login
Search
Title : OpenVPN 2.0 in FreeBSD and Ubuntu
O/S : Linux / BSD
Distro : Kububtu / FreeBSD
Version : OpenVPN 2.0 Relesed
Home Network : 10.0.0.0/24
Office PC (Client) : 192.168.10.195
FreeBSD (OpenVPN server):
Install OpenVPN using ports.
root# cd /usr/ports/security/ root# make root# make install root# make clean
I still can find any openvpn 2.0 ports due to this is the second day openvpn 2.0 relese. I think after few days the ports for OpenVPN 2.0 will be avilable.
After install, We do some configuration. Including generate static key.
root# mkdir /usr/local/etc/openvpn root# openvpn --genkey --secret static.key root# cat openvpn.conf dev tun ifconfig 10.0.0.254 192.168.10.195 secret static.key daemon user nobody group nobody ## Set the appropriate level of log ## file verbosity. ## ## 0 is silent, except for fatal errors ## 4 is reasonable for general usage ## 5 and 6 can help to debug connection problems ## 9 is extremely verbose log /var/log/openvpn/openvpn.log verb 6
Start Stop file.
root# cat /usr/local/etc/rc.d/openvpn.sh
#! /bin/sh
case x$1 in
xstart)
/usr/local/sbin/openvpn --cd /usr/local/etc/openvpn --config openvpn.conf;;
xstop)
#echo -n ' if_tap' ;
killall -9 openvpn;;
*) echo >&2 "Usage: $0 {start|stop}"
esac
root# /usr/local/etc/rc.d/openvpn.sh start
Copy the secret file to Kubuntu.
root# scp /usr/local/etc/openvpn/secret.key user@client.kubuntu.computer:/etc/openvpn
Kubuntu (Client) :
root# apt-get install openvpn
Configure the OpenVPN.
root# cat /etc/openvpn/openvpn.conf remote open.vpn.server dev tun ifconfig 192.168.10.195 10.0.0.254 secret static.key daemon user nobody group nogroup ping 15 ping-restart 300 # 5 minutes resolv-retry 300 # 5 minutes persist-tun persist-key route 10.0.0.0 255.255.255.0 10.0.0.254 log /var/log/openvpn/openvpn.log verb 6
Start the party :
root# /etc/init.d/openvpn start
Just as simple as ABC !!
openvpn on freebsd
openvpn 2 on freebsd
i did the same thing as you, but i am interested in Bridged-Ethernet.
The scripts in the /usr/local/share/doc/openvpn/sample-scripts were all written for Linux. I don't know why the maker for the Freebsd port for openvpn didn't bother to change the scripts. For example, the bridge-start, bridge-stop scripts contain linux commands (brctl) not found in Freebsd.
A lot of ports in Freebsd are very poorly.
I thinkk port builders should either do a good and complete job of porting apps to Freebsd or don't do it at all.
Installing OpenVPN 2.0 on Freebsd 5.4 (Bridge Configuration)
For the benefit of newbies me trying to install OpenVPN 2.0
(Bridged_Ethernet) on Freebsd, here is how I installed OpenVPN 2.0
(bridging) on Freebsd 5.4.
(there may be some errors as I did this in a rush)
cd /usr/ports/security/openvpn
make
make install
Beware - the instructions and scripts in the port are all Linux-specific.
This is how my set up looks like:
vpn client : Windows XP, single machine connected directly to the Internet
with an external dynamic IP.
vpn server : Freebsd 5.4, a machine with 2 physical Ethernet interfaces -
one interface xl0 connected to the Internet with a static external IP
address (e.g. 206.216.131.8);
one interface de0 connected to the office LAN with an interal IP address
(192.168.55.146)
one tap0 interface bridged to the internal interface dc0.
My office LAN has a firewall/gateway (internal IP: 192.168.55.1, external
206.216.131.2).
206.216.131.8
192.168.55.146
XP Client <--------( Internet ) ------------------> xl0 VPN Server de0
<--------------------> Office LAN
|
|
----------------------> Firewall
<---------------------------------------------
206.216.131.2 192.168.55.1
Office Network : 192.168.55.0 / 24
Note that in Ethernet-Bridging VPN, your VPN network is the same as your
office LAN network
unlike 'routed' VPN. Read the Ethernet Bridge page on www.openvn.net.
Actually, there is a router with T1 connection to the Internet at the
office and the router has
ethernet ports to which x10 and the Firewall are connected. But this is
irrelevant to the VPN.
First I recompiled my kernel to include
device tap
options BRIDGE
Then I did this in /etc/sysctl.conf
net.link.ether.bridge.enable=1
net.link.ether.bridge.config=de0,tap0
and in my /etc/rc.conf, i enabled gateway
gateway_enable="YES"
to generate certs and keys (from openvpn how-to page)
cd /usr/local/share/doc/openvpn/easy-rsa
source ./vars
./clean-all
./build-ca
./build-key-server server
./build-key client1
./build-key client2
./build-key client3
./build-dh
mkdir /usr/local/etc/openvpn
cp -Rp /usr/local/share/doc/openvpn/easy-rsa /usr/local/etc/openvpn
cp /usr/local/share/doc/openvpn/sample-scripts/server.conf
/usr/local/etc/openvpn
configured the server.conf file (see below).
copied the client1.key, client1.crt and ca.crt into the
c:\~\openvpn\config folder on the client PC.
And started openvpn
/usr/local/sbin/openvpn --daemon --config /usr/local/etc/openvpn/server.conf
Starting and configuring openvpn on my XP client PC was easy.
Here is my server configuration file
server.conf
port 1194
proto udp
dev tap
ca /usr/local/etc/openvpn/easy-rsa/keys/ca.crt
cert /usr/local/etc/openvpn/easy-rsa/keys/server.crt
key /usr/local/etc/openvpn/easy-rsa/keys/server.key
dh /usr/local/etc/openvpn/easy-rsa/keys/dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.55.146 255.255.255.0 192.168.55.230 192.168.55.254
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
My client.ovpn file
client
dev tap
proto udp
remote 206.216.131.8 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3
Good luck! OpenVPN is great!
Chee
CA