VPN Mode (Layer 2 or Layer 3)
Layer 2 = Use TAP interface, bridge your LAN to VPN Client. VPN client will reside within the same VPN segment. LAN Broadcast will works in this mode. Considered legacy, only Windows vpn client support this method.
Layer 3 = Use TUN interface, VPN Client will be given a pool of ip address which is different from VPN segment. Better control and most of enterprise VPN deployment use this method.
Create VPN User
By default, OpenVPN Access Server use PAM authentication, to add new vpn client we can just simply add a new user to our LINUX server.
root@advanxer:~# useradd nas root@advanxer:~# passwd nas Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
If you checked “Allow Auto-login”, your vpn client will be automatically connect to vpn without entering any username/password, useful for automation.
Generate and download OpenVPN profile
Login to https://serverip and select “login”. Login option will allow you to download vpn profile, to connect to vpn server, select Connect.
Click on “Yourself (autologin profile) and keep the profile safely.
Connect to vpn server using CLI
Transfer the client profile to your box (in this example, to my OpenWRT router) via SCP. Your must have openvpn binary files installed prior to this.
root@OpenWrt:~# openvpn --config client.ovpn
If you received Initialization Sequence Completed, that’s mean the tunnel is up. You can verify using ifconfig and you will see new interface tun0 is there.
