So you've got two boxes, separated by some kind of network that you're not in control of, and you'd like to encrypt traffic between them. You're not going to have multiple clients connecting to each other, just these two boxes.
As of OpenVPN 2, it's possible to configure the hosts in peer-to-peer mode, with static keying, meaning that the actual VPN setup is super easy:
- Install OpenVPN (>=2) on both boxes, the standard Wheezy version is fine.
- Generate a static key as follows:
openvpn --genkey --secret /path/to/somewhere/secret.key - Copy the secret key to both boxes over a secure channel (e.g SSH)
- Create /etc/openvpn/p2p.conf on both boxes as show in box1.vpn.cnf and box2.vpn.cnf below
- That's done, on Debian, you can just do /etc/init.d/openvpn start. Otherwise you can run
openvpn --config /etc/openvpn/p2p.confto get the verbose output.
Caveat: This has no forward secrecy, so if someone manages to get your key at some point, and has captured your traffic in the past, they can then use the key to decode past conversations.
Also consider using gvpe.