You don't want to start your OpenVPN server manually, but want it to start at boot, like any other service.
First, edit edit /etc/init.d/openvpn, and make sure this line points to your configuration directory:
CONFIG_DIR=/etc/openvpn
Then, make sure that you have only one configuration file in there. The startup file looks for files ending in .conf, and tries to start all of them. The newest versions of OpenVPN handle multiple tunnels, but for now, we'll run just one.
Debian creates startup files automatically, so Debian users can go to the next recipe.
On Fedora, run chkconfig --add
openvpn to create the startup files.
On Debian and Fedora systems, OpenVPN can be controlled with the
usual /etc/init.d/openvpn
start|stop|restart commands.
You probably don't want to set up most clients this way. For your intrepid Linux road warriors, create either a command-line alias or a nice deskstop icon to launch their OpenVPN tunnel. Create a command alias this way:
$ alias opensesame='openvpn /etc/openvpn/client3.conf'
Now, typing opensesame opens
a VPN session. To see your aliases, use alias
-p. Run unalias
alias name to delete individual
aliases.
Creating desktop icons depends on which desktop environment or window manager they use. In KDE, right-click the K Menu icon, and open the menu editor. Paste in the whole command; don't use aliases. In Gnome, use the nice new Alacarte menu editor.
Obviously, this presents some security concerns because anyone with access to the remote computer has access to your network. Laptops get stolen all the time; home computers are savaged by family members. There are a number of possible methods that aim to prevent the wrong people from logging in to your network. Using the build-key-pass script to create passphrase-protected keys adds a useful extra layer of security. You might consider requiring that all laptops use some form of disk encryption.
OpenVPN gives you one powerful tool for protection from mishaps—using PKI gives you the power to revoke certificates, which prevents the user from logging in at all. See the next recipe to learn how to do this.
man 8 openvpn
OpenVPN How-to: http://openvpn.net/howto.html
man 1 bash