# OpenVPN Layer 2 Server\r
\r
-## Installing OpenVPN packages\r
+## Required packages\r
\r
-TODO\r
+* openvpn-openssl\r
+* openvpn-easy-rsa\r
+* luci-app-openvpn\r
\r
## Interface Setup\r
\r
\r
## Certificate and Key Setup Instructions\r
\r
-TODO\r
+N.B.: The LEDE community rejected easy-rsa on the grounds that it does\r
+not crease secure enough certs.[1] But it does seem to be, well, easy to\r
+use:\r
+\r
+```\r
+cd /etc/easy-rsa\r
+source vars\r
+clean-all\r
+build-ca\r
+build-dh\r
+build-key-server myvpn\r
+openvpn --genkey --secret /etc/easy-rsa/keys/ta.key\r
+```\r
\r
## Server configuration\r
\r
## Client setup information\r
\r
TODO\r
+\r
+## Footnotes\r
+\r
+[1] "OpenVPN Server",\r
+https://lede-project.org/docs/user-guide/openvpn.server?s[]=openvpn&s[]=server,\r
+retrieved 1 Jan 2017.\r