Pages

Saturday, November 27, 2021

FreeBSD - OpenVPN

Client behind NAT establishing connection

file /etc/rc.conf

openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/client/client.conf"
gateway_enable="YES"

file /usr/local/etc/openvpn/client/client.conf

client
tls-client 
cipher AES-256-CBC
pull
dev tun
proto udp
remote 104.248.252.189 1194
nobind
user nobody
group nogroup
persist-key
persist-tun
key-direction 1
tls-auth /usr/local/etc/openvpn/client/ta.key 1
comp-lzo
verb 3
ca /usr/local/etc/openvpn/client/ca.crt
cert /usr/local/etc/openvpn/client/client.crt
key /usr/local/etc/openvpn/client/client.key
remote-cert-tls server

Server in cloud

file /etc/rc.conf

openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/server/server.conf" 
nginx_enable="YES"

file /usr/local/etc/openvpn/server/server.conf

port 1194
proto udp
dev tun
ca /usr/local/etc/openvpn/server/ca.crt
cert /usr/local/etc/openvpn/server/issued/server.crt
key /usr/local/etc/openvpn/server/private/server.key
dh /usr/local/etc/openvpn/server/dh.pem
topology subnet
server 172.16.166.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir /usr/local/etc/openvpn/server/ccd
route 192.168.4.0 255.255.255.0
route 192.168.7.0 255.255.255.0
route 192.168.9.0 255.255.255.0
keepalive 10 120
tls-auth /usr/local/etc/openvpn/server/ta.key 0 # This file is secret
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append  /var/log/openvpn/openvpn.log
verb 3

/usr/local/etc/openvpn/server/ccd/client

iroute 192.168.4.0 255.255.255.0
iroute 192.168.7.0 255.255.255.0
iroute 192.168.9.0 255.255.255.0

Sources:

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)