Installing OpenVPN on FreeBSD 8.3

Home / Installing OpenVPN on FreeBSD 8.3

Installing OpenVPN on FreeBSD 8.3

December 5, 2015 | Article | No Comments

OpenVPN is one of open source implementation of Virtual Private Network available.

In this article we will discuss about how to install OpenVPN on FreeBSD 8.3.

Installation

Installing OpenVPN is as easy as installing any FreeBSD ports.

cd /usr/ports/security/openvpn
make install clean

Once installed, OpenVPN will store its ocnfigurations on /usr/local/share/doc/openvpn.

Make a directory /usr/local/etc/openvpn and copy all configuration files from /usr/local/share/doc/openvpn to this new directory.

mkdir /usr/local/etc/openvpn
cp /usr/local/share/doc/openvpn/sample-config/files/server.conf /usr/local/etc/openvpn
cp -a /usr/local/share/doc/openvpn/easy-rsa /usr/local/etc/openvpn

Creating RSA Key

OpenVPN is a tunneling network. Our connection made to OpenVPN through encrypted channel. Therefore, to enable OpenVPN we should create keys. In this section we will discuss about how to do it.

A good news is, we don’t have to create the key from scratch. OpenVPN has made a script to automatically create it for us. Now invoke following to do preparation:

chmod 0755 /usr/local/etc/openvpn/easy-rsa/2.0/*
cd /usr/local/etc/openvpn/easy-rsa/2.0
sh
echo 'export KEY_COUNTRY="ID"' >> vars
echo 'export KEY_PROVINCE="JB"' >> vars
echo 'export KEY_CITY="BANDUNG"' >> vars
echo 'export KEY_ORG="Celestial Being"' >> vars
echo 'export KEY_EMAIL="[email protected]"' >> vars

Now we create the certificate ca.crt

. ./vars
./clean-all
./build-ca

And then build the server.key

./build-key-server server

Next the client.key

./build-key client

Build DH parameters with 2014 bit long

./build-dh

Copy the Keys to a special purposed directory for storing keys.

mkdir /usr/local/etc/openvpn/keys
cp /usr/local/etc/openvpn/easy-rsa/2.0/keys/* /usr/local/etc/openvpn/keys
./clean-all

Configuring Server

After creating the keys, we will proceed to configuring the OpenVPN server. The file we must edit is /usr/local/etc/openvpn/server.conf. Here is sample configuration we can applied to our server:

port 1194
proto udp
dev tap
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/server.crt
key /usr/local/etc/openvpn/keys/server.key # This file should be kept secret
dh /usr/local/etc/openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log

Autostart on Boot

To run OpenVPN automatically at boot time, we can edit /etc/rc.conf write following:

gateway_enable="YES"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/server.conf"
openvpn_if="tap"

Enabling IP Forwarding

IP Forwarding is needed to forward IP packet which received by servers to corresponding client inside VPN.

sysctl net.inet.ip.forwarding=1

Starting OpenVPN Server

Last part, we should start the OpenVPN by:

/usr/local/etc/rc.d/openvpn start

And that’s it. You now have OpenVPN on your network

, ,

About Author

about author

xathrya

A man who is obsessed to low level technology.

Leave a Reply

Your email address will not be published. Required fields are marked *

Social media & sharing icons powered by UltimatelySocial