# rough history from wilk - need to cleanup
apt-get install -y openvpn bridge-utils
cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/easy-rsa/
cd /etc/openvpn/easy-rsa
source vars
./clean-all
./build-dh
./pkitool --initca
./pkitool --server server
./pkitool client1
cd keys
openvpn --genkey --secret ta.key  ## Build a TLS key
cp server.crt server.key ca.crt dh1024.pem ta.key ../../
cd ../../

cat >/etc/openvpn/server.conf <<EOF
duplicate-cn
port 6081
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 172.16.28.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.0.0.0 255.255.255.224"
comp-lzo
persist-key
persist-tun
status openvpn-status.log
EOF
/etc/init.d/openvpn restart

echo Use the following ca for your client:
cat /etc/openvpn/ca.crt

echo
echo Use the following cert for your client
cat /etc/openvpn/easy-rsa/keys/client1.crt 
echo
echo Use the following key for your client
cat /etc/openvpn/easy-rsa/keys/client1.key 
echo
echo Use the following client config:
cat <<EOF
ca ca.crt
cert client.crt
key client.key
client
dev tun
proto tcp
remote 50.56.12.212 6081
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
EOF