Category Archives: vpn

Installing OpenVPN on FreeBSD 8.3

OpenVPN is one of open source implementation of Virtual Private Network available.

In this article we will discuss about how to install OpenVPN on FreeBSD 8.3.

Installation

Installing OpenVPN is as easy as installing any FreeBSD ports.

cd /usr/ports/security/openvpn
make install clean

Once installed, OpenVPN will store its ocnfigurations on /usr/local/share/doc/openvpn.

Make a directory /usr/local/etc/openvpn and copy all configuration files from /usr/local/share/doc/openvpn to this new directory.

mkdir /usr/local/etc/openvpn
cp /usr/local/share/doc/openvpn/sample-config/files/server.conf /usr/local/etc/openvpn
cp -a /usr/local/share/doc/openvpn/easy-rsa /usr/local/etc/openvpn

Creating RSA Key

OpenVPN is a tunneling network. Our connection made to OpenVPN through encrypted channel. Therefore, to enable OpenVPN we should create keys. In this section we will discuss about how to do it.

A good news is, we don’t have to create the key from scratch. OpenVPN has made a script to automatically create it for us. Now invoke following to do preparation:

chmod 0755 /usr/local/etc/openvpn/easy-rsa/2.0/*
cd /usr/local/etc/openvpn/easy-rsa/2.0
sh
echo 'export KEY_COUNTRY="ID"' >> vars
echo 'export KEY_PROVINCE="JB"' >> vars
echo 'export KEY_CITY="BANDUNG"' >> vars
echo 'export KEY_ORG="Celestial Being"' >> vars
echo 'export KEY_EMAIL="xathrya@celestial-being.net"' >> vars

Now we create the certificate ca.crt

. ./vars
./clean-all
./build-ca

And then build the server.key

./build-key-server server

Next the client.key

./build-key client

Build DH parameters with 2014 bit long

./build-dh

Copy the Keys to a special purposed directory for storing keys.

mkdir /usr/local/etc/openvpn/keys
cp /usr/local/etc/openvpn/easy-rsa/2.0/keys/* /usr/local/etc/openvpn/keys
./clean-all

Configuring Server

After creating the keys, we will proceed to configuring the OpenVPN server. The file we must edit is /usr/local/etc/openvpn/server.conf. Here is sample configuration we can applied to our server:

port 1194
proto udp
dev tap
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/server.crt
key /usr/local/etc/openvpn/keys/server.key # This file should be kept secret
dh /usr/local/etc/openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log

Autostart on Boot

To run OpenVPN automatically at boot time, we can edit /etc/rc.conf write following:

gateway_enable="YES"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/server.conf"
openvpn_if="tap"

Enabling IP Forwarding

IP Forwarding is needed to forward IP packet which received by servers to corresponding client inside VPN.

sysctl net.inet.ip.forwarding=1

Starting OpenVPN Server

Last part, we should start the OpenVPN by:

/usr/local/etc/rc.d/openvpn start

And that’s it. You now have OpenVPN on your network

The post Installing OpenVPN on FreeBSD 8.3 appeared first on Xathrya.ID.

[Solved] TUN/TAP error :: cat: /dev/net/tun: No such file or directory

enable-tun-tap

Jika Anda mencoba untuk menggunakan program VPN seperti OpenVPN atau Hamachi pada VPS Anda, Anda mungkin akan menerima pesan error seperti ini:

Note: Cannot open TUN/TAP dev /dev/net/tun: Permission denied (errno=13)
Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Cannot open TUN/TAP dev /dev/tun0: No such file or directory (errno=2)

TUN / TAP perangkat tidak diatur secara default pada VPS Anda.

Dalam hal ini, silahkan TUN/TAP anda aktif atau tidak, Anda akan mendapatkan error seperti berikut

# cat /dev/net/tun cat: /dev/net/tun: No such file or directory

jika anda mengalami kendala tersebut, silahkan kontak penyedia VPS anda.
dalam hal ini saya sendiri penyedianya, hehehe :p

# mkdir -p /dev/net
# mknod /dev/net/tun c 10 200
# chmod 600 /dev/net/tun

* Jika Anda menerima pesan error cat: /dev/net/tun: File descriptor in bad state TUN/TAP anda siap digunakan.

* Jika Anda menerima pesan cat: /dev/net/tun: No such device kembali, berarti anda harus mengechek ulang TUN/TAP karena tidak berhasil dibuat.

Pastikan tun module telah sudah dimuat di hardware node anda

lsmod | grep tun

jika belum aktif, silahkan aktifkan menggunakan perintah

modprobe tun

jika anda ingin mengaktifkan TUN/TAP pada 1 kontainer VPS saja, caranya adalah

Note: misal CTID=101

vzctl set 101 --devnodes net/tun:rw --save
vzctl set 101 --devices c:10:200:rw --save
vzctl set 101 --capability net_admin:on --save
vzctl exec 101 mkdir -p /dev/net
vzctl exec 101 mknod /dev/net/tun c 10 200
vzctl exec 101 chmod 600 /dev/net/tun

Semoga bisa dimengerti dan membantu anda :)