I have used OpenVPN for a number of applications. From remote access while I travel to building a wide area network for a small business. OpenVPN has a number of applications. OpenVPN is also ported over to most operation systems including MAC and Windows.
This document will go over what I have done to install the server part of OpenVPN (2.0.6) on FreeBSD 6.x.
Installing from the Ports
# cd /usr/ports/security/openvpn
# make install
# make clean
Enable OpenVPN on startup
# echo openvpn_enable=\"YES\" >> /etc/rc.conf
Create the config file
There is a lot of ways to configure and setup OpenVPN depending on what you wish to do. Explaining the different configurations and setups is beyond this quick how-to. In this example I have just done a basic configuration for what I wanted (remote traveling clients). If you want an explanation of the configuration or other examples, please see the OpenVPN how-to documentation.
# mkdir -p /usr/local/etc/openvpn/keys
Create the file /usr/local/etc/openvpn/openvpn.conf with the following content:
# specify the device
# server and client IP pools ( 0-63 / 26 )
server 192.168.1.0 255.255.255.192
# Certificates for VPN Config
ca /usr/local/etc/openvpn/keys/ca.crtcert /usr/local/etc/openvpn/keys/server.crt
# Routes to Push
push "dhcp-option DNS 10.10.10.1"
# Use Compressioncomp-lzo
keepalive 20 240
# Run openvpn as a daemon
Create the Certificates
# cd -r /usr/local/share/doc/openvpn/easy-rsa /usr/local/etc/openvpn/
# cd /usr/local/etc/openvpn/easy-rsa
Edit the vars file and change the following variables.
( Change them to what fits your organization. The examples are what fits mine)
Now build the basic certificates
# . vars
Generate the certificate keys for the server
# ./build-key-server server
Generate the client certificates.
Each client will need their own private certificate to be installed on the client. This will build each of the client certificates. It needs to be repeated for each client yu will have access the system. I usually run the script with the clients username or something to be able to identify them in the future.
# ./build-key client1
# ./build-key client2
# ./build-key client3
Setting up the loggin on the server.
# echo "!openvpn" >> /etc/syslog.conf
# echo "*.* /var/log/openvpn.log" >> /etc/syslog.conf
# touch /var/log/openvpn.log
# /etc/rc.d/syslogd restart