# References
# http://wiki.debian.org/HowTo/openvpn
# http://www.thebakershome.net/?q=node/56
# http://openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernet-bridging.html
# http://www.howtoforge.org/openvpn-server-on-centos-5.2 [big bugs!!]

#
# Prepare CA + keys for the server
#
cp -R /usr/share/doc/openvpn/easy-rsa/ /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0/
./clean-all
vim vars
source ./vars
./build-ca
./build-key-server server
./build-dh
openvpn --genkey --secret ta.key
cp keys/{ca.crt,ca.key,server.crt,server.key,ta.key,dh2048.pem} /etc/openvpn/

#
# OpenVPN.conf
#
cat <<EOF>/etc/openvpn/openvpn.conf
#local 82.244.57.183 
port 11194
proto udp
dev tun0
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.10.10.0/24 255.255.255.0
#push "dhcp-option DNS 10.10.10.1"
push "dhcp-option DNS 4.2.2.2"
push "dhcp-option DNS 4.2.2.3"
push "dhcp-option DNS 4.2.2.4"
#push "route 192.168.2.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
client-to-client
# AES encryption, for speed use blowfish: "BF-CB"
cipher AES-128-CBC
#duplicate-cn
max-clients 5
#tls-auth ta.key 0
#plugin /usr/lib/openvpn/openvpn-auth-pam.so login
EOF

#
# Start OpenVPN
#
/etc/init.d/openvpn start
update-rc.d openvpn defaults


#
# Client side: 1 key per client
#
./build-key cbn.vpn
cd keys/
zip cbn.vpn.zip ca.crt ta.key cbn.vpn.crt cbn.vpn.csr cbn.vpn.key

#
# in client.conf (LINUX)
#
client 
dev tun
proto udp 
remote grenet.org 11194
resolv-retry infinite 
nobind
persist-key 
persist-tun 
tls-client
ca ca.crt
cert user.crt
key user.key
ns-cert-type server
tls-auth ta.key 1
# Select a cryptographic cipher. 
# If the cipher option is used on the server 
# then you must also specify it here. 
cipher AES-128-CBC 
# Enable compression on the VPN link. 
comp-lzo 
#fragment large packets 
# I found I needed this for some games but it is 
# not required
#fragment 1400  
# enable user/pass authentication
auth-user-pass
# to route all the traffic through the VPN gateway...
push "redirect-gateway"

#
# in C:\Program Files\OpenVPN\config\client.ovpn (WINDOWS)
#
remote grenet.org 11194
ca ca.crt
cert user.crt
key user.key
# enable user/pass authentication
auth-user-pass
# for Vista or Seven, add the following directives
route-method exe 
route-delay 2
# to route all the traffic through the VPN gateway...
push "redirect-gateway"


# client.ovpn (v2)
client
dev tun0
remote 192.168.2.254 1194
ca ca.crt
cert cbn.vpn.crt
key cbn.vpn.key
ns-cert-type server
tls-auth ta.key 1
auth-user-pass
cipher AES-128-CBC
comp-lzo


### Vista / Seven ###
#route-method exe
#route-delay 2

### Routage ###
#push "redirect-gateway"