View Single Post
  #1   (View Single Post)  
Old 23rd May 2008
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default openVPN 2.1_rc7 (server) on openBSD 4.3 config examples

I've successfully set up and openVPN (server) many-to-one (clients-to-gateway) vpn topology on an openBSD 4.3 pf firewall/gateway machine. Just sharing the config files here for anyone interested. Hope it helps someone, someday.

Code:
root@gw:/etc/ovpn # pg /etc/hostname.tun0
inet 169.254.235.1 255.255.255.252 169.254.235.2
!/sbin/route add 169.254.235.0/24 169.254.235.1
#
Code:
# /etc/ovpn/server.ovpn
# ---
tls-server
mode server
ifconfig-nowarn
ifconfig-pool 169.254.235.10 169.254.235.20
# ---
ca /etc/ovpn/keys/ca.cert.pem
dh /etc/ovpn/dh2048.pem
cert /etc/ovpn/keys/vpn.mydomain.ca.pem
key /etc/ovpn/keys/vpn.mydomain.ca.key
tls-auth /etc/ovpn/keys/tls-auth.key 0
max-clients 8

client-to-client
local vpn.mydomain.ca.
port 1194
proto udp
dev tun0
mssfix
tun-mtu 1500
daemon openvpn1194

push "redirect-gateway def1"

keepalive 30 120
ping-timer-rem
persist-tun
persist-key

tls-cipher DHE-RSA-AES256-SHA   # the key-exchange is 256-bit protected
cipher AES-128-CBC   # the data stream is sufficiently protected @ 128-bit
; cipher AES-128-OFB  # better cipher for use with streaming traffic e.g. sip

user _openvpn   # per openbsd package, use "nobody" otherwise
group _openvpn   # per openbsd package, use "nobody" otherwise

writepid /var/run/openvpn1194.pid
log    /var/log/openvpn.log
status /var/log/openvpn-status.log
verb 4
mute 5
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.

Last edited by s2scott; 23rd May 2008 at 06:18 PM. Reason: Fix-up to user and group stmts
Reply With Quote