Install OpenVPN Client

apt update
apt install openvpn

cp "${CONFIG_OVPN}" "/etc/openvpn/client_${REMOTE_NAME}.conf"
systemctl enable "openvpn@client_${REMOTE_NAME}"
systemctl start "openvpn@client_${REMOTE_NAME}"

Generate Certificate (on Server)

You'll probably also want to do the following things:

  • Connect the client
  • systemctl status openvpn@server
  • echo "${CLIENT_NAME},${CLIENT_IP}" >> /etc/openvpn/ipp.txt
  • Setup /etc/openvpn/ccd/${CLIENT_NAME}
#!/bin/bash -eu

# this setup requires user input, and should be done once per client...
if [ $# -lt 1 ]; then
        {
                echo "usage:"
                echo "    ${0} [client_name]"
        } >&2
        exit 1
fi

SERVER_FQDN="vpn.me.com"
CLIENT_NAME="${1}"; shift

cd /etc/openvpn/easy-rsa/

. vars
./build-key "${CLIENT_NAME}"

# see:
#   /usr/share/doc/openvpn/examples/sample-config-files/client.conf
#   openvpn(8)
cat >"./keys/${CLIENT_NAME}.ovpn" <<EOF
client
dev tun
proto tcp
remote ${SERVER_FQDN} 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
comp-lzo
verb 3
user nobody
group nogroup
<ca>
$(cat "./keys/ca.crt")
</ca>
<cert>
$(cat "./keys/${CLIENT_NAME}.crt")
</cert>
<key>
$(cat "./keys/${CLIENT_NAME}.key")
</key>
EOF

Check Status

systemctl status 'openvpn@client_*'