OpenBSD - client OpenVPN
OpenVPN is a free and open-source virtual private network (VPN).
Install
Let’s install the openvpn client.
pkg_add openvpn
Settings
Config file
Assuming that you have an openvpn settings file, calling here as setup.ovpn.
cat setup.ovpn
client
proto tcp-client
remote 191.8.146.114 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_lBklUYL2BA98l9B3 name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-crypt>
ETC
Let’s create a directory to ours opvn files, as root:
mkdir -p /etc/openvpn
Store your opvn files in /etc/openvpn.
Manual
To connect use:
/usr/local/sbin/openvpn --config /etc/openvpn/setup.ovpn
If you need to provide a password, use --askpass flag.
/usr/local/sbin/openvpn --askpass --config /etc/openvpn/setup.ovpn
Daemon
Create a hostname file to your new network interface.
touch /etc/hostname.tun0
Edit the hostname.tun0 file.
up
!/usr/local/sbin/openvpn --daemon --config /etc/openvpn/setup.ovpn
Now you can setup your interface.
ifconfig tun0 up
Articles from blogs I follow around the net
Game of Trees 0.107 released
Version 0.107 of Game of Trees has been released (and the port updated): gotwebd.css styling tweaks hide ssh debug output during fetch/send -v, keep showing it at -vv and -vvv discern mixed-commit worktree diffs with commit ID headers gotwebd: avoid printf("…
via OpenBSD Journal 2024-12-30 03:57How to force a Linux device to boot from USB when the GPU is dead and you can't do it from the BIOS
tl;dr: use efibootmgr Let's say you have a Kingston DataTraveler with a Linux ISO on it and want to boot from it, but your GPU is broken or something and you can't view output. Here's what you do: List the potential boot …
via Xe Iaso's blog 2024-12-28 00:00Systemd journald cheatsheet
# Introduction This blog post is part of a series that will be about Systemd ecosystem, today's focus is on journaling. Systemd got a regrettable reputation since its arrival mid 2010. I think this is due to Systemd being radically different than t…
via Solene'% 2024-12-25 00:00Generated by openring
/comments ~umgeher/changelog@lists.sr.ht?Subject=Re: OpenBSD - client OpenVPN
/permalink https://umgeher.org/posts/2022/09/openbsd-client-openvpn.html