Those are the server and client configuration files for OpenVPN. They are stored in /etc/openvpn. You can name them anything you want as long as they end in .conf. (I have a server that manages multiple VPNs; each tunnel has a separate file in /etc/openvpn.)
Originally Posted by dkardell
The steps in that "how-to" I linked above are pretty straightforward. Here's a quick summary:
1) First generate a key that will be used on both machines to encrypt the traffic over the tunnel. OpenVPN provides a convenient method to do this with the command:
This will create the file /etc/openvpn/mykey. Place a copy of the key in the same location on both machines. Make sure the files are owned by root and use the same chmod command to limit their visibility to the root user.
sudo openvpn --genkey --secret /etc/openvpn/mykey
sudo chmod 600 /etc/openvpn/genkey
2) Install openvpn.
3) Create a file on the server, call it /etc/openvpn/something.conf, and put the commands I gave above for the server in that file. The port number is arbitrary; pick something between 1024 and 65535 that is not being used for anything else. Make sure your iptables ruleset opens this port. If you chose port 12345, you would include an iptables rule that reads:
sudo apt-get install openvpn
to allow incoming UDP traffic on port 12345. If the server is locked down, you probably need to add another rule to enable traffic over the tunnel like this:
iptables -A INPUT -p udp --dport 12345 -j ACCEPT
This allows all traffic to the "tun0" interface, which will be created when OpenVPN starts. Add this to the iptables rulesets on both machines.
iptables -A INPUT -i tun0 -j ACCEPT
The addresses in the ifconfig directive are also arbitrary. All my tunnels are numbered in the 10.1.1.0/24 subnet, but you could use any other private addressing space like 192.168/16. Just make sure the order of addresses is reversed in the client configuration file.
4) Install OpenVPN on the client and create an equivalent .conf file like the one above. Replace "myserver.example.com" in the "remote" directive with the actual name of your server.
5) Start OpenVPN on the server:
Look in /var/log/syslog for any errors.
sudo service openvpn start
6) Now start OpenVPN on the client and check the logs for errors.
7) Try pinging the private address on the other side of the tunnel. Does it work?
Adding OpenVPN won't interfere with SSH access; they operate on entirely separate ports and use different protocols. If you can SSH to the public IP of your server now, you should still be able to do so after starting OpenVPN.
I use Linode for my external virtual servers. One nice feature they offer is the ability to access a text-mode terminal session on the machine over the web so I can log in even if SSH doesn't work. Things like that make the $20/month it costs for a VM on Linode worth it.