DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 28th May 2021
Mako_Elite Mako_Elite is offline
BSD_ROCKS
 
Join Date: Nov 2010
Posts: 75
Default Private VPN

Hello folks,
My new job requires lot of travel, airports and hotels with free unsecured WiFi. Is there a way to setup VPN on OpenBSD . I searched OpenBSD manual on VPN and I am not sure if it would works properly if I don't know what the other client is Windows, Linux, Mac, Android.
Any suggestion on this would be greatly appreciated.

I am running OpenBSD 6.9 on my Lenovo ThinkPad T530 (amazing combo)

thank you

Ludovit
Reply With Quote
  #2   (View Single Post)  
Old 28th May 2021
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

You may want to read about:
1. WireGuard man pages such as wg(4)
2. ./net/openvpn package
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
  #3   (View Single Post)  
Old 28th May 2021
Mako_Elite Mako_Elite is offline
BSD_ROCKS
 
Join Date: Nov 2010
Posts: 75
Default

Thanks e1-531g, I will look in to it when I get home.

Ludovit
Reply With Quote
  #4   (View Single Post)  
Old 28th May 2021
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I've previously used IPsec, but for the past year I've been using WireGuard, mentioned above. Easy to provision and easy to manage.
Reply With Quote
  #5   (View Single Post)  
Old 28th May 2021
Mako_Elite Mako_Elite is offline
BSD_ROCKS
 
Join Date: Nov 2010
Posts: 75
Default

Thanks jggimi,
I will setup WireGuard.

Ludovit
Reply With Quote
  #6   (View Single Post)  
Old 28th May 2021
JonTee JonTee is offline
New User
 
Join Date: May 2021
Posts: 4
Default

Agreed on WireGuard. Very easy to set up. I used to run IKEv2 using the details in the OpenBSD FAQ (https://www.openbsd.org/faq/faq17.html), but WireGuard is easier.
Reply With Quote
  #7   (View Single Post)  
Old 4th July 2021
Mako_Elite Mako_Elite is offline
BSD_ROCKS
 
Join Date: Nov 2010
Posts: 75
Default

I setup WireGuard on my server and my laptop. Server is connected with cable to Wi-Fi
router and laptop thru Wi-Fi card.
When VPN is activated and both sides shows handshake with wg0 , also can be pinged from both directions.
Problem is I loose internet connection on laptop. rtwn0 is wifi card that normally connect to internet, but thru wg0 is isolated. Maybe I need to connect from outside of my wifi network?

What I try to accomplish is to have safe VPN when I travel , airports , hotels etc. I am just trying to test it at home before I travel again.

Any help would be appreciated.

Ludovit
Reply With Quote
  #8   (View Single Post)  
Old 4th July 2021
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Originally Posted by Mako_Elite View Post
Problem is I loose internet connection on laptop.
Without more information, I can only guess that you have a routing problem. If this is your current topology:
Code:
{Internet} - [Router] --- [Server]
               |
              [Laptop]
You would typically have only a single route, a default route, through the router for any device not on your local subnet. To route to the Internet through the VPN, you would need to change your default route to the Server's WireGuard address. The logical topology would be:
Code:
{Internet} [Server] - [Laptop]
I have a script that is called from rc.local(5) which waits for my WiFi NIC to establish an IP connection. The script then adds default routes at low priority for IPv4 and IPv6 that use the WireGuard tunnel, and then it adds a very high priority specific route that reaches my WireGuard endpoint server through the "real" default route provided by the local DHCP server.
Reply With Quote
  #9   (View Single Post)  
Old 4th July 2021
Mako_Elite Mako_Elite is offline
BSD_ROCKS
 
Join Date: Nov 2010
Posts: 75
Default

Thanks jggimi,
Yes, that is my current topology as you mentioned. I will play with routing now.

Ludo
Reply With Quote
Old 27th July 2021
SimpL SimpL is offline
Port Guard
 
Join Date: Nov 2020
Location: On a cloud;)
Posts: 31
Default

Just my 5 cents.
I use openvpn.
Not to hard to install a server and easy to do a client config.
If you are looking for a cheap server there are multiple videos on how to do an openvpn server on a raspbery pi.
If you have a server at home you can connect to it easily or there are routers that can do openvpn, so its easiest if you have an openvpn capable router.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Remove ssh private prompt Funkygoby OpenBSD General 7 11th April 2018 07:16 PM
SSH private key gives attackers access to BIG-IP appliances J65nko News 0 13th June 2012 12:55 PM
HostV's virtual private servers go very private J65nko News 0 10th February 2010 05:17 AM
Importing private messages? BSDfan666 Feedback and Suggestions 2 2nd May 2008 09:22 PM


All times are GMT. The time now is 07:00 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick