OpenVPN for FreeBSD
OpenVPN should be installed from the FreeBSD's ports system (see this link). Although a precompiled package is available on FreeBSD, it has not been build with the PW_SAVE option set. Without this option set, users are not able to save their credentials. This is especially important when OpenVPN should come up while the system starts up.
When saving passwords for OpenVPN, keep in mind that they are saved in plain text and that there is no hashing applied. This means that everybody having access to your machine, either physically or via the network, is able to read your user name and your password. We strongly advice to use at least an encrypted container to store your credentials. On FreeBSD, geli can be used for this purpose. In the FreeBSD handbook, there is a section about Encrypting Disk Partitions. Refer to subsection 19.16.2.
Change to the /usr/ports/security/openvpn directory and configure the OpenVPN package:
# cd /usr/ports/security/openvpn
# make config
Check the PW_SAFE option to be able to save your credentials. Then continue with building and installing the OpenVPN package:
# make install clean
Download the OpenVPN configuration file (*.ovpn) from the link given in your welcome email or via your active VPN package product details (or you can use our configuration files generator). Then rename it from .ovpn to .conf e.g. openvpn.conf and move it to a temporary location, e.g. /tmp. If you do not already have root privileges, switch to the root user. Now copy the downloaded file into OpenVPN's configuration directory:
# mv /tmp/openvpn.conf /usr/local/etc/openvpn.conf
Create the file /usr/local/etc/openvpn/openvpn.auth to store your proxy.sh credentials. It contains just two lines, one with your user name and the other one with your password.
Open the configuration file /usr/local/etc/openvpn/openvpn.conf. Point the parameter auth-user-pass to the newly created credentials file and save this change.
Finally, change the ownership and permissions of the OpenVPN configuration and credential files, so only root has read-only access to them.
# chown root:wheel /usr/local/etc/openvpn/openvpn.conf
# chown root:wheel /usr/local/etc/openvpn/openvpn.auth
# chmod 400 /usr/local/etc/openvpn/openvpn.conf
# chmod 400 /usr/local/etc/openvpn/openvpn.auth
OpenVPN will be started interactively from the command line so debug output gets written to your terminal.
# openvpn --config /usr/local/etc/openvpn/openvpn.conf
To initialize OpenVPN during system boot, you need to add some entries to /etc/rc.conf.
# cat >> /etc/rc.conf << EOF
Before rebooting, verify that OpenVPN's start-up script works correctly.
# /usr/local/etc/rc.d/openvpn start
Invoke ifconfig and netstat like you did it before and verify that the connection got established as expected. Then stop OpenVPN.
# /usr/local/etc/rc.d/openvpn stop
If starting and stopping OpenVPN via the start-up script worked well, the VPN connection will be available every time your machine is started.
You're all set. Enjoy!
NB: If you encounter difficulties to connect with OpenVPN, please try to connect to other servers or try alternative ports, especially more "discreet" ones such as TCP 443 or TCP 80. Please also make sure that the port you are connecting through is fully opened in your firewall/router/network. Below, you will find an aggregate of useful guides and articles that will help you troubleshoot your problems, should you have any.
I cannot find the .ovpn and .crt files necessary for OpenVPN. Where are they?
No matter how hard I try, I cannot succesfully connect to OpenVPN.
I can't access any website through my browser while connected to VPN.
I am connected to the VPN but my IP is not yet hidden. Help!
I am having some kind of other problem. Where can I find some help?
How can I find the local log files of my VPN client?
If you still cannot connect successfully, please open a support ticket and include either a copy of your logs or a screenshot of your configuration and encountered errors. Logs can usually be found in software menus or settings, as well as their directories of installation (.log or .txt files). If you do not include a log or a screenshot, it will be hard for us to help you resolve the issues you have with connecting to our network.
Related Knowledgebase Articles
CGIProxy (Web) for FreeBSD (Views: 951)
PPTP (VPN) for FreeBSD (Views: 1109)
L2TP (VPN) for FreeBSD (Views: 1242)