init.d/openvpn start

Check /var/log/message , you should see "Initialization Sequence Completed" You also should now see a "tun0" interface under ifconfig

Set it to start on boot.

# chkconfig openvpn on