I have used OpenVPN for a number of applications. From remote access while I travel to building a wide area network for a small business. OpenVPN has a number of applications. OpenVPN is also ported over to most operation systems including MAC and Windows.
This document will go over what I have done to install the server part of OpenVPN (2.0.6) on FreeBSD 6.x.
Installing from the Ports
# cd /usr/ports/security/openvpn # make install # make clean
Enable OpenVPN on startup
# echo openvpn_enable=\"YES\" >> /etc/rc.conf
Create the config file
There is a lot of ways to configure and setup OpenVPN depending on what you wish to do. Explaining the different configurations and setups is beyond this quick how-to. In this example I have just done a basic configuration for what I wanted (remote traveling clients). If you want an explanation of the configuration or other examples, please see the OpenVPN how-to documentation.
# mkdir -p /usr/local/etc/openvpn/keys
Create the file /usr/local/etc/openvpn/openvpn.conf with the following content:
# specify the device dev tun proto tcp port 1194 # server and client IP pools ( 0-63 / 26 ) server 192.168.1.0 255.255.255.192 ifconfig_pool_persist ipp.txt # Certificates for VPN Config ca /usr/local/etc/openvpn/keys/ca.crtcert /usr/local/etc/openvpn/keys/server.crt key /usr/local/etc/openvpn/keys/server.key dh /usr/local/etc/openvpn/keys/dh1024.pem # Routes to Push push "redirect-gateway" push "dhcp-option DNS 10.10.10.1" # Use Compressioncomp-lzo keepalive 20 240 max-clients 50 persist-tun persist-key # Run openvpn as a daemon group nobody daemon
Create the Certificates
# cd -r /usr/local/share/doc/openvpn/easy-rsa /usr/local/etc/openvpn/ # cd /usr/local/etc/openvpn/easy-rsa
Edit the vars file and change the following variables.
( Change them to what fits your organization. The examples are what fits mine)
KEY_DIR=/usr/local/etc/openvpn/keys KEY_COUNTRY=CA KEY_PROVINCE=Alberta KEY_CITY=Edmonton KEY_ORG=EPSB VPN KEY_EMAILfirstname.lastname@example.org
Now build the basic certificates
# . vars # ./clean-all # ./build-ca
Generate the certificate keys for the server
# ./build-key-server server
Generate the client certificates.
Each client will need their own private certificate to be installed on the client. This will build each of the client certificates. It needs to be repeated for each client yu will have access the system. I usually run the script with the clients username or something to be able to identify them in the future.
# ./build-key client1 # ./build-key client2 # ./build-key client3
Setting up the loggin on the server.
# echo "!openvpn" >> /etc/syslog.conf # echo "*.* /var/log/openvpn.log" >> /etc/syslog.conf # touch /var/log/openvpn.log # /etc/rc.d/syslogd restart