I've successfully set up and openVPN (server) many-to-one (clients-to-gateway) vpn topology on an openBSD 4.3 pf firewall/gateway machine. Just sharing the config files here for anyone interested. Hope it helps someone, someday.
Code:
root@gw:/etc/ovpn # pg /etc/hostname.tun0
inet 169.254.235.1 255.255.255.252 169.254.235.2
!/sbin/route add 169.254.235.0/24 169.254.235.1
#
Code:
# /etc/ovpn/server.ovpn
# ---
tls-server
mode server
ifconfig-nowarn
ifconfig-pool 169.254.235.10 169.254.235.20
# ---
ca /etc/ovpn/keys/ca.cert.pem
dh /etc/ovpn/dh2048.pem
cert /etc/ovpn/keys/vpn.mydomain.ca.pem
key /etc/ovpn/keys/vpn.mydomain.ca.key
tls-auth /etc/ovpn/keys/tls-auth.key 0
max-clients 8
client-to-client
local vpn.mydomain.ca.
port 1194
proto udp
dev tun0
mssfix
tun-mtu 1500
daemon openvpn1194
push "redirect-gateway def1"
keepalive 30 120
ping-timer-rem
persist-tun
persist-key
tls-cipher DHE-RSA-AES256-SHA # the key-exchange is 256-bit protected
cipher AES-128-CBC # the data stream is sufficiently protected @ 128-bit
; cipher AES-128-OFB # better cipher for use with streaming traffic e.g. sip
user _openvpn # per openbsd package, use "nobody" otherwise
group _openvpn # per openbsd package, use "nobody" otherwise
writepid /var/run/openvpn1194.pid
log /var/log/openvpn.log
status /var/log/openvpn-status.log
verb 4
mute 5