To check client’s service status on the rig when you upload config and it’s not working
systemctl status openvpn@client
journalctl -u openvpn@client -e --no-pager -n 100
Just to give you a valid example of my working config
/etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert myservername.crt
key myservername.key
dh dh2048.pem
topology subnet
server 10.4.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
And the most important client.conf. It should go with certificates files.
client
dev tun
proto udp
remote mysupermegaserver.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
comp-lzo
verb 3
Please note that in config certificates should be named as in the example:
ca ca.crt
cert client.crt
key client.key
You can upload files with any names, but then will be renamed to ca.crt, client.crt, client.key. In this way you will have 1 config for all rigs.
Also you can embed your certificates into one file, to client.conf so you file will look like this
client
dev tun
proto udp
remote mysupermegaserver.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
comp-lzo
verb 3
#No need for file names, comment or delete them
#ca ca.crt
#cert client.crt
#key client.key
<ca>
-----BEGIN CERTIFICATE-----
***Paste CA Cert Text Here***
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
***Paste Your Cert Text Here***
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
***Paste Your Cert Private Key Here***
-----END PRIVATE KEY-----
</key>
Also if you want TLS Auth then you can embed that key in this way
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
...tls key...
-----END OpenVPN Static key V1-----
</tls-auth>
“auth-user-pass” is now supported also. So just put this option in client config and upload it with giving login and password in upload dialog.