OpenVPN is a SSL VPN. As we know, VPN is a technique to connect two site likes leased line. It’s liked a kind of tunneling principle. This time, i would like to share my experience installing OpenVPN on FreeBSD. Thank you to Mas Rendo, Mas Adhy, Mas Artiko and other person that support me. This installation using key for a user whose want to connect using OpenVPN.
1. We install the OpenVPN software from ports
cd /usr/ports/security/openvpn
make install clean
2. We copy example configurations folder
cp /usr/local/share/doc/openvpn/ /usr/local/etc/openvpn/
cd /usr/local/etc/openvpn cp -R sample-config-files config-files/
3. Edit main configuration of OpenVPN ( server.conf )
cd config-files
vi server.conf
This is my server.conf
port 443
# TCP or UDP server?
proto tcp
dev tun
ca /usr/local/etc/openvpn/easy-rsa/keys/ca.crt
cert /usr/local/etc/openvpn/easy-rsa/keys/server.crt
key /usr/local/etc/openvpn/easy-rsa/keys/server.key # This file should be kept secret
dh /usr/local/etc/openvpn/easy-rsa/keys/dh1024.pem
server xxx.xxx.xxx.xxx 255.255.255.224 ( your server ip address )
ifconfig-pool-persist /var/log/ipp.txt
push “route remote_host 255.255.255.255 net_gateway”
push “route xxx.xxx.xxx.xxx 255.255.255.192″
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 3
4. create server and client key
cd /usr/local/etc/openvpn/easy-rsa
vi vars ( change export with setenv )
./vars
./clean-all
./build-ca
./build-key-server server (can change with another name)
./build-key-pass myname — key for us ( common name myname )
./build-dh
5. We have to run forwarding function on our server
sysctl net.inet.forwarding=1
6. Then run openvpn
openvpn /usr/local/etc/config-files/server.conf &
And then we put ca.crt, myname.crt and myname.key on client site to connect through openvpn.
Thank You
).
).
Nanta
