umgeher's changelog

OpenBSD - client OpenVPN

doc openbsd vpn openvpn

OpenVPN is a free and open-source virtual private network (VPN).

Install

Let’s install the openvpn client.

pkg_add openvpn

Settings

Config file

Assuming that you have an openvpn settings file, calling here as setup.ovpn.

cat setup.ovpn

client
proto tcp-client
remote 191.8.146.114 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_lBklUYL2BA98l9B3 name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-crypt>

ETC

Let’s create a directory to ours opvn files, as root:

mkdir -p /etc/openvpn

Store your opvn files in /etc/openvpn.

Manual

To connect use:

/usr/local/sbin/openvpn --config /etc/openvpn/setup.ovpn

If you need to provide a password, use --askpass flag.

/usr/local/sbin/openvpn --askpass --config /etc/openvpn/setup.ovpn

Daemon

Create a hostname file to your new network interface.

touch /etc/hostname.tun0

Edit the hostname.tun0 file.

up
!/usr/local/sbin/openvpn --daemon --config /etc/openvpn/setup.ovpn

Now you can setup your interface.

ifconfig tun0 up

/comments ~umgeher/changelog@lists.sr.ht?Subject=Re: OpenBSD - client OpenVPN

/permalink https://umgeher.org/posts/2022/09/openbsd-client-openvpn.html

Articles from blogs I follow around the net

Affording your AI chatbot friends

A talk on how to do AI for cheap.

via Xe Iaso's blog 2025-03-10 00:00

PDF bruteforce tool to recover locked files

# Introduction Today, I had to open a password protected PDF (medical report), unfortunately it is a few years old document and I did not remember the password format (usually something based on named and birthdate -_-). I found a nice tool that can try…

via Solene'% 2025-03-09 00:00

AI: Where in the Loop Should Humans Go?

This is a re-publishing of a blog post I originally wrote for work, but wanted on my own blog as well.AI is everywhere, and its impressive claims are leading to rapid adoption. At this stage, I’d qualify it as charismatic technology—someth…

via Ferd.ca 2025-03-07 11:00

Generated by openring