¡Esta es una revisión vieja del documento!

---

Archivo server.conf

port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log         openvpn.log
log-append  openvpn.log
verb 3
explicit-exit-notify 0

Generando los certificados

make-cadir ca
cd ca
nano vars
source ./vars 
./build-ca 
./build-key-server server
./build-dh
openvpn --genkey --secret keys/ta.key
./build-key cliente1
ls -alhh keys/
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf
cd keys
cp ca.crt server.crt server.key ta.key dh2048.pem /etc/openvpn
tar -zcvvf cliente1.tar.gz ca.crt  cliente1.key cliente1.crt  ta.key

Archivo cliente1.ovn

client
dev tun
proto tcp
remote example.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
 
verb 3
;mute 20
 
ca [inline]
cert [inline]
key [inline]
tls-auth [inline] 1
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
 
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
 
-----END PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
 
-----END OpenVPN Static key V1-----
</tls-auth>

iptables -t nat -L
iptables -t nat -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
 
systemctl stop openvpn@server
systemctl start openvpn@server
systemctl enable openvpn@server

Referencias