You can follow my step-by-step tutorial below,

You need Tunnelier for this tutorial! Download it and install! I’m using CentOS 5 64bit for this tutorial..

first step is to make sure that tun/tap are enabled.

ls -al /dev/net/tun

if you see that the status is yellow then it’s mean has been enabled, so go to next step.

wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
rpm -Uvh rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
yum install openvpn

Then we will setup openvpn client from here..

cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0
chmod 755 *
source ./vars
./vars
./clean-all
./build-ca

you’ll be ordered to fill some question, you can fill with whatever you want, but i suggest you to only fill the common name only.
fill the common name with hostname: name.yourdomain.com
usually the character limit only 6 chars, so better you write down your hostname on notepad and copy/paste to the terminal.

./build-key-server server

you need to fill the form just like before, but now fill the common name with “server” (without quote)
please empty the challange pass, it will confuse you if you fill it because it will require you to double password.
fill all with Y.

./build-dh

now go to the openvpn directory!

cd /etc/openvpn

check what files exist on that directory.

ls

now edit the server.conf

vim server.conf

if you have no nano/vim text editor, so install it first!

yum install nano
yum install vim

edit the content of server.conf like below:

local YOUR.IP.PUT.HERE
port YOURPORT
proto udp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
#-ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 4.2.2.1"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3
;crl-verify /etc/openvpn/easy-rsa/2.0/keys/crl.pem

now start the openvpn service!

service openvpn start

Now enable ipforward and make a new rules for NAT iptables so you can browse the internet using your VPN

echo 1 > /proc/sys/net/ipv4/ip_forward

To enable NAT, make sure you using VPS or DS, if you using OpenVZ, here’s the command:

iptables -t nat -A POSTROUTING -s 1.2.3.0/24  -j SNAT --to YOUR.IP.PUT.HERE

and if you use DS or XEN, here’s the command:

iptables -t nat -A POSTROUTING -s 1.2.3.0/24 -o eth0 -j MASQUERADE

Now create the client certificate:

cd /etc/openvpn/easy-rsa/2.0
source ./vars
./vars
./build-key yourclientname

download the ca.crt and the client.crt also client.key on /etc/openvpn/easy-rsa/2.0/keys , use your SFTP and download them all, after that, put them to C:\Program Files\OpenVPN\config

If done, make the config ovpn for client,
create new file using notepad named yourclientname.ovpn and don’t forget to save as .ovpn
the content:

client
dev tun
proto udp
remote YOUR.IP.PUT.HERE YOURPORT
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
cert yourclientname.crt
key yourclientname.key
;auth-user-pass
comp-lzo
verb 3

don’t forget to put your IP with replacing the “YOUR.IP.PUT.HERE” with your IP!
put the file .ovpn to folder config like the ca.crt before, then running the openvpn gui
don’t forget to disconnect the SSH terminal first!

NOTE:
For Windows 7 client, go to C:\Program Files\OpenVPN\bin\
right click the openvpn-gui-1.0.3.exe, then choose “Run as Administrator”

credit to 2298, oiseng, oner, and paijrut for helping me out!