OpenVPN is one of open source implementation of Virtual Private Network available.
In this article we will discuss about how to install OpenVPN on FreeBSD 8.3.
Installing OpenVPN is as easy as installing any FreeBSD ports.
cd /usr/ports/security/openvpn make install clean
Once installed, OpenVPN will store its ocnfigurations on /usr/local/share/doc/openvpn.
Make a directory /usr/local/etc/openvpn and copy all configuration files from /usr/local/share/doc/openvpn to this new directory.
mkdir /usr/local/etc/openvpn cp /usr/local/share/doc/openvpn/sample-config/files/server.conf /usr/local/etc/openvpn cp -a /usr/local/share/doc/openvpn/easy-rsa /usr/local/etc/openvpn
Creating RSA Key
OpenVPN is a tunneling network. Our connection made to OpenVPN through encrypted channel. Therefore, to enable OpenVPN we should create keys. In this section we will discuss about how to do it.
A good news is, we don’t have to create the key from scratch. OpenVPN has made a script to automatically create it for us. Now invoke following to do preparation:
chmod 0755 /usr/local/etc/openvpn/easy-rsa/2.0/* cd /usr/local/etc/openvpn/easy-rsa/2.0 sh echo 'export KEY_COUNTRY="ID"' >> vars echo 'export KEY_PROVINCE="JB"' >> vars echo 'export KEY_CITY="BANDUNG"' >> vars echo 'export KEY_ORG="Celestial Being"' >> vars echo 'export KEY_EMAIL="firstname.lastname@example.org"' >> vars
Now we create the certificate ca.crt
. ./vars ./clean-all ./build-ca
And then build the server.key
Next the client.key
Build DH parameters with 2014 bit long
Copy the Keys to a special purposed directory for storing keys.
mkdir /usr/local/etc/openvpn/keys cp /usr/local/etc/openvpn/easy-rsa/2.0/keys/* /usr/local/etc/openvpn/keys ./clean-all
After creating the keys, we will proceed to configuring the OpenVPN server. The file we must edit is /usr/local/etc/openvpn/server.conf. Here is sample configuration we can applied to our server:
port 1194 proto udp dev tap ca /usr/local/etc/openvpn/keys/ca.crt cert /usr/local/etc/openvpn/keys/server.crt key /usr/local/etc/openvpn/keys/server.key # This file should be kept secret dh /usr/local/etc/openvpn/keys/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway" push "dhcp-option DNS 18.104.22.168" keepalive 10 120 comp-lzo persist-key persist-tun status /var/log/openvpn-status.log
Autostart on Boot
To run OpenVPN automatically at boot time, we can edit /etc/rc.conf write following:
gateway_enable="YES" openvpn_enable="YES" openvpn_configfile="/usr/local/etc/openvpn/server.conf" openvpn_if="tap"
Enabling IP Forwarding
IP Forwarding is needed to forward IP packet which received by servers to corresponding client inside VPN.
Starting OpenVPN Server
Last part, we should start the OpenVPN by:
And that’s it. You now have OpenVPN on your network