umgeher's changelog

OpenBSD - client OpenVPN

doc openbsd vpn openvpn

OpenVPN is a free and open-source virtual private network (VPN).

Install

Let’s install the openvpn client.

pkg_add openvpn

Settings

Config file

Assuming that you have an openvpn settings file, calling here as setup.ovpn.

cat setup.ovpn

client
proto tcp-client
remote 191.8.146.114 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_lBklUYL2BA98l9B3 name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-crypt>

ETC

Let’s create a directory to ours opvn files, as root:

mkdir -p /etc/openvpn

Store your opvn files in /etc/openvpn.

Manual

To connect use:

/usr/local/sbin/openvpn --config /etc/openvpn/setup.ovpn

If you need to provide a password, use --askpass flag.

/usr/local/sbin/openvpn --askpass --config /etc/openvpn/setup.ovpn

Daemon

Create a hostname file to your new network interface.

touch /etc/hostname.tun0

Edit the hostname.tun0 file.

up
!/usr/local/sbin/openvpn --daemon --config /etc/openvpn/setup.ovpn

Now you can setup your interface.

ifconfig tun0 up

/comments ~umgeher/changelog@lists.sr.ht?Subject=Re: OpenBSD - client OpenVPN

/permalink https://umgeher.org/posts/2022/09/openbsd-client-openvpn.html

Articles from blogs I follow around the net

Snap integration in Qubes OS templates

# Introduction Snap package format is interesting, while it used to have a bad reputation, I wanted to make my opinion about it. After reading its design and usage documentation, I find it quite good, and I have a good experience using some programs i…

via Solene'% 2024-10-19 00:00

Docker builds over SSH

Plan 9 clustering at home

via Xe Iaso's blog 2024-10-18 00:00

Restclient is dead… Now we have verb!

Recently I found an interesting mode in emacs to manage and run http requests! enjoy! heheh

via Lucas E M M. opinions 2024-10-16 15:26

Generated by openring