OpenBSD - client OpenVPN

2022-09-22 16:25

OpenVPN is a free and open-source virtual private network (VPN).

Install

Let’s install the openvpn client.

pkg_add openvpn

Settings

Config file

Assuming that you have an openvpn settings file, calling here as setup.ovpn.

cat setup.ovpn

client
proto tcp-client
remote 191.8.146.114 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_lBklUYL2BA98l9B3 name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-crypt>

ETC

Let’s create a directory to ours opvn files, as root:

mkdir -p /etc/openvpn

Store your opvn files in /etc/openvpn.

Manual

To connect use:

/usr/local/sbin/openvpn --config /etc/openvpn/setup.ovpn

If you need to provide a password, use --askpass flag.

/usr/local/sbin/openvpn --askpass --config /etc/openvpn/setup.ovpn

Daemon

Create a hostname file to your new network interface.

touch /etc/hostname.tun0

Edit the hostname.tun0 file.

up
!/usr/local/sbin/openvpn --daemon --config /etc/openvpn/setup.ovpn

Now you can setup your interface.

ifconfig tun0 up

/comments ~umgeher/changelog@lists.sr.ht?Subject=Re: OpenBSD - client OpenVPN

/permalink https://umgeher.org/posts/2022/09/openbsd-client-openvpn.html

Articles from blogs I follow around the net

OpenAI employees… are you okay?

You might have seen an article making the rounds this week, about a young man who ended his life after ChatGPT encouraged him to do so. The chat logs are really upsetting. Someone two degrees removed from me took their life a few weeks ago. A close friend rel…

via Drew DeVault's blog 2025-11-08 00:00

Reviews

Some things that I enjoy TV shows Breaking Bad Better call Saul Mr. Robot Boardgames Oath is really interesting <2025-11-06 Thu> My wife kindly gave me this new boadgame called Oath. It is a game in which the outcome of one game affect the next ones. Simila…

via Lucas E M M. comments 2025-11-06 18:47

In -current, chromium (and derivatives) gain VA-API support

Following the previous reverted attempt [see earlier report], Robert Nagy (robert@) committed VA-API [hardware-assisted video - see previous report] support to the chromium and ungoogled-chromium ports. The iridium port can be expected to follow on next update. Note t…

via OpenBSD Journal 2025-11-04 06:30

Generated by openring