As I’d forgotten how to create a new OpenVPN user, it’s not something I do every day, I thought I put here a reminder of the process used.
To get a private key and a signed public key the easiest way is to use the Easy-RSA program that came with openvpn. Change to the directory, set the variables and run the script like this:
$ cd /etc/openvpn/easy-rsa $ sudo source ./vars $ sudo ./build-key-pass [USERNAME]
This creates the necessary CSR and submits it and generates the key and certificate in
I then wrote a script than turns the key and certificate into a single .ovpn file I can just give to the user along with the key password.