Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 165

The tun or tap device, see
the differences.
The following lines contain the relative or absolute path to the root server CA
certificate (ca), the root CA key (cert), the private server key (key) and the
Diffie Hellman parameters (dh). These were generated in
Certificates" (page 149).
Supplies a VPN subnet. The server can be reached by 10.8.0.1.
Records a mapping of clients and its virtual IP address in the given file. Useful
when the server goes down and (after the restart) the clients get their previously
assigned IP address.
For security reasons it is a good idea to run the OpenVPN daemon with reduced
privileges. For this reason the group and user nobody is used.
Several other configurations, see comment in the original configuration from
/usr/share/doc/packages/openvpn/sample-config-files.
After this configuration, you can see log messages from your OpenVPN server under
/var/log/openvpn.log. When you have started it for the first time, it should
finish it with:
... Initialization Sequence Completed
If you do not get this message, check the log carefully. Usually OpenVPN gives you
some hints what is wrong in your configuration file.
16.3.3 Configuring the Clients
The configuration file is mostly a summary from /usr/share/doc/packages/
openvpn/sample-config-files/client.conf without the comments and
with some small changes to some paths.
Section 16.1.2, "Tun and Tap Devices" (page 146) for
Section 16.3.1, "Creating
Configuring VPN Server 153