1. add the following to your sources.list

deb http://www.backports.org/debian/ woody openvpn 

1. Install OpenVPN

apt-get install openvpn

1. Make the easy-rsa tools accessible.

cd /etc/openvpn
mkdir keys
cd keys
ln -s /usr/share/doc/openvpn/examples/easy-rsa/ easy-rsa
zcat easy-rsa/openssl.cnf.gz > /root/.openssl.cnf

1. Change KEY_DIR to /etc/openvpn/keys
2. Change KEY_CONFIG to $HOME/.openssl.cnf
3. Change KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL to your desied parameters.

vi easy-rsa/vars

# Edit this variable to point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=$HOME/.openssl.cnf

# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR=/etc/openvpn/keys

# Increase this to 2048 if you
# are paranoid.  If you do increase,
# make sure you build OpenVPN with
# pthread support, so you don't incur
# any performance penalty.
export KEY_SIZE=1024

# These are the default values for fields
# which will be placed in the certificate.
export KEY_COUNTRY=US
export KEY_PROVINCE=NC
export KEY_CITY=Durham
export KEY_ORG="RaschNet"
export KEY_EMAIL="rasch@example.com"

fox:/etc/openvpn/keys# . easy-rsa/vars # load vars

fox:/etc/openvpn/keys# easy-rsa/build-ca
Using configuration from /root/.openssl.cnf
Generating a 1024 bit RSA private key
.............................++++++
........++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [NC]:
Locality Name (eg, city) [DURHAM]:
Organization Name (eg, company) [RaschNet]:
Organizational Unit Name (eg, section) []: RaschNet
Common Name (eg, your name or your server's hostname) []: hogwarts.raschnet.com
Email Address [rasch@raschnet.com]:

hermione:/etc/openvpn/keys# easy-rsa/build-key server
Using configuration from /root/easy-rsa/openssl.cnf
Generating a 1024 bit RSA private key
.....++++++
.....++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [NC]:
Locality Name (eg, city) [DURHAM]:
Organization Name (eg, company) [RaschNet]:
Organizational Unit Name (eg, section) []:RaschNet
Common Name (eg, your name or your server's hostname) []:hogwarts.example.com
Email Address [rasch@example.com]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /root/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subjects Distinguished Name is as follows
countryName           :PRINTABLE:'US'
stateOrProvinceName   :PRINTABLE:'NC'
localityName          :PRINTABLE:'DURHAM'
organizationName      :PRINTABLE:'RaschNet'
organizationalUnitName:PRINTABLE:'RaschNet'
commonName            :PRINTABLE:'hogwarts.example.com'
emailAddress          :IA5STRING:'rasch@example.com'
Certificate is to be certified until Nov 14 12:02:55 2014 GMT (3650 days)
Sign the certificate? [y/n]:y