# Example configuration for connecting roaming clients to dn42
Clients connect using certificates, and simply get attributed dn42 IPs in the order they connect. This is useful for roaming clients, where you don't really care which IP you have. Note that once a client has connected for the first time, it will keep the same IP on subsequent connections (option `ifconfig-pool-persist`).
## Server configuration
Replace `<PORT>` with the UDP port you want OpenVPN to listen to
```
mode server
tls-server
dh dh2048.pem
ca keys/ca.crt
cert keys/roaming-dn42.crt
key keys/roaming-dn42.key
client-config-dir /etc/openvpn/roaming
dev tun-roaming
persist-tun
#link-mtu
tun-mtu 1500
fragment 1300
mssfix
log /var/log/openvpn-dn42-roaming.log
status /var/log/openvpn-dn42-roaming-status.log 60
Use easy-rsa, it's easy to use. Below is a very short description, find a real tutorial if you don't know how it works.
Build the CA: `. vars`, `./build-ca`, then generate the server key: `./build-key-server roaming-dn42`.
Then, for each client, generate a private key and a certificate: ```./build-key myclient```. The Common Name is the only important information (it will be used to identify the client, for instance in the logs).