Many decisions had to be made as to which direction to go. The following subsections detail some of the paths I took to get to a working prototype. Please modify to suit your environment. Where appropriate I will make clarifying comments.
I looked at several live CD distributions and concluded that DSL would work best for the purposes at hand. I considered the following:
Ubuntu. This live CD expects a relatively high-end machine and has way more applications than would be useful to this project. Instead of trying to remove tons of applications and whittle it down I opted not to use this one. It could be a good choice though if you are trying to give people a full desktop PLUS access to an internal network.
PuppyLinux. This live CD looked really good, however I had trouble figuring out the SFS file system it uses for its root, and was able to get to instructions and tools on how to deal with the Knoppix compressed file system much more easily.
Knoppix. This live CD, like Ubuntu, was too top heavy for the specific purposes of this project.
Damn Small Linux. This live CD has a 50 MB footprint, will work on almost anything hardware-wise, and is what I chose to implement.
The choice of DSL means that we are relying on DSL's built in ability to automatically find, configure and attach to a network via DHCP. DSL's wireless support is very minimal and thus we do not support wireless at this time. The end user will need a machine that normally attachs to the Internet through DHCP from their provider and uses a normal wired network card to do so.
Fresh install of Ubuntu (http://www.ubuntu.com), EdUbuntu (http://www.edubuntu.org), xUbuntu (http://www.xubuntu.org), or kUbuntu (http://www.kubuntu.org)
Use Synaptic to add repositories (all available)
Install qemu, open-vpn and cloop-utils
Get an ISO (I recommend the dsl-3.0 ISO); hopefully I'll soon have one of my prototype CD images (sans VPN keys) available on the Internet for your downloading pleasure. Refer the Examples section - this ISO might be a good place for you to start.
Mount the ISO somewhere.
mount -t iso9660 -o loop dsl-3.0.iso /tmp/working.iso
Unpack openvpn*.deb to the root file system after chroot.
Make sure all the proper libraries were copied to the proper place.
Go to the other root terminal on the main system and copy any libraries from the main system to the vpn-tree
Make the tun node: mknod /dev/net/tun c 10 200
Remove the loading of the DSL business card graphic by editing the vpn-cd-tree/boot/isolinux/boot.msg file and removing "^Xlogo.16"
Cause it not to wait for boot options by editing vpn-cd-tree/boot/isolinux/isolinux.cfg and changing the line that says "PROMPT 1" to "PROMPT 0"
Edit the file vpn-tree/etc/skel/.xinitrc to reflect what we wish to happen on the desktop. Remove code to load icons onto desktop; remove code to make the windows see through; add code to establish VPN connection; add code to load rdesktop and make connection to correct machine.
Edit the display screen for boot.
copy vpn-cd-tree/boot/isolinux/minirt24.gz to /tmp
mount -o loop minirt24 /mnt
edit /etc/linuxrc to display text indicating Institution's name (you would put whatever is appropriate for your institution here) instead of "DSL"
copy minirt24.gz over to vpn-cd-tree/boot/isolinux/minirt24.gz
Follow instructions on making cert and keys for the server.
You will need to enter several pieces of information that are covered in the openVPN HOWTO.
Remember to create a password-protected key for the client.
Set all the configuration as desired.
For each client you will need to
make a password-protected key using the certificate
place the certificate, and client key (only) in the vpn-tree/etc/openvpn/keys directory
adjust the vpn-tree/etc/openvpn/openvpn.cfg file to have the proper key files indicated (see the server configuration file in the Samples section)
adjust the added routes in the vpn-tree/opt/bootlocal.sh
adjust the vpn-tree/etc/skel/.xinitrc to point to the correct rdesktop IP.
Rebuild the CD.
Test in the emulator.
Once it works correctly, either burn the ISO or make a qemu Windows emulator version by placing the .ISO in the win-qemu-yourvpn-cd directory and building that .ISO (don't forget to burn it afterwards).