Benutzer-Werkzeuge

Webseiten-Werkzeuge


freebsd:openvpn

OpenVPN

Configure as client

Create a file /usr/local/etc/openvpn/idefix.ovpn:

client
dev tun
proto udp
remote <server-host> <port>
resolv-retry infinite
nobind
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/idefix.crt
key /usr/local/etc/openvpn/keys/idefix.key
comp-lzo
verb 1
mute 10

Copy the the keyfiles from the server to the client into the directory /usr/local/etc/openvpn/keys.

Edit /etc/rc.conf:

openvpn_enable="YES"  # YES or NO
openvpn_if="tun"      # driver(s) to load, set to "tun", "tap" or "tun tap"
openvpn_flags=""      # openvpn command line flags
openvpn_configfile="/usr/local/etc/openvpn/idefix.ovpn"      # --config file
openvpn_dir="/usr/local/etc/openvpn"                          # --cd directory

Start vpn connection now with /usr/local/etc/rc.d/openvpn start.

Check /var/log/messages for error etc.

Configure as Server

We store our keys on:

cd /usr/local/etc/openvpn/keys-server/

Configure config file to point to the folder /usr/local/etc/openvpn/keys-server/:

cp /usr/local/share/easy-rsa/vars .
vi vars (change at least line KEY_DIR)

Create the server keys with:

bash
cd /usr/local/share/easy-rsa
. /usr/local/etc/openvpn/keys-server/vars
./build-ca
./build-key-server server
./build-dh

Create client keys:

bash
cd /usr/local/share/easy-rsa
. /usr/local/etc/openvpn/keys-server/vars
./build-key client1
freebsd/openvpn.txt · Zuletzt geändert: 2014/03/26 15:13 von idefix