diff --git a/files/openvpn/client.conf b/files/openvpn/client.conf
new file mode 100644
index 0000000000..d274e72acf
--- /dev/null
+++ b/files/openvpn/client.conf
@@ -0,0 +1,25 @@
+client
+
+dev tun
+
+proto udp
+
+# Specify multiple vpn servers here
+remote gateway
+remote bastion02
+
+resolv-retry infinite
+
+nobind
+
+persist-key
+persist-tun
+
+ca ca.crt
+cert client.crt
+key client.key
+
+comp-lzo
+
+#route 10.5.126.0 255.255.255.0
+keepalive 10 60
diff --git a/tasks/openvpn_client.yml b/tasks/openvpn_client.yml
new file mode 100644
index 0000000000..3ad2e6f04b
--- /dev/null
+++ b/tasks/openvpn_client.yml
@@ -0,0 +1,48 @@
+---
+# openvpn - ftw - or something
+- name: install openvpn
+  yum: name=openvpn state=installed
+  tags:
+  - packages
+
+- name: /etc/openvpn/ca.crt from  vpn/openvpn/keys/ca.crt
+  copy: src=$puppet_private/vpn/openvpn/keys/ca.crt dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root
+  tags:
+  - config
+  notify:
+  - restart openvpn
+
+- name: /etc/openvpn/crl.pem g/secure/vpn/openvpn/keys/crl.pem
+  copy: src=$puppet_private/vpn/openvpn/keys/crl.pem dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root
+  tags:
+  - config
+  notify:
+  - restart openvpn
+
+- name: /etc/openvpn/openvpn.conf
+  copy: src=$files/openvpn/client.conf dest=/etc/openvpn/openvpn.conf
+  tags:
+  - config
+  notify:
+  - restart openvpn
+
+- name: /etc/openvpn/client.crt
+  copy: src=$puppet_private/vpn/openvpn/keys/${inventory_hostname}.crt dest=/etc/openvpn/client.crt mode=0600 owner=root group=root
+  tags:
+  - config
+  notify:
+  - restart openvpn
+
+- name: /etc/openvpn/client.key
+  copy: src=$puppet_private/vpn/openvpn/keys/${inventory_hostname}.key dest=/etc/openvpn/client.key mode=0600 owner=root group=root
+  tags:
+  - config
+  notify:
+  - restart openvpn
+
+
+- name: enable openvpn service
+  service: name=openvpn state=running enabled=true
+  tags:
+  - service
+