OpenBSD - client OpenVPN
OpenVPN is a free and open-source virtual private network (VPN).
Install
Let’s install the openvpn client.
pkg_add openvpn
Settings
Config file
Assuming that you have an openvpn settings file, calling here as setup.ovpn.
cat setup.ovpn
client
proto tcp-client
remote 191.8.146.114 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_lBklUYL2BA98l9B3 name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-crypt>
ETC
Let’s create a directory to ours opvn files, as root:
mkdir -p /etc/openvpn
Store your opvn files in /etc/openvpn.
Manual
To connect use:
/usr/local/sbin/openvpn --config /etc/openvpn/setup.ovpn
If you need to provide a password, use --askpass flag.
/usr/local/sbin/openvpn --askpass --config /etc/openvpn/setup.ovpn
Daemon
Create a hostname file to your new network interface.
touch /etc/hostname.tun0
Edit the hostname.tun0 file.
up
!/usr/local/sbin/openvpn --daemon --config /etc/openvpn/setup.ovpn
Now you can setup your interface.
ifconfig tun0 up
Articles from blogs I follow around the net
OpenBSD 7.7 Released
The OpenBSD project has announced OpenBSD 7.7, its 58th release. The new release contains a number of significant improvements, including but certainly not limited to: Multiple SMP improvements have been made. TCP output and TCP timers now run in parallel. Only TC…
via OpenBSD Journal 2025-04-27 18:30Running repl commands in cider (emacs)
Ok, I will admit.. this took a while. But I have found a nice way of doing this. What is this? Well, let’s say let’s say that you have a command to start your server in user namespace. With this cool feature, now you can run this with a emacs command (or s…
via Lucas E M M. opinions 2025-04-23 19:46Resistance from the tech sector
As of late, most of us have been reading the news with a sense of anxious trepidation. At least, those of us who read from a position of relative comfort and privilege. Many more read the news with fear. Some of us are already no longer in a position to read…
via Drew DeVault's blog 2025-04-20 00:00Generated by openring
/comments ~umgeher/changelog@lists.sr.ht?Subject=Re: OpenBSD - client OpenVPN
/permalink https://umgeher.org/posts/2022/09/openbsd-client-openvpn.html