Edit /etc/openvpn/client.conf.
Change the remote server to your OpenVPN server:
remote my-server-1 1194
You can choose a dynamic DNS entry like:
remote foo.dyndns.org 1194
Uncomment "user" and "group". You also have to uncomment "nobind" on a OpenVPN server, if you need to start a client as well, to make the net behind the OpenVPN server visible to your clients.
Set the path and key names:
ca keys/ca.crt cert keys/vpn-client1.crt key keys/vpn-client1.key
Backup your OpenVPN package.
Add a new zone to
/etc/shorewall/zones:
vpn VPN Remote Subnet
Add the tun interface to
/etc/shorewall/interfaces:
vpn tun0
You can either open the traffic between the vpn zone and the local net completly with adding
loc vpn ACCEPT vpn loc ACCEPT
to /etc/shorewall/policy - or just add the
ports you want to open in
/etc/shorewall/rules.
As last step add your vpn to the shorewall tunnel defintions
(/etc/shorewall/tunnels)
generic:udp:1194 net 0.0.0.0/0
Note: This is very generic definition: Newer shorewall versions support openvpn as tunnel type. The gateway is defined as "0.0.0.0/0" to support an openserver with dynamic ip address.