DaemonForums  

Go Back   DaemonForums > Miscellaneous > Guides

Guides All Guides and HOWTO's.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 23rd May 2008
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Thanked 9 Times in 8 Posts
Default openVPN 2.1_rc7 (server) on openBSD 4.3 config examples

I've successfully set up and openVPN (server) many-to-one (clients-to-gateway) vpn topology on an openBSD 4.3 pf firewall/gateway machine. Just sharing the config files here for anyone interested. Hope it helps someone, someday.

Code:
root@gw:/etc/ovpn # pg /etc/hostname.tun0
inet 169.254.235.1 255.255.255.252 169.254.235.2
!/sbin/route add 169.254.235.0/24 169.254.235.1
#
Code:
# /etc/ovpn/server.ovpn
# ---
tls-server
mode server
ifconfig-nowarn
ifconfig-pool 169.254.235.10 169.254.235.20
# ---
ca /etc/ovpn/keys/ca.cert.pem
dh /etc/ovpn/dh2048.pem
cert /etc/ovpn/keys/vpn.mydomain.ca.pem
key /etc/ovpn/keys/vpn.mydomain.ca.key
tls-auth /etc/ovpn/keys/tls-auth.key 0
max-clients 8

client-to-client
local vpn.mydomain.ca.
port 1194
proto udp
dev tun0
mssfix
tun-mtu 1500
daemon openvpn1194

push "redirect-gateway def1"

keepalive 30 120
ping-timer-rem
persist-tun
persist-key

tls-cipher DHE-RSA-AES256-SHA   # the key-exchange is 256-bit protected
cipher AES-128-CBC   # the data stream is sufficiently protected @ 128-bit
; cipher AES-128-OFB  # better cipher for use with streaming traffic e.g. sip

user _openvpn   # per openbsd package, use "nobody" otherwise
group _openvpn   # per openbsd package, use "nobody" otherwise

writepid /var/run/openvpn1194.pid
log    /var/log/openvpn.log
status /var/log/openvpn-status.log
verb 4
mute 5
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.

Last edited by s2scott; 23rd May 2008 at 06:18 PM. Reason: Fix-up to user and group stmts
Reply With Quote
  #2   (View Single Post)  
Old 23rd May 2008
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Thanked 9 Times in 8 Posts
Default

Code:
root@gw:/etc/ovpn # pg /etc/hostname.tun0
inet 169.254.235.1 255.255.255.252 169.254.235.2
!/sbin/route add 169.254.235.0/24 169.254.235.1
#
used in place of...

Code:
root@gw:pg /etc/ovpn/server.ovpn
ifconfig 169.254.235.1 169.254.235.2
route 169.254.235.0/24 169.254.235.1
#
I haven't drilled into it, but the openVPN uid _openvpn doesn't appear to have authority to effect the tun0 ifconfig nor the route add. By letting it happen through the hostname.tun0, it "just works."

Perhaps someone knows a better fix. It may be related to the fact that I mimicked -- likely imperfectly -- the _openvpn uid/gid framwork of openvpn 2.0.n package install.

/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote
  #3   (View Single Post)  
Old 23rd May 2008
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Thanked 9 Times in 8 Posts
Default

I stand humbly before you folks, hat in hand and one hole in my foot...

In my server.ovpn config, I had ...

Incorrect...
Code:
user nobody
group nobody
Correct, per the "official" openbsd openvpn 2.0.n packages,...
Code:
user _openvpn
group _openvpn
/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
openvpn on openbsd problem.... michaelk OpenBSD Security 8 9th February 2011 04:49 AM
Caching-only DNS server on OpenBSD Oko OpenBSD General 1 13th September 2009 08:30 PM
openvpn 2.1_rc7 from ports (not packages) s2scott OpenBSD Packages and Ports 14 23rd May 2008 02:30 AM
setting up a proxy server in OpenBSD 4.3 jrake OpenBSD General 1 14th May 2008 06:43 PM


All times are GMT. The time now is 03:04 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick