FreeBSD and OpenVPN How-To

killall -HUP syslogd Now start OpenVPN:- /usr/local/etc/rc.d/openvpn.sh start Check /var/log/openvpn.log for errors, then check that the device has been created. Mine looks like this:- [achilles] ~# ifconfig tun0 tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 inet6 fe80::2d0:b7ff:fe49:b2bb%tun0 prefixlen 64 scopeid 0x5 inet 10.8.0.1 --> 10.8.0.2 netmask 0xffffffff Opened by PID 43878 Firewall Configuration Now we need to alter PF to handle the VPN, below are the relevant sections of my /etc/pf.conf file:- # VPN Interface vpn_if="tun0" # VPN Network vpn_network="10.8.0.0/24" # NAT the VPN connections (for access to the remote secure networks) nat on $ext_if from $vpn_network to any -> ($ext_if) # VPN connections inbound pass in on $ext_if proto udp from any to port 1194 keep state pass quick on $vpn_if Now restart PF and your 70-680 braindump server will be ready for connections Client setup First download and install the GUI version of the client, which can be found here:- http://www.openvpn.se Once this is installed you will need to copy the following files from your server /usr/local/etc/openvpn/keys directory to the Windows PC C:\Program Files\Openvpn\config directory (this should be done in as secure a manner as possible, i.e. USB Stick or floppy rather than email!!!):- ca.crt client1.crt client1.key NOTE: For the next client you will need to copy the client2.crt and client2.key files to prevent issues later. Create config file:- create a myvpn.ovpn file in mcts 70-562 C:\Program Files\Openvpn\config and insert the following:- client remote my.openvpn.server 1194 dev tun comp-lzo ca ca.crt cert client1.crt key client1.key # Set log file verbosity. verb 3 Turn off the firewall for the new Interface:- On Windows XP, the firewall can be accessed by Control Panel -> Security Center -> Windows Firewall -> Advanced. In the Network Connection Settings control, uncheck the box corresponding to the TAP-Win32 adapter. Now right-click the OpenVPN Icon in your Taskbar and click “connect”. Once connected try pinging the remote interface and check (using tracert) that the remote network is available. Use tcpdump on the server to check traffic too:- tcpdump -tt -i tun0 More Information:- OpenVPN website http://www.openvpn.net Disclaimer Please be aware that these “howtos” are generally a work in progress so please feel free to add 70-536 exam comments! Tags: freebsd, openvpn, pf, windows xp This entry was posted on Friday, May 23rd, 2008 at 6:44 pm and is filed under freebsd, openvpn. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

thanks for this post.

I think this may have been posted when the tutorials were down? In any case it's still around: http://www.section6.net/wiki/index.php/Setting_up_Routed_OpenVPN_in_FreeBSD Just make sure you have a decent powered machine for this one. I tried it on a soekris and was pretty disappointed with the results, though it worked ok otherwise.