Static key configuration is the easiest and shortest way to set up OpenVPN tunnel.
It is especially useful when you need to securely connect two distinct locations, but due to its simplicity I am using it here in conjunction with the Shoreline Firewall (Shorewall) to access protected network services – to be honest I am referring just to secure shell and several web services.
OpenVPN static key generation and distribution
Generate OpenVPN static key.
$ openvpn --genkey --secret emergency.key
Move it to the /etc/openvpn/ directory.
$ sudo mv emergency.key /etc/openvpn
Securely copy previously generated static key to the second machine, move it to the proper directory and ensure proper file permissions on both machines.
$ sudo chown root:root /etc/openvpn/emergency.key $ sudo chmod 600 /etc/openvpn/emergency.key
Point-to-point OpenVPN configuration
Server configuration (IP address over VPN: 10.10.10.1,
dev tun0 ifconfig 10.10.10.1 10.10.10.2 secret /etc/openvpn/emergency.key comp-lzo
Client configuration (IP address over VPN: 10.10.10.2,
dev tun0 ifconfig 10.10.10.2 10.10.10.1 secret /etc/openvpn/emergency.key comp-lzo
Now you need to adjust firewall configuration, start openvpn service, and make sure that it will start at boot.
/etc/defaults/openvpnfile as by default it is assumed to start all VPN configurations.
For more information read OpenVPN – Static Key Mini HOWTO.