OpenVPN is a SSL VPN. As we know, VPN is a technique to connect two site likes leased line. It’s liked a kind of tunneling principle. This time, i would like to share my experience installing OpenVPN on FreeBSD. Thank you to Mas Rendo, Mas Adhy, Mas Artiko and other person that support me. This installation using key for a user whose want to connect using OpenVPN.

1. We install the OpenVPN software from ports

cd /usr/ports/security/openvpn
make install clean

2. We copy example configurations folder

cp /usr/local/share/doc/openvpn/ /usr/local/etc/openvpn/

cd /usr/local/etc/openvpn cp -R sample-config-files config-files/

3. Edit main configuration of OpenVPN ( server.conf )

cd config-files

vi server.conf

This is my server.conf

port 443
# TCP or UDP server?
proto tcp
dev tun
ca /usr/local/etc/openvpn/easy-rsa/keys/ca.crt
cert /usr/local/etc/openvpn/easy-rsa/keys/server.crt
key /usr/local/etc/openvpn/easy-rsa/keys/server.key # This file should be kept secret
dh /usr/local/etc/openvpn/easy-rsa/keys/dh1024.pem
server xxx.xxx.xxx.xxx 255.255.255.224 ( your server ip address )
ifconfig-pool-persist /var/log/ipp.txt
push "route remote_host 255.255.255.255 net_gateway"
push "route xxx.xxx.xxx.xxx 255.255.255.192"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 3

4. create server and client key

cd /usr/local/etc/openvpn/easy-rsa
vi vars ( change export with setenv )
./vars
./clean-all
./build-ca
./build-key-server server (can change with another name)
./build-key-pass myname --- key for us ( common name myname )
./build-dh

5. We have to run forwarding function on our server

sysctl net.inet.forwarding=1

6. Then run openvpn

openvpn /usr/local/etc/config-files/server.conf &

And then we put ca.crt, myname.crt and myname.key on client site to connect through openvpn.

Thank You