How to install and configure OpenVPN client on OpenBSD

ADVERTISEMENTS



How to configure OpenVPN client on OpenBSD desktop

I have a file named openvpn.client.ovpn. How do I use this file to connect my OpenBSD based desktop to remote OpenVPN server and setup secure VPN? How do I configure OpenVPN client on OpenBSD Unix system?: OpenBSD is a free and open source operating system with a strong focus on security. OpenVPN is a free and open-source software application that implements virtual private network (VPN) techniques to create secure point-to-point or site-to-site connections. Th

You need to use the pkg_add command to install or update software packages on OpenBSD based system. The syntax is pretty simple:

pkg_add pkgNameHere

pkg_add -v pkgNameHere

Make sure /etc/installurl setup correctly. Here is a sample /etc/installurl displayed using the cat command:

$ cat /etc/installurl

https://cloudflare.cdn.openbsd.org/pub/OpenBSD

Install OpenVPN on OpenBSD

To install openvpn just type the following pkg_add command:

# pkg_add -v openvpn



OpenVPN client configuration on OpenBSD

I am assuming that you have a file named openbsd.ovpn. The format is as follows:

cat openbsd.ovpn

Sample outputs:

client dev tun proto tcp sndbuf 0 rcvbuf 0 remote 131 .x.y.z 443 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server cipher AES- 128 -CBC comp-lzo setenv opt block-outside-dns key-direction 1 verb 3 <ca> -----BEGIN CERTIFICATE---- ..... .. ... -----END CERTIFICATE------ </ca> <cert> Certificate: Data: Version: 3 ( 0x2 ) ..... .. ..-----END OpenVPN Static key V1----- </tls-auth> client dev tun proto tcp sndbuf 0 rcvbuf 0 remote 131.x.y.z 443 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server cipher AES-128-CBC comp-lzo setenv opt block-outside-dns key-direction 1 verb 3 <ca> -----BEGIN CERTIFICATE---- ..... .. ... -----END CERTIFICATE------ </ca> <cert> Certificate: Data: Version: 3 (0x2) ..... .. ..-----END OpenVPN Static key V1----- </tls-auth>

Install OpenVPN config file

Make a directory using the mkdir command:

# mkdir /etc/openvpn/

Copy openbsd.ovpn file from remote openvpn server using the openvpn command (see how to setup OpenVPN server on a Debian Linux or Ubuntu Linux) :

# scp vivek@openvpn-linode-box:~/.openvpn/openbsd.ovpn /etc/openvpn/

Create a file named /etc/hostname.tun0

Use a text editor such as vi command:

# vi /etc/hostname.tun0

Append the following config:

up !/ usr / local / sbin / openvpn --daemon --config / etc / openvpn / openbsd.ovpn up !/usr/local/sbin/openvpn --daemon --config /etc/openvpn/openbsd.ovpn

Save and close the file in vi/vim.

OpenVPN normally re-creates the tun/tap interface at startup. OpenVPN should be started from the hostname.tun0.

Running openvpn on OpenBSD

No need to reboot the desktop. You can bring VPN online using the following command:

# /usr/local/sbin/openvpn --daemon --config /etc/openvpn/openbsd.ovpn

Verification

Use the ifconfig command to see tun0 interface:

# ifconfig tun0



Get routing info:

# netstat -nr

# netstat -nr -f inet | more

Make sure you can ping the gateway using the ping command:

$ ping 10.8.0.1

$ ping google.com

#######################################################################

### your vpn server also act as a dns server to hide dns queries too ##

$ host cyberciti.biz 10.8.0.1

Finally find out your public IP address from the command line on OpenBSD using host command/dig command:

$ dig +short myip.opendns.com @resolver1.opendns.com

OR

$ host myip.opendns.com resolver1.opendns.com

Sample VPN server IP address:

"131.x.y.z"

Conclusion

And there you have it, OpenVPN client running suceesfully on OpenBSD desktop. For more info see this page here and here.

