OpenBSD - client OpenVPN
OpenVPN is a free and open-source virtual private network (VPN).
Install
Let’s install the openvpn client.
pkg_add openvpn
Settings
Config file
Assuming that you have an openvpn settings file, calling here as setup.ovpn.
cat setup.ovpn
client
proto tcp-client
remote 191.8.146.114 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_lBklUYL2BA98l9B3 name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-crypt>
ETC
Let’s create a directory to ours opvn files, as root:
mkdir -p /etc/openvpn
Store your opvn files in /etc/openvpn.
Manual
To connect use:
/usr/local/sbin/openvpn --config /etc/openvpn/setup.ovpn
If you need to provide a password, use --askpass
flag.
/usr/local/sbin/openvpn --askpass --config /etc/openvpn/setup.ovpn
Daemon
Create a hostname file to your new network interface.
touch /etc/hostname.tun0
Edit the hostname.tun0 file.
up
!/usr/local/sbin/openvpn --daemon --config /etc/openvpn/setup.ovpn
Now you can setup your interface.
ifconfig tun0 up
Articles from blogs I follow around the net
j2k25 - OpenBSD Hackathon Japan 2025 (rsadowski@)
Fresh from the just concluded j2k25 hackathon in Nara, Japan, Rafael Sadowski (rsadowski@) has published his report on his blog: Week 2: The j2k25 Japan Hackathon We arrived in Nara during the late afternoon. After checking into our hotel, goda@, my wife and I…
via OpenBSD Journal 2025-06-01 10:42How to trigger a command on Linux when disconnected from power
# Introduction After thinking about BusKill product that triggers a command once the USB cord disconnects, I have been thinking at a simple alternative. => https://www.buskill.in BusKill official project website When using a laptop connected to power …
via Solene'% 2025-05-31 00:00Improved (maybe) indenting on save
I realized that sometimes identing the whole buffer might not be the desired output. That because if the file is on different identation, your git commit might be hard to follow. Because of that I studied a bit emacs lisp and came up with similar idea. On …
via Lucas E M M. opinions 2025-05-30 11:30Generated by openring
/comments ~umgeher/changelog@lists.sr.ht?Subject=Re: OpenBSD - client OpenVPN
/permalink https://umgeher.org/posts/2022/09/openbsd-client-openvpn.html